HI,
I am having trouble since my son used the computer. There have been internet explorer windows popping up all over the place, and i can't get it to stop. Any help will be appreciated.
This is the log from sd fix.
SDFix: Version 1.240
Run by Jeanette on Sun 11/16/2008 at 03:12 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\yayvSIAp.dll - Deleted
C:\WINDOWS\system32\xwmavuhsfhfpfq.exe - Deleted
C:\WINDOWS\WINHP32.EXE - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Program Files\iCheck\Uninstall.exe - Deleted
C:\Program Files\PestTrap\base.avd - Deleted
C:\Program Files\PestTrap\base001.avd - Deleted
C:\Program Files\PestTrap\base002.avd - Deleted
C:\Program Files\PestTrap\found.wav - Deleted
C:\Program Files\PestTrap\notfound.wav - Deleted
C:\Program Files\PestTrap\PestTrap.dvm - Deleted
C:\Program Files\PestTrap\PestTrap.exe - Deleted
C:\Program Files\PestTrap\removed.wav - Deleted
C:\Program Files\Common Files\Yazzle3090OinUninstaller.exe - Deleted
C:\WINDOWS\system32\wini10891.exe - Deleted
C:\WINDOWS\Fonts\Setup.exe - Deleted
C:\WINDOWS\inf\ultra.inf - Deleted
C:\WINDOWS\system32\drivers\svchost.exe - Deleted
C:\WINDOWS\system32\dwwnw64r.exe - Deleted
C:\WINDOWS\system32\msansspc.dll - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\uninstall_nmon.vbs - Deleted
C:\WINDOWS\winhp32.exe - Deleted
C:\WINDOWS\Fonts\*.zip - 1 File(s) 113,245 bytes - Deleted
C:\WINDOWS\Fonts\'\*.zip - 3386 File(s) 383,450,956 bytes - Deleted
Could Not Remove C:\WINDOWS\system32\drivers\core.cache.dsk
Folder C:\Program Files\GetPack - Removed
Folder C:\Program Files\iCheck - Removed
Folder C:\Program Files\Mjcore - Removed
Folder C:\Program Files\PestTrap - Removed
Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\tn3 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 15:50:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000050
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Documents and Settings\\JoeMomma\\My Documents\\My Music\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\JoeMomma\\My Documents\\My Music\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
C:\WINDOWS\system32\drivers\core.cache.dsk Found
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 9 Nov 2008 184,320 ..SHR --- "C:\WINDOWS\à?pPatch\wowexec.exe"
Tue 30 Sep 2008 230,400 ..SHR --- "C:\WINDOWS\??mantec\j?vaw.exe"
Fri 29 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 1 Sep 2007 54,784 ...H. --- "C:\Documents and Settings\Jeanette\My Documents\~WRL1610.tmp"
Sat 1 Sep 2007 31,744 ...H. --- "C:\Documents and Settings\Jeanette\My Documents\~WRL1838.tmp"
Sat 1 Sep 2007 41,472 ...H. --- "C:\Documents and Settings\Jeanette\My Documents\~WRL2403.tmp"
Sat 1 Sep 2007 62,464 ...H. --- "C:\Documents and Settings\Jeanette\My Documents\~WRL2576.tmp"
Sat 1 Sep 2007 42,496 ...H. --- "C:\Documents and Settings\Jeanette\My Documents\~WRL3023.tmp"
Sat 1 Sep 2007 58,880 ...H. --- "C:\Documents and Settings\Jeanette\Application Data\Microsoft\Word\~WRL0381.tmp"
Sat 1 Sep 2007 51,712 ...H. --- "C:\Documents and Settings\Jeanette\Application Data\Microsoft\Word\~WRL0904.tmp"
Sat 1 Sep 2007 49,664 ...H. --- "C:\Documents and Settings\Jeanette\Application Data\Microsoft\Word\~WRL0968.tmp"
Sat 1 Sep 2007 46,080 ...H. --- "C:\Documents and Settings\Jeanette\Application Data\Microsoft\Word\~WRL1050.tmp"
Sat 1 Sep 2007 44,544 ...H. --- "C:\Documents and Settings\Jeanette\Application Data\Microsoft\Word\~WRL1958.tmp"
Sat 1 Sep 2007 37,888 ...H. --- "C:\Documents and Settings\Jeanette\Application Data\Microsoft\Word\~WRL2773.tmp"
Sat 1 Sep 2007 35,840 ...H. --- "C:\Documents and Settings\Jeanette\Application Data\Microsoft\Word\~WRL3782.tmp"
Finished!
This is from loop s&d:
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon™ XP 2000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Jeanette ( Administrator )
BOOT : Fail-safe boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:45 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Sun 11/16/2008|19:15 )
--------------------\\ Listing folders in APPLIC~1
[11/12/2008|07:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[02/21/2007|11:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[08/03/2007|07:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[08/03/2007|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[11/12/2008|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avg8
[09/22/2006|04:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/09/2008|09:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[10/26/2008|08:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[03/29/2007|10:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[10/30/2008|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[08/31/2006|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[08/05/2006|11:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[10/03/2008|05:32] C:\DOCUME~1\Jeanette\APPLIC~1\<DIR> Adobe
[02/21/2007|03:46] C:\DOCUME~1\Jeanette\APPLIC~1\<DIR> AdobeUM
[10/26/2008|07:32] C:\DOCUME~1\Jeanette\APPLIC~1\<DIR> Apple Computer
[11/12/2008|08:08] C:\DOCUME~1\Jeanette\APPLIC~1\<DIR> AVGTOOLBAR
[10/30/2008|08:23] C:\DOCUME~1\Jeanette\APPLIC~1\<DIR> Help
[08/05/2006|11:54] C:\DOCUME~1\Jeanette\APPLIC~1\<DIR> Identities
[08/17/2006|09:54] C:\DOCUME~1\Jeanette\APPLIC~1\<DIR> Lavasoft
[08/29/2006|04:05] C:\DOCUME~1\Jeanette\APPLIC~1\<DIR> Macromedia
[11/12/2008|07:32] C:\DOCUME~1\Jeanette\APPLIC~1\<DIR> Microsoft
[08/17/2006|09:34] C:\DOCUME~1\Jeanette\APPLIC~1\<DIR> Mozilla
[02/24/2007|10:34] C:\DOCUME~1\Jeanette\APPLIC~1\<DIR> MSNInstaller
[10/24/2008|08:47] C:\DOCUME~1\Jeanette\APPLIC~1\<DIR> MySpace
[11/12/2008|07:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[11/12/2008|07:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[11/09/2008|12:12] C:\DOCUME~1\Todd\APPLIC~1\<DIR> Adobe
[11/09/2008|12:14] C:\DOCUME~1\Todd\APPLIC~1\<DIR> AdobeUM
[11/09/2008|05:35] C:\DOCUME~1\Todd\APPLIC~1\<DIR> gadcom
[11/09/2008|05:35] C:\DOCUME~1\Todd\APPLIC~1\<DIR> Gool
[10/24/2008|10:31] C:\DOCUME~1\Todd\APPLIC~1\<DIR> Identities
[10/24/2008|10:37] C:\DOCUME~1\Todd\APPLIC~1\<DIR> Macromedia
[11/12/2008|07:32] C:\DOCUME~1\Todd\APPLIC~1\<DIR> Microsoft
[10/26/2008|01:14] C:\DOCUME~1\Todd\APPLIC~1\<DIR> Mozilla
[10/26/2008|01:12] C:\DOCUME~1\Todd\APPLIC~1\<DIR> MySpace
[11/09/2008|05:35] C:\DOCUME~1\Todd\APPLIC~1\<DIR> SpeedRunner
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[11/16/2008 06:05 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[11/03/2006|06:04] C:\Program Files\<DIR> Adobe
[10/30/2008|08:32] C:\Program Files\<DIR> Ahead
[08/03/2007|07:47] C:\Program Files\<DIR> Apple Software Update
[08/17/2006|09:55] C:\Program Files\<DIR> Ashampoo
[11/09/2008|01:45] C:\Program Files\<DIR> AVG
[02/16/2007|09:58] C:\Program Files\<DIR> Belarc
[11/16/2008|03:18] C:\Program Files\<DIR> Common Files
[08/05/2006|11:39] C:\Program Files\<DIR> ComPlus Applications
[10/26/2008|02:55] C:\Program Files\<DIR> Free Easy Burner
[10/30/2008|12:36] C:\Program Files\<DIR> InstallShield Installation Information
[10/03/2008|07:22] C:\Program Files\<DIR> Internet Explorer
[10/30/2008|07:37] C:\Program Files\<DIR> InterVideo
[08/03/2007|07:50] C:\Program Files\<DIR> iPod
[08/03/2007|07:50] C:\Program Files\<DIR> iTunes
[12/27/2006|10:08] C:\Program Files\<DIR> Java
[08/17/2006|09:54] C:\Program Files\<DIR> Lavasoft
[10/26/2008|01:40] C:\Program Files\<DIR> LgCdrw8080
[08/05/2007|09:19] C:\Program Files\<DIR> LimeWire
[10/03/2008|05:24] C:\Program Files\<DIR> Messenger
[08/17/2006|09:40] C:\Program Files\<DIR> Microsoft ActiveSync
[08/05/2006|11:43] C:\Program Files\<DIR> microsoft frontpage
[08/17/2006|09:39] C:\Program Files\<DIR> Microsoft Office
[10/03/2008|07:22] C:\Program Files\<DIR> Movie Maker
[11/16/2008|06:02] C:\Program Files\<DIR> Mozilla Firefox
[01/06/2007|11:17] C:\Program Files\<DIR> MSN
[08/05/2006|11:38] C:\Program Files\<DIR> MSN Gaming Zone
[10/28/2008|04:53] C:\Program Files\<DIR> MSXML 4.0
[10/25/2008|08:13] C:\Program Files\<DIR> MumboJumbo
[10/24/2008|08:47] C:\Program Files\<DIR> MySpace
[11/09/2008|10:14] C:\Program Files\<DIR> Nero
[10/03/2008|07:18] C:\Program Files\<DIR> NetMeeting
[10/26/2008|08:54] C:\Program Files\<DIR> Norton AntiVirus
[11/09/2008|05:51] C:\Program Files\<DIR> OINAnalytics
[08/05/2006|11:41] C:\Program Files\<DIR> Online Services
[10/26/2008|12:02] C:\Program Files\<DIR> ophcrack
[11/09/2008|03:23] C:\Program Files\<DIR> Outerinfo
[10/03/2008|07:18] C:\Program Files\<DIR> Outlook Express
[08/03/2007|07:49] C:\Program Files\<DIR> QuickTime
[02/16/2007|10:14] C:\Program Files\<DIR> Realtek AC97
[10/30/2008|12:36] C:\Program Files\<DIR> Samsung ML-2010 Series
[02/16/2007|03:25] C:\Program Files\<DIR> Seekmo Programs
[10/26/2008|08:49] C:\Program Files\<DIR> Symantec
[08/05/2006|11:54] C:\Program Files\<DIR> Uninstall Information
[11/09/2008|05:52] C:\Program Files\<DIR> Webtools
[10/03/2008|07:23] C:\Program Files\<DIR> Windows Media Player
[10/03/2008|07:18] C:\Program Files\<DIR> Windows NT
[11/09/2008|10:10] C:\Program Files\<DIR> Windows Sidebar
[08/05/2006|11:41] C:\Program Files\<DIR> WindowsUpdate
[10/30/2008|01:17] C:\Program Files\<DIR> WinTV
[08/05/2006|11:43] C:\Program Files\<DIR> xerox
[08/17/2006|09:36] C:\Program Files\<DIR> Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[02/21/2007|11:08] C:\Program Files\Common Files\<DIR> Adobe
[08/17/2006|09:58] C:\Program Files\Common Files\<DIR> Ahead
[08/03/2007|07:46] C:\Program Files\Common Files\<DIR> Apple
[08/17/2006|09:40] C:\Program Files\Common Files\<DIR> Designer
[10/30/2008|08:10] C:\Program Files\Common Files\<DIR> InstallShield
[12/27/2006|10:05] C:\Program Files\Common Files\<DIR> Java
[08/17/2006|09:40] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/05/2006|11:40] C:\Program Files\Common Files\<DIR> MSSoap
[11/09/2008|10:52] C:\Program Files\Common Files\<DIR> Nero
[08/05/2006|07:22] C:\Program Files\Common Files\<DIR> ODBC
[08/05/2006|11:40] C:\Program Files\Common Files\<DIR> Services
[08/05/2006|07:22] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/26/2008|08:54] C:\Program Files\Common Files\<DIR> Symantec Shared
[10/03/2008|07:17] C:\Program Files\Common Files\<DIR> System
--------------------\\ Process
( 14 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
No Lop folder found !
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 19:22:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
C:\WINDOWS\system32\IkRAJRqr.ini
C:\WINDOWS\system32\IkRAJRqr.ini2
C:\WINDOWS\system32\rqRJARkI.dll
==> VUNDO <==
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Jeanette\Desktop\ophcrack-xp-livecd-2.0.1.iso
[F:3][D:96]-> C:\DOCUME~1\Jeanette\LOCALS~1\Temp
[F:303][D:0]-> C:\DOCUME~1\Jeanette\Cookies
[F:617][D:8]-> C:\DOCUME~1\Jeanette\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Sun 11/16/2008|16:22 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Sun 11/16/2008|19:26 - Option : [1]
--------------------\\ Scan completed at 19:26:18
This is from combofix:
ComboFix 08-11-16.05 - Jeanette 2008-11-17 19:30:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.71 [GMT -5:00]
Running from: c:\documents and settings\Jeanette\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\tn3
c:\windows\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 )))))))))))))))))))))))))))))))
.
2008-11-17 19:35 . 2008-11-17 19:35 <DIR> d-------- c:\temp\tn3
2008-11-17 19:34 . 2008-11-17 19:34 167,976 --------- c:\windows\system32\drivers\core.cache.dsk
2008-11-16 16:08 . 2008-11-16 19:26 <DIR> d-------- C:\Lop SD
2008-11-16 15:46 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-16 15:46 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-16 15:08 . 2008-11-16 15:08 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-16 15:01 . 2008-11-16 15:01 <DIR> d-------- c:\windows\ERUNT
2008-11-16 14:56 . 2008-11-16 15:54 <DIR> d-------- C:\SDFix
2008-11-12 22:13 . 2008-11-12 22:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-11-12 20:08 . 2008-11-12 20:08 <DIR> d-------- c:\documents and settings\Jeanette\Application Data\AVGTOOLBAR
2008-11-09 22:17 . 2008-11-09 22:17 4,767 --a------ c:\windows\Irremote.ini
2008-11-09 22:10 . 2008-11-09 22:10 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-09 21:27 . 2008-11-09 22:14 <DIR> d-------- c:\program files\Nero
2008-11-09 21:26 . 2008-11-09 22:52 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-09 21:26 . 2008-11-09 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-11-09 03:34 . 2008-11-09 03:34 9,662 --a------ c:\windows\system32\ZoneAlarmIconUS.ico
2008-11-09 03:34 . 2008-11-09 03:34 4,286 --a------ c:\windows\system32\Jamster.ico
2008-11-09 03:22 . 2008-11-09 17:51 <DIR> d-------- c:\program files\OINAnalytics
2008-11-09 02:52 . 2008-11-09 17:52 <DIR> d-------- c:\program files\Webtools
2008-11-09 01:45 . 2008-11-09 01:45 <DIR> d-------- c:\program files\AVG
2008-11-09 01:06 . 2008-11-09 01:06 23,040 --a------ c:\documents and settings\Todd\~.exe
2008-11-09 00:14 . 2008-11-09 00:14 <DIR> d-------- c:\documents and settings\Todd\Application Data\AdobeUM
2008-11-09 00:06 . 2008-11-09 00:06 90,915 --a------ c:\windows\system32\ybzaelxpfhzahlxp.dll-uninst.exe
2008-11-08 23:27 . 2008-11-08 23:27 147,456 --a------ c:\windows\system32\vbzip10.dll
2008-11-08 23:26 . 2008-11-08 23:26 153,484 --a------ c:\windows\system32\g0.exe
2008-11-08 23:26 . 2008-11-08 23:26 64,859 --a------ c:\windows\system32\tyskvvjfsv.exe
2008-11-08 23:25 . 2008-11-09 04:23 <DIR> d--hs---- c:\windows\QmVubnk
2008-11-08 23:24 . 2008-11-08 23:24 <DIR> d-------- c:\windows\system32\sX3i02
2008-11-08 23:24 . 2008-11-08 23:24 <DIR> d-------- c:\windows\system32\svm
2008-11-08 23:24 . 2008-11-08 23:24 <DIR> d-------- c:\windows\system32\prt
2008-11-08 23:24 . 2008-11-08 23:26 <DIR> d-------- c:\windows\system32\db
2008-11-08 23:24 . 2008-11-08 23:24 <DIR> d-------- c:\windows\system32\AX5
2008-11-08 23:24 . 2008-11-08 23:25 <DIR> d-------- c:\temp\PRE45
2008-11-08 23:24 . 2008-11-08 23:24 86,400 --a------ c:\windows\system32\drivers\nwrdrr.sys
2008-11-08 23:24 . 2008-11-08 23:24 355 --a------ C:\594.bat
2008-10-30 20:33 . 2003-04-28 06:22 1,204,224 --------- c:\windows\UNMRW.exe
2008-10-30 20:33 . 2003-07-30 07:33 29,381 --------- c:\windows\UNMRW.cfg
2008-10-30 20:33 . 2003-06-10 04:52 22,848 --------- c:\windows\system32\drivers\incdrm.sys
2008-10-30 20:32 . 2008-10-30 20:32 <DIR> d-------- c:\windows\InCD
2008-10-30 20:32 . 2003-06-27 07:46 1,228,800 --------- c:\windows\NuNinst.exe
2008-10-30 20:32 . 2003-06-30 09:51 86,496 --------- c:\windows\system32\drivers\incdfs.sys
2008-10-30 20:32 . 2003-07-30 07:33 46,406 --------- c:\windows\NuNinst.cfg
2008-10-30 20:32 . 2003-06-30 09:51 28,208 --------- c:\windows\system32\drivers\incdpass.sys
2008-10-30 20:32 . 2003-06-30 09:56 5,264 --------- c:\windows\system32\drivers\incdrec.sys
2008-10-30 20:14 . 2003-05-06 05:41 1,171,456 --------- c:\windows\UNNeroVision.exe
2008-10-30 20:14 . 2003-07-30 07:33 79,884 --------- c:\windows\UNNeroVision.cfg
2008-10-30 19:37 . 2008-10-30 19:37 <DIR> d-------- c:\program files\InterVideo
2008-10-30 19:37 . 2000-09-22 12:19 1,347,584 --a------ c:\windows\system32\ivimci32.dll
2008-10-30 19:37 . 2000-09-13 19:01 317,952 --a------ c:\windows\system32\Roboex32.dll
2008-10-30 19:37 . 2000-09-13 19:01 25,264 --a------ c:\windows\system32\ivimci.drv
2008-10-30 19:35 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe
2008-10-30 13:24 . 2008-04-13 13:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-10-30 13:24 . 2008-04-13 13:39 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2008-10-30 13:22 . 2008-04-13 19:12 91,136 --a------ c:\windows\system32\kswdmcap.ax
2008-10-30 13:22 . 2008-04-13 19:12 91,136 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-10-30 13:22 . 2008-04-13 19:12 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-10-30 13:22 . 2008-04-13 19:12 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-10-30 13:22 . 2008-04-13 19:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-10-30 13:22 . 2008-04-13 19:12 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-10-30 13:22 . 2008-04-13 13:45 49,408 --a------ c:\windows\system32\stream.sys
2008-10-30 13:22 . 2008-04-13 19:12 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-10-30 13:22 . 2008-04-13 19:12 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-10-30 13:17 . 2004-02-13 14:58 65,536 --a------ c:\windows\system32\hcwdlg.ocx
2008-10-30 13:16 . 2008-10-30 13:17 2,523,847 --a------ c:\temp\wintv2k412_24054.exe
2008-10-30 13:11 . 2008-10-30 13:17 <DIR> d-------- c:\program files\WinTV
2008-10-30 13:10 . 2008-10-30 13:10 1,382,847 --a------ c:\temp\whql_349_24025.exe
2008-10-30 12:36 . 2008-10-30 12:36 <DIR> d-------- c:\program files\Samsung ML-2010 Series
2008-10-30 12:36 . 2005-03-14 00:01 766 --------- c:\windows\Uninstall.ico
2008-10-30 12:35 . 2008-10-30 12:36 <DIR> d-------- c:\windows\Samsung
2008-10-30 12:35 . 2005-03-14 00:01 208,896 --a------ c:\windows\system32\SSRemove.exe
2008-10-30 12:35 . 2005-03-02 23:32 151,552 --a------ c:\windows\system32\SSCoInst.exe
2008-10-30 12:35 . 2005-03-03 05:09 57,344 --a------ c:\windows\system32\SSCoInst.dll
2008-10-30 12:35 . 2005-04-07 21:29 20,622 --a------ c:\windows\system32\SUGS2LMK.DLL
2008-10-30 12:35 . 2005-03-14 00:01 8,478 --a------ c:\windows\system32\SP119.ICO
2008-10-30 12:35 . 2005-03-03 06:23 604 --a------ c:\windows\system32\SUGS2LMK.SMT
2008-10-30 12:34 . 2005-03-14 00:01 41,984 --------- c:\windows\system32\drivers\DGIVECP.SYS
2008-10-28 16:53 . 2008-10-28 16:53 <DIR> d-------- c:\program files\MSXML 4.0
2008-10-26 14:55 . 2008-10-26 14:55 <DIR> d-------- c:\program files\Free Easy Burner
2008-10-26 13:42 . 2008-10-26 13:42 <DIR> d-------- C:\dell
2008-10-26 13:39 . 2008-10-26 13:40 <DIR> d-------- c:\program files\LgCdrw8080
2008-10-26 12:02 . 2008-10-26 12:02 <DIR> d-------- c:\program files\ophcrack
2008-10-26 07:24 . 2008-10-26 07:24 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-26 01:12 . 2008-10-26 01:12 <DIR> d-------- c:\documents and settings\Todd\Application Data\MySpace
2008-10-25 08:13 . 2008-10-25 08:13 <DIR> d-------- c:\program files\MumboJumbo
2008-10-25 04:42 . 2008-11-12 20:08 <DIR> d-------- c:\documents and settings\Administrator
2008-10-24 22:30 . 2008-11-12 20:08 <DIR> d-------- c:\documents and settings\Todd
2008-10-24 20:49 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-24 20:49 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-24 20:49 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-24 20:48 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-24 20:48 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-24 20:48 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-24 20:48 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-24 20:47 . 2008-10-24 20:47 <DIR> d-------- c:\program files\MySpace
2008-10-24 20:47 . 2008-10-24 20:47 <DIR> d-------- c:\documents and settings\Jeanette\Application Data\MySpace
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 01:32 --------- d-----w c:\program files\Ahead
2008-10-31 01:10 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-30 17:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-26 13:54 --------- d-----w c:\program files\Norton AntiVirus
2008-10-26 13:54 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-26 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-26 13:49 --------- d-----w c:\program files\Symantec
2008-10-26 12:32 --------- d-----w c:\documents and settings\Jeanette\Application Data\Apple Computer
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll
2005-07-29 21:24 472 --sha-r c:\windows\QmVubnk\kApRvB4.vbs
.
((((((((((((((((((((((((((((( snapshot@2008-11-17_19.20.07.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-10 01:10:56 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-18 00:17:05 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2007-11-30 11:18:51 17,272 ----a-w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 57,406 2005-04-20 15:33:40 c:\bak\MumboJumbo\Luxor\core.dll
----a-w 90,112 2005-04-20 15:35:27 c:\bak\MumboJumbo\Luxor\crash.dll
----a-w 424 2007-02-10 15:13:47 c:\bak\MumboJumbo\Luxor\crash.log
----a-w 35,328 2005-04-20 15:32:34 c:\bak\MumboJumbo\Luxor\dsetup.dll
----a-w 10,089 2005-04-20 15:33:23 c:\bak\MumboJumbo\Luxor\EULA.txt
----a-w 28,672 2005-04-20 15:33:33 c:\bak\MumboJumbo\Luxor\file.dll
----a-w 161,280 2005-04-20 15:32:34 c:\bak\MumboJumbo\Luxor\fmod.dll
----a-w 110,592 2005-04-20 15:34:48 c:\bak\MumboJumbo\Luxor\gfx2d.dll
----a-w 61,440 2005-04-20 15:35:21 c:\bak\MumboJumbo\Luxor\gfx2d_dd7.dll
----a-w 36,864 2005-04-20 15:34:52 c:\bak\MumboJumbo\Luxor\gfx2d_dx8.dll
----a-w 28,672 2005-04-20 15:35:13 c:\bak\MumboJumbo\Luxor\gfx2d_ogl.dll
----a-w 28,672 2005-04-20 15:34:30 c:\bak\MumboJumbo\Luxor\imglib.dll
----a-w 98,304 2005-04-20 15:34:28 c:\bak\MumboJumbo\Luxor\jpeg.dll
----a-w 49,152 2005-04-20 15:33:31 c:\bak\MumboJumbo\Luxor\logger.dll
----a-w 196,608 2005-04-20 15:36:02 c:\bak\MumboJumbo\Luxor\Luxor.exe
----a-w 636 2008-10-25 12:33:34 c:\bak\MumboJumbo\Luxor\luxor.ini
----a-w 13,460 2008-10-25 13:11:16 c:\bak\MumboJumbo\Luxor\luxor.log
----a-w 77,824 2005-04-20 15:35:07 c:\bak\MumboJumbo\Luxor\net.dll
----a-w 38,317 2005-04-20 15:33:23 c:\bak\MumboJumbo\Luxor\Read_Me.html
----a-w 49,152 2005-04-20 15:33:50 c:\bak\MumboJumbo\Luxor\snd3d.dll
----a-w 32,768 2005-04-20 15:33:55 c:\bak\MumboJumbo\Luxor\snd3d_fmod.dll
----a-w 184,320 2005-04-20 15:34:12 c:\bak\MumboJumbo\Luxor\ui2.dll
----a-w 51,170 2007-02-07 19:38:31 c:\bak\MumboJumbo\Luxor\uninstall.exe
----a-w 54,620 2005-04-20 15:33:15 c:\bak\MumboJumbo\Luxor\assets\button_moregames.jpg
----a-w 83 2005-04-20 15:33:15 c:\bak\MumboJumbo\Luxor\assets\button_moregames.spr
----a-w 192,175 2005-04-20 15:33:15 c:\bak\MumboJumbo\Luxor\assets\splashscreen.jpg
----a-w 14,045,564 2005-04-20 15:36:05 c:\bak\MumboJumbo\Luxor\data\data.mjz
----a-w 2,693,671 2005-04-20 15:36:04 c:\bak\MumboJumbo\Luxor\data\english.mjz
----a-w 316 2008-10-25 13:11:16 c:\bak\MumboJumbo\Luxor\data\memory.dat
----a-w 724 2008-10-25 13:11:16 c:\bak\MumboJumbo\Luxor\data\scores.dat
----a-w 1,180 2008-10-25 13:09:09 c:\bak\MumboJumbo\Luxor\data\profiles\list.dat
----a-w 5 2008-10-25 13:11:16 c:\bak\MumboJumbo\Luxor\data\profiles\sv_arcade_1.dat
----a-r 313,472 2006-03-30 21:45:08 c:\program files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
----a-w 49,263 2006-07-26 08:03:14 c:\program files\Java\jre1.5.0_08\bin\bak\jusched.exe
----a-w 4,617,720 2006-08-09 19:41:36 c:\program files\Yahoo!\Messenger\bak\YahooMessenger.exe
----a-w 155,648 2001-07-09 15:50:42 c:\windows\system32\bak\NeroCheck.exe
----a-w 155,648 2001-07-09 10:50:42 c:\windows\system32\NeroCheck.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-31 271672]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-06-30 1130546]
"{0D-D0-01-17-DW}"="c:\windows\system32\rjwnw64s.exe" [N/A]
"{e0047b07-1a19-b440-6be5-8acd03bc31d5}"="c:\windows\system32\sahvvcdeouf.dll" [N/A]
"S3TRAY2"="S3tray2.exe" [2003-02-25 c:\windows\system32\S3tray2.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=fpyoxu.dll vomrsa.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
R1 nwrdrr;nwrdrr;c:\windows\system32\drivers\nwrdrr.sys [2008-11-08 86400]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2008-10-30 472644]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Jeanette\Application Data\Mozilla\Firefox\Profiles\za0tgpd4.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 19:35:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Ahead\InCD\incdsrv.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2008-11-17 19:43:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-18 00:42:59
ComboFix2.txt 2008-11-18 00:24:02
Pre-Run: 49,596,919,808 bytes free
Post-Run: 49,583,972,352 bytes free
253 --- E O F --- 2008-11-18 00:24:54
Benny
Full Version: internet explorer opens automatically
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
You shouldn't run tools like SDFix and ComboFix yourself, it is very dangerous
Please download the OTMoveIt3 by OldTimer or from here.
Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you. Post that log in your next reply.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Please download the OTMoveIt3 by OldTimer or from here.
- Save it to your desktop.
- Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):CODE:Processes
explorer.exe
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot] - Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt3
Open notepad and copy/paste the text in the quotebox below into it:
CODE
http://www.lavasoftsupport.com/index.php?showtopic=21781
Collect::
c:\windows\system32\drivers\core.cache.dsk
c:\windows\system32\ZoneAlarmIconUS.ico
c:\windows\system32\Jamster.ico
c:\documents and settings\Todd\~.exe
c:\windows\system32\ybzaelxpfhzahlxp.dll-uninst.exe
c:\windows\system32\vbzip10.dll
c:\windows\system32\g0.exe
c:\windows\system32\tyskvvjfsv.exe
c:\windows\system32\drivers\nwrdrr.sys
C:\594.bat
folder::
c:\temp\tn3
c:\program files\OINAnalytics
c:\program files\Webtools
c:\windows\QmVubnk
c:\windows\system32\sX3i02
c:\windows\system32\svm
c:\windows\system32\prt
c:\windows\system32\db
c:\windows\system32\AX5
c:\temp\PRE45
Driver::
nwrdrr
AWF::
c:\program files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
c:\program files\Java\jre1.5.0_08\bin\bak\jusched.exe
c:\program files\Yahoo!\Messenger\bak\YahooMessenger.exe
c:\windows\system32\bak\NeroCheck.exe
KillAll::
Suspect::
Collect::
c:\windows\system32\drivers\core.cache.dsk
c:\windows\system32\ZoneAlarmIconUS.ico
c:\windows\system32\Jamster.ico
c:\documents and settings\Todd\~.exe
c:\windows\system32\ybzaelxpfhzahlxp.dll-uninst.exe
c:\windows\system32\vbzip10.dll
c:\windows\system32\g0.exe
c:\windows\system32\tyskvvjfsv.exe
c:\windows\system32\drivers\nwrdrr.sys
C:\594.bat
folder::
c:\temp\tn3
c:\program files\OINAnalytics
c:\program files\Webtools
c:\windows\QmVubnk
c:\windows\system32\sX3i02
c:\windows\system32\svm
c:\windows\system32\prt
c:\windows\system32\db
c:\windows\system32\AX5
c:\temp\PRE45
Driver::
nwrdrr
AWF::
c:\program files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
c:\program files\Java\jre1.5.0_08\bin\bak\jusched.exe
c:\program files\Yahoo!\Messenger\bak\YahooMessenger.exe
c:\windows\system32\bak\NeroCheck.exe
KillAll::
Suspect::
Save this as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you. Post that log in your next reply.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
- Ensure you are connected to the internet and click OK on the message box.
- A browser will open.
- Simply follow the instructions to copy/paste/send the requested file.
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.