Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Warning! Potential Spyware Operation!

Started by Escapee33 , Mar 29 2008 04:16 AM

  • This topic is locked This topic is locked
6 replies to this topic

#1 Escapee33

Escapee33

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 29 March 2008 - 04:16 AM

Hi Guys,

Please help!
I have a Windows XP machine that keeps popping up a Windows Security Alert with the following message:

Warning! Potential Spyware Operation!
Your computer is making unauthorised copies of your system and
Internet files. Run full scan now to prevent any unauthorised access
to your files! Click here to download spyware remover....


I have run Spyware Doctor and it reported the following:

Trojan-Downloader.Small.CML
Trojan-Generic
Application.NirCmd
There are also some others but they don't seem as serious as these...



I have attached the HJT report below...


Logfile of HijackThis v1.99.1
Scan saved at 9:06:22 PM, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-au\msnappau.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Utilities\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6DD04532-47C4-4861-BC05-002AEE4BAA4E} - C:\WINDOWS\system32\bmixvsdu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-au\msnappau.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvjuc.dll,startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Zuma\Images\stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Zuma\Images\armhelper.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: winetw32 - winetw32.dll (file missing)
O21 - SSODL: DrvBoot - {5c720961-604f-4f31-bf7d-5318a324d169} - C:\WINDOWS\Installer\{5c720961-604f-4f31-bf7d-5318a324d169}\DrvBoot.dll
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    Advertisements

Register to Remove

#2 Blade81

Blade81

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,065 posts
  • Interests:Floorball, football, music, computers..
  • MVP

Posted 04 April 2008 - 03:20 AM

Hi


1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 ASAP & UNITE member since 2006

#3 Escapee33

Escapee33

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 05 April 2008 - 01:26 AM

Thanks for the info.
I followed the steps outlined and the process took about 15 minutes or so (after I realised I hadn't stopped all the spyware and virus applications running in the background so ComboFix could run without interuptions that is..... oops).



Anyway here is the ComboFix log:

ComboFix 08-03-26.3 - Administrator 2008-04-04 22:16:16.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.342 [GMT 10:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Script messages for sUBs --
C:\WINNT\system32\CF23371.exe /S /D /c" ( GSAR -F -s:x1A -r 2>nul | SED -r "s/\x00//g; s/http:/\nhxxp:/g;s/.:\\/\n&/g;" | ( SED -r "/^hxxp:\/\/.*\//!d; s/(.{7}[[:alnum:].]*).*/\1/; $s/.*/&\n/" | GREP -Fivf BitsStr ) )"
C:\WINNT\system32\CF23371.exe /S /D /c" type "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr?.dat" 2>nul"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINNT\hosts
C:\WINNT\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 22:16 . 08-04-04 22:16 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_268.dat
2008-04-04 21:59 . 08-04-04 21:59 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_30c.dat
2008-04-04 21:55 . 08-04-04 21:55 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_35c.dat
2008-04-04 15:22 . 08-04-04 15:22 0 --a------ C:\WINNT\BBCAUTO.INI
2008-04-01 14:01 . 08-04-04 22:20 42 d-a------ C:\WINNT\.
2008-04-01 14:01 . 08-04-01 16:28 38 --a------ C:\WINNT\
2008-04-01 13:58 . 08-04-01 13:58 38 --a------ C:\WINNT\@
2008-04-01 13:50 . 08-04-03 19:01 95,482 --a------ C:\WINNT\Run32A50.mch
2008-04-01 13:50 . 08-04-01 13:50 0 --a------ C:\WINNT\mfont.dat
2008-04-01 13:07 . 08-04-03 18:57 <DIR> d-------- C:\WINNT\A5W_DATA
2008-04-01 13:07 . 08-04-03 18:57 35 --a------ C:\WINNT\A5W.INI
2008-04-01 10:01 . 08-04-01 10:01 <DIR> d-------- C:\LearningLand
2008-04-01 10:00 . 08-04-01 10:00 <DIR> d-------- C:\WINNT\A4W_DATA
2008-04-01 10:00 . 08-04-01 10:00 35 --a------ C:\WINNT\A4W.INI
2008-04-01 08:56 . 08-04-01 08:56 <DIR> d-------- C:\Program Files\directx
2008-04-01 08:56 . 08-04-01 08:56 <DIR> d-------- C:\Program Files\BBC Multimedia
2008-04-01 08:56 . 00-05-17 18:59 198,640 --a------ C:\WINNT\system32\Mci32.ocx
2008-04-01 08:56 . 00-05-17 18:59 40,448 --a------ C:\WINNT\system32\REGOBJ.DLL
2008-03-31 08:59 . 08-03-31 08:59 97 --a------ C:\WINNT\CR.ini
2008-03-31 08:45 . 08-03-31 08:45 <DIR> d-------- C:\Program Files\Disney Interactive
2008-03-31 08:45 . 08-03-31 08:45 441 --a------ C:\WINNT\Disney.ini
2008-03-31 08:31 . 08-04-01 13:55 <DIR> d-------- C:\Program Files\Activision Value
2008-03-30 18:20 . 08-03-30 18:20 <DIR> d-------- C:\Program Files\THQ
2008-03-30 18:13 . 08-04-01 16:28 689 --a------ C:\WINNT\Sharktales.INI
2008-03-30 13:05 . 08-04-03 22:36 302,216 ---h----- C:\WINNT\ShellIconCache
2008-03-29 20:46 . 08-03-29 20:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 1.5
2008-03-29 18:30 . 08-03-29 19:16 <DIR> d-------- C:\VundoFix Backups
2008-03-29 18:12 . 08-04-04 22:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-29 18:10 . 07-12-10 13:53 81,288 --a------ C:\WINNT\system32\drivers\iksyssec.sys
2008-03-29 18:10 . 07-12-10 13:53 66,952 --a------ C:\WINNT\system32\drivers\iksysflt.sys
2008-03-29 18:10 . 08-02-01 11:55 42,376 --a------ C:\WINNT\system32\drivers\ikfilesec.sys
2008-03-29 18:10 . 07-12-10 13:53 29,576 --a------ C:\WINNT\system32\drivers\kcom.sys
2008-03-29 18:09 . 08-04-03 19:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-29 18:09 . 08-03-29 18:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-03-29 18:09 . 02-05-15 15:16 462,848 --a------ C:\WINNT\system32\msaatext.dll
2008-03-29 18:09 . 02-05-15 15:16 360,448 --a------ C:\WINNT\system32\oleacc.dll
2008-03-29 18:09 . 02-05-15 15:16 356,352 --a------ C:\WINNT\system32\oleaccrc.dll
2008-03-29 18:09 . 02-05-15 15:16 356,352 --a--c--- C:\WINNT\system32\dllcache\oleaccrc.dll
2008-03-28 17:06 . 08-03-28 17:06 <DIR> d-------- C:\WINNT\winsxs
2008-03-28 17:05 . 08-03-28 17:05 <DIR> d-------- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 12:08 2,739,712 ----a-w C:\WINNT\Internet Logs\xDB2F.tmp
2008-04-04 06:19 45,568 ----a-w C:\WINNT\Internet Logs\xDB2D.tmp
2008-04-04 06:19 2,706,432 ----a-w C:\WINNT\Internet Logs\xDB2E.tmp
2008-04-03 12:36 54,784 ----a-w C:\WINNT\Internet Logs\xDB2B.tmp
2008-04-03 12:36 2,708,480 ----a-w C:\WINNT\Internet Logs\xDB2C.tmp
2008-04-01 07:02 29,696 ----a-w C:\WINNT\Internet Logs\xDB2A.tmp
2008-04-01 04:19 31,232 ----a-w C:\WINNT\Internet Logs\xDB29.tmp
2008-04-01 04:05 75,264 ----a-w C:\WINNT\Internet Logs\xDB28.tmp
2008-03-31 22:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 00:12 33,280 ----a-w C:\WINNT\Internet Logs\xDB27.tmp
2008-03-30 22:59 69,632 ----a-w C:\WINNT\system32\Clifford Uninstall.exe
2008-03-30 22:58 --------- d-----w C:\Program Files\Scholastic's Clifford
2008-03-30 22:38 28,672 ----a-w C:\WINNT\Internet Logs\xDB26.tmp
2008-03-30 12:39 45,568 ----a-w C:\WINNT\Internet Logs\xDB25.tmp
2008-03-29 11:47 479,232 ----a-w C:\WINNT\Internet Logs\xDB24.tmp
2008-03-29 10:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-29 10:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-27 10:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-03-15 08:46 --------- d-----w C:\Program Files\LimeWire
2008-03-03 07:28 --------- d-----w C:\Program Files\Scholastic
2008-02-27 12:51 225,792 ----a-w C:\WINNT\Internet Logs\xDB23.tmp
2008-02-21 07:26 33,792 ----a-w C:\WINNT\Internet Logs\xDB22.tmp
2008-02-20 12:00 228,352 ----a-w C:\WINNT\Internet Logs\xDB20.tmp
2008-02-20 12:00 2,474,496 ----a-w C:\WINNT\Internet Logs\xDB21.tmp
2008-02-01 11:42 39,424 ----a-w C:\WINNT\Internet Logs\xDB1E.tmp
2008-02-01 11:42 2,448,896 ----a-w C:\WINNT\Internet Logs\xDB1F.tmp
2008-01-30 11:34 108,032 ----a-w C:\WINNT\Internet Logs\xDB1D.tmp
2008-01-27 01:03 88,064 ----a-w C:\WINNT\Internet Logs\xDB1C.tmp
2008-01-24 09:13 176,128 ----a-w C:\WINNT\Internet Logs\xDB1B.tmp
2008-01-19 11:19 12,632 ----a-w C:\WINNT\system32\lsdelete.exe
2008-01-14 11:32 2,376,192 ----a-w C:\WINNT\Internet Logs\xDB1A.tmp
2008-01-14 11:32 147,456 ----a-w C:\WINNT\Internet Logs\xDB17.tmp
2008-01-09 11:40 272,384 ----a-w C:\WINNT\Internet Logs\xDB16.tmp
2007-12-27 10:34 67,072 ----a-w C:\WINNT\Internet Logs\xDB15.tmp
2007-12-25 05:18 69,632 ----a-w C:\WINNT\Internet Logs\xDB13.tmp
2007-12-22 07:51 106,027 ----a-w C:\WINNT\Internet Logs\vsmon_2nd_2007_12_22_18_45_59_small.dmp.zip
2007-12-22 07:46 2,305,024 ----a-w C:\WINNT\Internet Logs\xDB19.tmp
2007-12-22 07:46 16,896 ----a-w C:\WINNT\Internet Logs\xDB18.tmp
2007-12-22 07:37 104,918 ----a-w C:\WINNT\Internet Logs\vsmon_2nd_2007_12_22_18_18_30_small.dmp.zip
2007-12-22 07:18 91,136 ----a-w C:\WINNT\Internet Logs\xDB12.tmp
2007-12-22 07:18 2,305,024 ----a-w C:\WINNT\Internet Logs\xDB14.tmp
2007-12-17 11:09 117,248 ----a-w C:\WINNT\Internet Logs\xDB11.tmp
2007-12-12 10:56 66,048 ----a-w C:\WINNT\Internet Logs\xDB10.tmp
2007-12-10 11:57 185,856 ----a-w C:\WINNT\Internet Logs\xDBF.tmp
2007-12-02 01:12 123,392 ----a-w C:\WINNT\Internet Logs\xDBE.tmp
2007-11-27 10:40 65,536 ----a-w C:\WINNT\Internet Logs\xDBD.tmp
2007-11-25 07:00 199,680 ----a-w C:\WINNT\Internet Logs\xDBC.tmp
2007-11-17 12:10 193,024 ----a-w C:\WINNT\Internet Logs\xDBB.tmp
2007-11-07 12:03 25,600 ----a-w C:\WINNT\Internet Logs\xDBA.tmp
2007-11-06 11:26 172,032 ----a-w C:\WINNT\Internet Logs\xDB9.tmp
2007-10-29 10:24 307,200 ----a-w C:\WINNT\Internet Logs\xDB8.tmp
2007-10-24 01:40 2,091,008 ----a-w C:\WINNT\Internet Logs\xDB7.tmp
2007-10-18 08:59 49,664 ----a-w C:\WINNT\Internet Logs\xDB6.tmp
2007-10-17 09:00 637,440 ----a-w C:\WINNT\Internet Logs\xDB5.tmp
2007-10-08 11:39 741,376 ----a-w C:\WINNT\Internet Logs\xDB4.tmp
2007-09-29 23:44 93,184 ----a-w C:\WINNT\Internet Logs\xDB3.tmp
2007-09-27 12:24 1,490,944 ----a-w C:\WINNT\Internet Logs\tvDebug.zip
2007-09-25 13:07 1,360,384 ----a-w C:\WINNT\Internet Logs\xDB2.tmp
2007-09-04 05:11 1,687,040 ----a-w C:\WINNT\Internet Logs\xDB1.tmp
2007-08-11 02:41 242,907 ----a-w C:\Documents and Settings\Steve & Kay\setup.exe
2005-12-08 01:42 271 ---h--w C:\Program Files\desktop.ini
2005-12-08 01:42 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 04:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
2007-08-15 22:33 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-08-15 22:33 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-08-15 22:33 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-07 14:00 20752 C:\WINNT\system32\internat.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-20 05:05 111376 C:\WINNT\system32\mobsync.exe]
"NeroCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 19:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-05-25 21:29 77824]
"Cliprex_WhenUSave_Installer"="C:\Program Files\Cliprex_WhenUSave_Installer\Cliprex_WhenUSave_Installer.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [05-06-06 22:46 57344]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [05-10-02 22:05 980736]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [06-11-22 11:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [07-02-06 09:52 849280]
"SysTrayFind"="C:\WINNT\SysTrayFind.exe" [02-09-04 11:27 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-07 14:00 20752 C:\WINNT\system32\internat.exe]

C:\Documents and Settings\Steve & Kay\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-12-23 15:58:41 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-23 09:30:00 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcyvu]
fcyvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljheb]
ljheb.dll

R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS [00-05-27 03:37 ]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [99-10-23 22:22 ]
S2 ServiceHost;Service Hosts;"C:\WINNT\shost.exe" []
S2 wservtime;Windows Time Sync;"C:\WINNT\csrss.exe" []
S3 TFBULK;Topfield USB client driver;C:\WINNT\system32\drivers\TfBulk.sys [03-02-26 14:09 ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints\D]
\Shell\AutoRun\command - D:\BBCAUTO.EXE

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 22:21:00
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-04-04 22:22:40
ComboFix-quarantined-files.txt 2008-04-04 12:21:48
Pre-Run: 3,023,409,152 bytes free
Post-Run: 3,011,227,648 bytes free



Regards,
Escapee33

#4 Blade81

Blade81

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,065 posts
  • Interests:Floorball, football, music, computers..
  • MVP

Posted 05 April 2008 - 10:43 AM

Hi


Open notepad and copy/paste the text in the quotebox below into it:

Driver::
ServiceHost
wservtime

Folder::
C:\VundoFix Backups

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cliprex_WhenUSave_Installer"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcyvu]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljheb]


Save this as
CFScript


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.





Download ATF (Atribune Temp File) Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file & a fresh hjt log in your next reply.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 ASAP & UNITE member since 2006

#5 Escapee33

Escapee33

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 06 April 2008 - 03:37 AM

OK, I did what you said and here's the log...


ComboFix 08-03-26.3 - Administrator 06/04/2008 9:25:01.3 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.375 [GMT 10:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\i9.exe.bad

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SERVICEHOST
-------\Legacy_WSERVTIME
-------\Service_ServiceHost
-------\Service_wservtime


((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.

2008-04-06 09:31 . 16,384 C:\WINNT\system32\Perflib_Perfdata_368.dat
2008-04-05 10:06 . 08-04-05 10:06 55,081 --a------ C:\WINNT\Aware40.mch
2008-04-04 15:22 . 08-04-04 15:22 0 --a------ C:\WINNT\BBCAUTO.INI
2008-04-01 14:01 . 08-04-06 09:31 42 d-a------ C:\WINNT\.
2008-04-01 14:01 . 08-04-06 09:31 38 d-a------ C:\WINNT\.
2008-04-01 13:58 . 08-04-01 13:58 38 --a------ C:\WINNT\@
2008-04-01 13:50 . 08-04-03 19:01 95,482 --a------ C:\WINNT\Run32A50.mch
2008-04-01 13:50 . 08-04-01 13:50 0 --a------ C:\WINNT\mfont.dat
2008-04-01 13:07 . 08-04-03 18:57 <DIR> d-------- C:\WINNT\A5W_DATA
2008-04-01 13:07 . 08-04-03 18:57 35 --a------ C:\WINNT\A5W.INI
2008-04-01 10:01 . 08-04-01 10:01 <DIR> d-------- C:\LearningLand
2008-04-01 10:00 . 08-04-05 09:23 <DIR> d-------- C:\WINNT\A4W_DATA
2008-04-01 10:00 . 08-04-05 09:23 35 --a------ C:\WINNT\A4W.INI
2008-04-01 08:56 . 08-04-01 08:56 <DIR> d-------- C:\Program Files\directx
2008-04-01 08:56 . 08-04-01 08:56 <DIR> d-------- C:\Program Files\BBC Multimedia
2008-04-01 08:56 . 00-05-17 18:59 198,640 --a------ C:\WINNT\system32\Mci32.ocx
2008-03-31 08:59 . 08-03-31 08:59 97 --a------ C:\WINNT\CR.ini
2008-03-31 08:45 . 08-03-31 08:45 <DIR> d-------- C:\Program Files\Disney Interactive
2008-03-31 08:45 . 08-03-31 08:45 441 --a------ C:\WINNT\Disney.ini
2008-03-31 08:31 . 08-04-01 13:55 <DIR> d-------- C:\Program Files\Activision Value
2008-03-30 18:20 . 08-03-30 18:20 <DIR> d-------- C:\Program Files\THQ
2008-03-30 18:13 . 08-04-01 16:28 689 --a------ C:\WINNT\Sharktales.INI
2008-03-30 13:05 . 08-04-05 09:06 694,090 ---h----- C:\WINNT\ShellIconCache
2008-03-29 20:46 . 08-03-29 20:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 1.5
2008-03-29 18:12 . 08-04-06 09:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-29 18:10 . 07-12-10 13:53 81,288 --a------ C:\WINNT\system32\drivers\iksyssec.sys
2008-03-29 18:10 . 07-12-10 13:53 66,952 --a------ C:\WINNT\system32\drivers\iksysflt.sys
2008-03-29 18:10 . 08-02-01 11:55 42,376 --a------ C:\WINNT\system32\drivers\ikfilesec.sys
2008-03-29 18:10 . 07-12-10 13:53 29,576 --a------ C:\WINNT\system32\drivers\kcom.sys
2008-03-29 18:09 . 08-04-03 19:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-29 18:09 . 08-03-29 18:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-03-29 18:09 . 02-05-15 15:16 462,848 --a------ C:\WINNT\system32\msaatext.dll
2008-03-29 18:09 . 02-05-15 15:16 360,448 --a------ C:\WINNT\system32\oleacc.dll
2008-03-29 18:09 . 02-05-15 15:16 356,352 --a------ C:\WINNT\system32\oleaccrc.dll
2008-03-29 18:09 . 02-05-15 15:16 356,352 --a--c--- C:\WINNT\system32\dllcache\oleaccrc.dll
2008-03-28 17:06 . 08-03-28 17:06 <DIR> d-------- C:\WINNT\winsxs
2008-03-28 17:05 . 08-03-28 17:05 <DIR> d-------- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 12:50 --------- d-----w C:\Program Files\S.M.A.R.T. AUS 1000
2008-04-04 12:32 154,112 ----a-w C:\WINNT\Internet Logs\xDB30.tmp
2008-04-04 12:08 2,739,712 ----a-w C:\WINNT\Internet Logs\xDB2F.tmp
2008-04-04 06:19 45,568 ----a-w C:\WINNT\Internet Logs\xDB2D.tmp
2008-04-04 06:19 2,706,432 ----a-w C:\WINNT\Internet Logs\xDB2E.tmp
2008-04-03 12:36 54,784 ----a-w C:\WINNT\Internet Logs\xDB2B.tmp
2008-04-03 12:36 2,708,480 ----a-w C:\WINNT\Internet Logs\xDB2C.tmp
2008-04-01 07:02 29,696 ----a-w C:\WINNT\Internet Logs\xDB2A.tmp
2008-04-01 04:19 31,232 ----a-w C:\WINNT\Internet Logs\xDB29.tmp
2008-04-01 04:05 75,264 ----a-w C:\WINNT\Internet Logs\xDB28.tmp
2008-03-31 22:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 00:12 33,280 ----a-w C:\WINNT\Internet Logs\xDB27.tmp
2008-03-30 22:58 --------- d-----w C:\Program Files\Scholastic's Clifford
2008-03-30 22:38 28,672 ----a-w C:\WINNT\Internet Logs\xDB26.tmp
2008-03-30 12:39 45,568 ----a-w C:\WINNT\Internet Logs\xDB25.tmp
2008-03-29 11:47 479,232 ----a-w C:\WINNT\Internet Logs\xDB24.tmp
2008-03-29 10:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-29 10:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-27 10:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-03-15 08:46 --------- d-----w C:\Program Files\LimeWire
2008-03-03 07:28 --------- d-----w C:\Program Files\Scholastic
2008-02-27 12:51 225,792 ----a-w C:\WINNT\Internet Logs\xDB23.tmp
2008-02-21 07:26 33,792 ----a-w C:\WINNT\Internet Logs\xDB22.tmp
2008-02-20 12:00 228,352 ----a-w C:\WINNT\Internet Logs\xDB20.tmp
2008-02-20 12:00 2,474,496 ----a-w C:\WINNT\Internet Logs\xDB21.tmp
2008-02-01 11:42 39,424 ----a-w C:\WINNT\Internet Logs\xDB1E.tmp
2008-02-01 11:42 2,448,896 ----a-w C:\WINNT\Internet Logs\xDB1F.tmp
2008-01-30 11:34 108,032 ----a-w C:\WINNT\Internet Logs\xDB1D.tmp
2008-01-27 01:03 88,064 ----a-w C:\WINNT\Internet Logs\xDB1C.tmp
2008-01-24 09:13 176,128 ----a-w C:\WINNT\Internet Logs\xDB1B.tmp
2008-01-14 11:32 2,376,192 ----a-w C:\WINNT\Internet Logs\xDB1A.tmp
2008-01-14 11:32 147,456 ----a-w C:\WINNT\Internet Logs\xDB17.tmp
2008-01-09 11:40 272,384 ----a-w C:\WINNT\Internet Logs\xDB16.tmp
2007-12-27 10:34 67,072 ----a-w C:\WINNT\Internet Logs\xDB15.tmp
2007-12-25 05:18 69,632 ----a-w C:\WINNT\Internet Logs\xDB13.tmp
2007-12-22 07:51 106,027 ----a-w C:\WINNT\Internet Logs\vsmon_2nd_2007_12_22_18_45_59_small.dmp.zip
2007-12-22 07:46 2,305,024 ----a-w C:\WINNT\Internet Logs\xDB19.tmp
2007-12-22 07:46 16,896 ----a-w C:\WINNT\Internet Logs\xDB18.tmp
2007-12-22 07:37 104,918 ----a-w C:\WINNT\Internet Logs\vsmon_2nd_2007_12_22_18_18_30_small.dmp.zip
2007-12-22 07:18 91,136 ----a-w C:\WINNT\Internet Logs\xDB12.tmp
2007-12-22 07:18 2,305,024 ----a-w C:\WINNT\Internet Logs\xDB14.tmp
2007-12-17 11:09 117,248 ----a-w C:\WINNT\Internet Logs\xDB11.tmp
2007-12-12 10:56 66,048 ----a-w C:\WINNT\Internet Logs\xDB10.tmp
2007-12-10 11:57 185,856 ----a-w C:\WINNT\Internet Logs\xDBF.tmp
2007-12-02 01:12 123,392 ----a-w C:\WINNT\Internet Logs\xDBE.tmp
2007-11-27 10:40 65,536 ----a-w C:\WINNT\Internet Logs\xDBD.tmp
2007-11-25 07:00 199,680 ----a-w C:\WINNT\Internet Logs\xDBC.tmp
2007-11-17 12:10 193,024 ----a-w C:\WINNT\Internet Logs\xDBB.tmp
2007-11-07 12:03 25,600 ----a-w C:\WINNT\Internet Logs\xDBA.tmp
2007-11-06 11:26 172,032 ----a-w C:\WINNT\Internet Logs\xDB9.tmp
2007-10-29 10:24 307,200 ----a-w C:\WINNT\Internet Logs\xDB8.tmp
2007-10-24 01:40 2,091,008 ----a-w C:\WINNT\Internet Logs\xDB7.tmp
2007-10-18 08:59 49,664 ----a-w C:\WINNT\Internet Logs\xDB6.tmp
2007-10-17 09:00 637,440 ----a-w C:\WINNT\Internet Logs\xDB5.tmp
2007-10-08 11:39 741,376 ----a-w C:\WINNT\Internet Logs\xDB4.tmp
2007-09-29 23:44 93,184 ----a-w C:\WINNT\Internet Logs\xDB3.tmp
2007-09-27 12:24 1,490,944 ----a-w C:\WINNT\Internet Logs\tvDebug.zip
2007-09-25 13:07 1,360,384 ----a-w C:\WINNT\Internet Logs\xDB2.tmp
2007-09-04 05:11 1,687,040 ----a-w C:\WINNT\Internet Logs\xDB1.tmp
2007-08-11 02:41 242,907 ----a-w C:\Documents and Settings\Steve & Kay\setup.exe
2005-12-08 01:42 271 ---h--w C:\Program Files\desktop.ini
2005-12-08 01:42 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 04:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
2007-08-15 22:33 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-08-15 22:33 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-08-15 22:33 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
.

((((((((((((((((((((((((((((( snapshot@Fri 2008-04-04_22.21.28.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-30 22:00:00 163,328 ----a-w C:\WINNT\erdnt\subs\ERDNT.EXE
- 2008-04-04 12:13:14 4,212 ---h--w C:\WINNT\system32\zllictbl.dat
+ 2008-04-05 23:32:06 4,212 ---h--w C:\WINNT\system32\zllictbl.dat
- 2008-03-26 20:41:43 8,469,801 ----a-w C:\WINNT\system32\ZoneLabs\spyware.dat
+ 2008-04-05 02:35:09 8,551,189 ----a-w C:\WINNT\system32\ZoneLabs\spyware.dat
- 2008-03-26 20:41:43 8,469,801 ----a-w C:\WINNT\system32\ZoneLabs\zlasdbup.dat
+ 2008-04-05 02:35:09 8,551,189 ----a-w C:\WINNT\system32\ZoneLabs\zlasdbup.dat
- 2007-12-01 05:17:23 49,152 ----a-w C:\WINNT\system32\ZoneLabs\zlqrtdb.dat
+ 2008-04-05 08:18:48 101,376 ----a-w C:\WINNT\system32\ZoneLabs\zlqrtdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-07 14:00 20752 C:\WINNT\system32\internat.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-20 05:05 111376 C:\WINNT\system32\mobsync.exe]
"NeroCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 19:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-05-25 21:29 77824]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [05-06-06 22:46 57344]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [05-10-02 22:05 980736]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [06-11-22 11:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [07-02-06 09:52 849280]
"SysTrayFind"="C:\WINNT\SysTrayFind.exe" [02-09-04 11:27 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-07 14:00 20752 C:\WINNT\system32\internat.exe]

C:\Documents and Settings\Steve & Kay\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-12-23 15:58:41 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-23 09:30:00 65588]

R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS [00-05-27 03:37 ]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [99-10-23 22:22 ]
S3 TFBULK;Topfield USB client driver;C:\WINNT\system32\drivers\TfBulk.sys [03-02-26 14:09 ]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 09:31:25
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINNT\QTFont.for
C:\WINNT\QTFont.qfn

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\CNAB3RPK.EXE
.
**************************************************************************
.
Completion time: 2008-04-06 9:38:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-05 23:37:57
ComboFix2.txt 2008-04-04 12:22:50
Pre-Run: 3,686,219,776 bytes free
Post-Run: 3,623,686,144 bytes free



Thanks,
Escapee33

#6 Blade81

Blade81

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,065 posts
  • Interests:Floorball, football, music, computers..
  • MVP

Posted 06 April 2008 - 05:26 AM

Hi Do you have Malwarebytes Anti-Malware report & a fresh hjt log ready for posting? Please post them if you do. :)
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 ASAP & UNITE member since 2006

#7 Blade81

Blade81

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,065 posts
  • Interests:Floorball, football, music, computers..
  • MVP

Posted 11 April 2008 - 03:01 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 ASAP & UNITE member since 2006

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·