Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Maleware probelm, My HiJackThis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Maleware probelm, My HiJackThis log

Unread postby flashh4 » May 17th, 2009, 8:02 pm

Hi reaperofelement, now that you can run MBAM.

lets run Malwarebytes in "Safe Mode." Now I will be asking you to boot into Safe Mode for the next part of the fix. It may prove beneficial if you print of the following instructions or save them to notepad as you will not have Internet access whilst in the aforementioned safe mode.

How to boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode, do so.

If any problems refer to this tutorial.

In safe mode carry out the following:

[*]Double-click mbam icon
[*]Once the program has loaded, select Full System Scan, then click Scan.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Save the MBAM scan report to post in next reply.

Post the Malwarebytes log along with a new HJT log.

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming
Advertisement
Register to Remove

Re: Maleware probelm, My HiJackThis log

Unread postby reaperofelement » May 18th, 2009, 6:48 pm

Alright nice safe mode worked, and here's the Log files.



Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

5/18/2009 6:11:10 PM
mbam-log-2009-05-18 (18-11-10).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 100746
Time elapsed: 1 hour(s), 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.155 85.255.112.170 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05a6128c-c0f4-4dee-b3ac-485d775d3a7f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.155 85.255.112.170 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.155 85.255.112.170 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{05a6128c-c0f4-4dee-b3ac-485d775d3a7f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.155 85.255.112.170 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.155 85.255.112.170 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{05a6128c-c0f4-4dee-b3ac-485d775d3a7f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.155 85.255.112.170 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:53 PM, on 5/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watch-movies-links.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - d:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - D:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - D:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6342352765
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9072450140
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

--
End of file - 5508 bytes


Thanks Chuck, just wating fro your next move.
reaperofelement
Regular Member
 
Posts: 28
Joined: April 28th, 2009, 9:38 pm

Re: Maleware probelm, My HiJackThis log

Unread postby flashh4 » May 21st, 2009, 8:36 pm

Hi reaperofelement, i am working on a fix for you so don't think i have forgotten you. I hope to have one ready to post tomorrow.

Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Maleware probelm, My HiJackThis log

Unread postby reaperofelement » May 21st, 2009, 9:38 pm

Haha, I didn't think you forgot about me, figured you are pretty busy at the moment. But thats great, will be awesome when this is done an over with, cause I really want to defrag my computer its been like 3-4 months. Well thank much Chuck here from ya soon, have a good one.
reaperofelement
Regular Member
 
Posts: 28
Joined: April 28th, 2009, 9:38 pm

Re: Maleware probelm, My HiJackThis log

Unread postby flashh4 » May 22nd, 2009, 10:11 am

Hi reaperofelement, to continue. We need to have the latest version of Combofix installed. Delete Combofix from your desk top only "This does not mean uninstall it "! Then download it again.
Just save it to your desk top.

Link 1
Link 2
Link 3


Run CFScript
Open Notepad and copy/paste the text in the box into the window:

Code: Select all
DEQUARANTINE::
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\audxlib.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\andreas_78er.matrix.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\andreas_doppelte_99er.matrix.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\andreas_einfache_99er.matrix.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\Bulletproof's Heavy Compression Matrix.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\Bulletproof's High Quality Matrix.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\CG-Animation Matrix.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\eqm_autogk_sharp.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\eqm_avc_hr.cfg
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\eqm_v1.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3ehr.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3hr.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3lr.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3uhr_rev2.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3ulr_rev3.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\hvs-best-picture.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\hvs-better-picture.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\hvs-good-picture.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\Low Bitrate Matrix.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\MPEG.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\pvcd.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\q_matrix.cfg
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\q_matrix_def.cfg
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\q_matrix2.cfg
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\Soulhunters V3.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\Soulhunters V5.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\Standard.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\Ultimate Matrix.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\Ultra Low Bitrate Matrix.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\custom matrices\Very Low Bitrate Matrix.xcm
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ff_kernelDeint.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ff_liba52.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ff_libdts.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ff_libfaad2.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ff_libmad.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ff_realaac.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ff_samplerate.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ff_theora.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ff_tremor.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ff_unrar.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ff_vfw.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ff_vfw.dll.manifest
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ff_wmv9.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ff_x264.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ffavisynth.avsi
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ffavisynth.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ffdshow.ax
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ffdshow.ax.manifest
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\ffvdub.vdf
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\FLT_ffdshow.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1026.bg
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1028.tc
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1029.cz
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1031.de
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1033.en
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1034.es
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1035.fi
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1036.fr
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1038.hu
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1040.it
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1041.ja
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1045.pl
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1046.br
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1049.ru
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1051.sk
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.1053.se
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\languages\ffdshow.2052.sc
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\libavcodec.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\libmpeg2_ff.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\libmplayer.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\msvcr71.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\openIE.js
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\TomsMoComp_ff.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\FFDShow\xvidcore.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Gabset\FLVSplitter.ax
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Gabset\Mpeg2DecFilter.ax
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Gabset\VSFilter.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\avi.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\avs.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\avss.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\cue2xml.js
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\dsmux.exe
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\dxr.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\gdsmux.exe
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\license.txt
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\mkunicode.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\mkv2vfr.exe
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\mkx.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\mkzlib.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\mmfinfo.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\mp4.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\ogm.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\splitter.ax
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Haali\ts.dll
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\MediaRepair.exe
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\mplayerc.exe
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\uninst.exe
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\WavPack\license.txt
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\WavPack\WavPackDSDecoder.ax
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\WavPack\WavPackDSSplitter.ax
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\WECPUpdate.exe
D:\Qoobox\Quarantine\D\WINDOWS\system32\Essentials Codec Pack\Windows Essentials Media Codec Pack.url

QUIT::


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to disable your anti virus program please see this:
http://www.bleepingcomputer.com/forums/topic114351.html


After doing that close any open browsers.

Image


Refering to the picture above, drag CFScript into ComboFix.exe

ComboFix will stop earlier than it normally does and open a log called DeQuarantine_log.txt. Please save it to your desktop.





NEXT





Please run one of these on line scans.

Run Kaspersky Online AV Scanner
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.




.......................................



PANDA ONLINE SCAN

Please go >here< to run Panda's ActiveScan
  • Once you are on the Panda site, click the Scan your PC now button
  • A new window will open...click the Scan Now button
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply



Please post the following logs in a reply to this topic:
1. New HijackThis log
2. DeQuarantine_log.txt
3. One online scan.

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Maleware probelm, My HiJackThis log

Unread postby reaperofelement » May 22nd, 2009, 7:47 pm

I did the CFScript thing like you told me, I dragged it to it it opened and ran. The one thing it didn't do was the DEQuarantine thing. So I just followed up the rest of the steps. Here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:19 PM, on 5/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Ventrilo\Ventrilo.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watch-movies-links.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - D:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - D:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6342352765
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9072450140
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

--
End of file - 5696 bytes


;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-05-22 19:37:08
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 17
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00003428 adware/memorywatcher Adware No 0 Yes No hkey_classes_root\vbrad.trayicon
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No D:\Documents and Settings\Chris Jablonski\Cookies\chris_jablonski@doubleclick[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No D:\Documents and Settings\Chris Jablonski\Cookies\chris_jablonski@mediaplex[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No D:\Documents and Settings\Chris Jablonski\Cookies\chris_jablonski@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No D:\Documents and Settings\Chris Jablonski\Cookies\chris_jablonski@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No D:\Documents and Settings\Chris Jablonski\Cookies\chris_jablonski@apmebf[1].txt
00488255 Adware/Burn4Free Adware No 0 Yes No D:\WINDOWS\system32\b4fm.dll
00701696 Trj/Agent.LXN Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\D\WINDOWS\system32\gaopdxtrpnqocuhnkcltbfhhkdmcorvxejdnix.dll.vir
00701696 Trj/Agent.LXN Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015779.dll
00716394 Adware/AntiSpywarePro2009 Adware No 0 Yes No D:\WINDOWS\system32\ConTest.dll
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015780.sys
02941683 ASF/GetaCodec.A Virus No 0 Yes No D:\Documents and Settings\Chris Jablonski\My Documents\LimeWire\Saved\he had it coming lil kim.mp3
02941683 ASF/GetaCodec.A Virus No 0 Yes No D:\Documents and Settings\Chris Jablonski\My Documents\LimeWire\Saved\unperidictable ludacris ft.mp3
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015874.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015875.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015873.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015872.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015871.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\C\RECYCLER\S-0-1-34-100013498-100029783-100014235-4921.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\C\RECYCLER\S-0-2-79-100017223-100006776-100029718-1619.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\C\RECYCLER\S-0-9-85-100024240-100025291-100010176-5020.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\C\RECYCLER\S-3-1-58-100026666-100006904-100016457-9531.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015866.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\C\RECYCLER\S-7-1-10-100031659-100004384-100017697-2980.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\C\RECYCLER\S-8-1-47-100027246-100017640-100002790-9991.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015869.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\C\RECYCLER\S-9-5-45-100010741-100001236-100002314-4307.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\C\RECYCLER\S-9-8-12-100026266-100017457-100015365-7325.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\D\RECYCLER\S-0-1-34-100013498-100029783-100014235-4921.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\E\RECYCLER\S-0-1-34-100013498-100029783-100014235-4921.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\E\RECYCLER\S-0-2-79-100017223-100006776-100029718-1619.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\E\RECYCLER\S-0-9-85-100024240-100025291-100010176-5020.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\E\RECYCLER\S-3-1-58-100026666-100006904-100016457-9531.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\E\RECYCLER\S-6-8-33-100008770-100025621-100007244-8313.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\E\RECYCLER\S-7-1-10-100031659-100004384-100017697-2980.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\E\RECYCLER\S-8-1-47-100027246-100017640-100002790-9991.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\E\RECYCLER\S-9-0-20-100013894-100011210-100013542-3595.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\E\RECYCLER\S-9-5-45-100010741-100001236-100002314-4307.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\E\RECYCLER\S-9-8-12-100026266-100017457-100015365-7325.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015870.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015876.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015868.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\C\RECYCLER\S-9-0-20-100013894-100011210-100013542-3595.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015867.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Qoobox\Quarantine\C\RECYCLER\S-6-8-33-100008770-100025621-100007244-8313.com.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015877.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015878.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015879.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015880.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015881.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015882.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015883.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015884.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015885.com
03074964 Trj/CI.A Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015886.com
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No D:\Documents and Settings\Chris Jablonski\Desktop\ComboFix.exe[32788R22FWJFW\n.com]
No D:\Documents and Settings\Chris Jablonski\Desktop\ComboFix.exe[32788R22FWJFW\NirCmd.cfexe]
No D:\Documents and Settings\Chris Jablonski\My Documents\McAfee Internet Security Suite 2007 Full 8-In-1\Apps\mps\mpscore.cab[IAEngine.dll]
No D:\Program Files\McAfee\MPS\IAEngine.dll
No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015788.exe
No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015929.com
No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP248\A0015931.com
No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP254\A0016113.com
No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP254\A0016115.com
No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP254\A0016138.exe
No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP254\A0016141.exe[32788R22FWJFW\NirCmd.cfexe]
No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP254\A0016141.exe[32788R22FWJFW\n.com]
No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP254\A0016202.com
No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP254\A0016204.com
No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP254\A0016266.com
No D:\System Volume Information\_restore{54EFDC01-4C96-432F-8CC8-0476AF496218}\RP254\A0016268.com
No D:\WINDOWS\NIRCMD.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
reaperofelement
Regular Member
 
Posts: 28
Joined: April 28th, 2009, 9:38 pm

Re: Maleware probelm, My HiJackThis log

Unread postby flashh4 » May 23rd, 2009, 11:11 am

Hi reaperofelement, look for the DeQuarantine log in the root drive (D:)
If you do not know how check here:
View Hidden Files & Folders Windows XP
To view Hidden Files & Folders do the following:
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK

Post the contents of that log
.

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Maleware probelm, My HiJackThis log

Unread postby reaperofelement » May 24th, 2009, 12:07 am

Hey Chuck, so I just searched about 5 times for this file on my hard-drive (DeQuarantine_log.txt) . No existance of that file at all is on my hard-drive. When I made that script file and dragged it to the Combofix, that is on my desktop. It asked to run the program I clicked yes, it ran did its normal scan etc. But never did it bring up a DeQuarantine_log.txt at al. Theres a folder in my D: drive now that is named Qoobox its all the stuff I been doing with Combofix. It has it registered I ran it twice with the Script you had me do cause I did it twice thought the first time it didn't work. So theres 2 files named like this (CFScript_used_2009-05-22_18.04.18) and the other (CFScript_used_2009-05-22_18.19.34) . Then thers, these also in the folder, (ComboFix2) (ComboFix3) (ComboFix-quarantined-files) . Then theres a Folder within Qoobox called (Quarantine) and has all the Drive Letters in there and in the D: folder it has 3 folders, Program Files/Recycler/Windows. Inside the Program Files folder is (Essentials Codec Pack). Which I think is the initial program you wanted me to quaritine with the script file. It has pretty sure all the files that had to do with that program inside that folder. I dont know if this explains anything or helps. But other than that, thats what I have. I can't find DeQuarantine_log.txt on my computer cause it never made one doing so as dragging it to Combofix. Thank you Chuck I really hope this help's out any confusion, I know I'm sorta confused haha.
reaperofelement
Regular Member
 
Posts: 28
Joined: April 28th, 2009, 9:38 pm

Re: Maleware probelm, My HiJackThis log

Unread postby flashh4 » May 24th, 2009, 3:11 pm

Hi reaperofelement, thought i would let you know what i am up too, i want to verify that Essentials Codec Pack was put back where Combofix tagged and removed as being bad, sometimes these tools will remove the good files/folders and we must reinstall or verify they were put back.

Run CFScript
Open Notepad and copy/paste the text in the box into the window:

Code: Select all
File::
D:\WINDOWS\system32\ConTest.dll
D:\WINDOWS\system32\b4fm.dll
D:\Documents and Settings\Chris Jablonski\My Documents\LimeWire\Saved\he had it coming lil kim.mp3
D:\Documents and Settings\Chris Jablonski\My Documents\LimeWire\Saved\unperidictable ludacris ft.mp3

DirLook::
D:\Program Files\Essentials Codec Pack


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to disable your anti virus program please see this:
http://www.bleepingcomputer.com/forums/topic114351.html


After doing that close any open browsers.

Image


Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Maleware probelm, My HiJackThis log

Unread postby reaperofelement » May 24th, 2009, 4:06 pm

Hey Chuck, lol, I wasn't trying to say you were like doing something wrong or whatever. I was just trying to give you as much information as I could. So I just did your last step and here it is.

ComboFix 09-05-24.01 - Chris Jablonski 05/24/2009 15:51.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.777 [GMT -4:00]
Running from: d:\documents and settings\Chris Jablonski\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Chris Jablonski\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
d:\documents and settings\Chris Jablonski\My Documents\LimeWire\Saved\he had it coming lil kim.mp3
d:\documents and settings\Chris Jablonski\My Documents\LimeWire\Saved\unperidictable ludacris ft.mp3
d:\windows\system32\b4fm.dll
d:\windows\system32\ConTest.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Chris Jablonski\My Documents\LimeWire\Saved\he had it coming lil kim.mp3
d:\documents and settings\Chris Jablonski\My Documents\LimeWire\Saved\unperidictable ludacris ft.mp3
d:\windows\system32\b4fm.dll
d:\windows\system32\ConTest.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-23 22:31 . 2009-05-23 22:31 -------- d-----w d:\program files\Common Files\DivX Shared
2009-05-22 22:36 . 2008-06-19 21:24 28544 ----a-w d:\windows\system32\drivers\pavboot.sys
2009-05-22 22:35 . 2009-05-22 22:35 -------- d-----w d:\program files\Panda Security
2009-05-16 10:22 . 2009-05-16 10:22 -------- d-----w d:\documents and settings\Chris Jablonski\Application Data\Malwarebytes
2009-05-12 20:49 . 2009-05-12 20:49 -------- d-----w D:\rsit
2009-05-11 02:29 . 2009-04-06 19:32 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-05-11 02:29 . 2009-04-06 19:32 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 02:29 . 2009-05-11 02:29 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-05-11 02:29 . 2009-05-11 02:29 -------- d-----w d:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-09 23:39 . 2009-05-09 23:41 -------- d-----w d:\documents and settings\Chris Jablonski\Application Data\GetRightToGo
2009-05-01 05:03 . 2009-05-01 05:03 201 ----a-w d:\windows\nsreg.dat
2009-04-29 20:55 . 2006-03-03 15:07 143360 ----a-w d:\windows\system32\dunzip32.dll
2009-04-29 20:54 . 2006-07-14 04:10 37800 ----a-w d:\windows\system32\drivers\mfesmfk.sys
2009-04-29 20:54 . 2006-07-14 04:09 31560 ----a-w d:\windows\system32\drivers\mferkdk.sys
2009-04-29 20:54 . 2006-07-14 04:09 33896 ----a-w d:\windows\system32\drivers\mfebopk.sys
2009-04-29 20:54 . 2006-07-14 04:09 161768 ----a-w d:\windows\system32\drivers\mfehidk.sys
2009-04-29 20:54 . 2006-07-08 19:46 84744 ----a-w d:\windows\system32\drivers\mfeavfk.sys
2009-04-29 20:53 . 2006-08-01 17:59 104536 ----a-w d:\windows\system32\drivers\Mpfp.sys
2009-04-29 20:53 . 2009-04-29 20:53 -------- d-----w d:\program files\McAfee.com
2009-04-29 20:53 . 2009-04-29 20:55 -------- d-----w d:\program files\Common Files\McAfee
2009-04-29 20:53 . 2009-04-29 21:08 -------- d-----w d:\program files\McAfee
2009-04-29 20:52 . 2009-04-29 20:56 -------- d-----w d:\documents and settings\All Users\Application Data\McAfee
2009-04-29 02:26 . 2009-04-29 02:26 102800 ----a-w d:\windows\system32\drivers\tmcomm.sys
2009-04-28 11:36 . 2009-04-28 11:36 -------- d-----w d:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 07:23 . 2008-07-18 04:50 -------- d-----w d:\program files\Warcraft III
2009-05-23 23:10 . 2008-12-09 13:51 -------- d-----w d:\documents and settings\Chris Jablonski\Application Data\uTorrent
2009-05-23 22:32 . 2008-09-30 08:59 -------- d-----w d:\program files\DivX
2009-05-19 23:58 . 2008-07-18 01:46 -------- d-----w d:\program files\World of Warcraft
2009-05-10 18:44 . 2008-07-18 05:35 -------- d-----w d:\program files\LimeWire
2009-05-10 18:42 . 2008-07-18 20:17 -------- d-----w d:\documents and settings\Chris Jablonski\Application Data\LimeWire
2009-04-29 01:53 . 2009-04-13 07:46 -------- d-----w d:\program files\Common Files\Symantec Shared
2009-04-29 01:53 . 2009-04-13 07:46 -------- d-----w d:\documents and settings\All Users\Application Data\Symantec
2009-04-26 12:13 . 2008-07-18 01:55 -------- d-----w d:\program files\Common Files\Blizzard Entertainment
2009-04-22 07:39 . 2009-04-22 07:26 -------- d-----w d:\program files\Garena
2009-04-16 07:01 . 2009-04-16 07:00 -------- d-----w d:\program files\Defraggler
2009-04-16 06:56 . 2008-07-18 05:58 -------- d-----w d:\program files\CCleaner
2009-04-13 07:37 . 2009-04-06 21:15 -------- d-----w d:\documents and settings\All Users\Application Data\avg8
2009-04-07 00:29 . 2008-09-08 02:40 -------- d-----w d:\documents and settings\All Users\Application Data\Viewpoint
2009-04-07 00:28 . 2009-04-07 00:17 -------- d---a-w d:\documents and settings\All Users\Application Data\TEMP
2009-03-28 20:16 . 2008-11-17 01:39 -------- d-----w d:\program files\DotA Gaming Network
2009-03-26 20:26 . 2009-03-26 20:26 -------- d-----w d:\documents and settings\Chris Jablonski\Application Data\Media Player Classic
2009-03-26 20:11 . 2008-07-18 15:09 -------- d--h--w d:\program files\InstallShield Installation Information
2009-03-20 03:36 . 2008-07-18 04:56 78123 ----a-w d:\windows\War3Unin.dat
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w d:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w d:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w d:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w d:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w d:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w d:\windows\system32\DivX.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of d:\program files\Essentials Codec Pack ----



((((((((((((((((((((((((((((( SnapShot@2009-05-15_19.43.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-05-15 19:43 40394 d:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-05-24 04:17 40394 d:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-05-24 04:17 312172 d:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-05-15 19:43 312172 d:\windows\system32\perfh009.dat
+ 2009-04-17 12:59 . 2009-04-17 12:59 128256 d:\windows\Downloaded Program Files\as2stubie.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-23 68856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin600.exe.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\TrayMin600.exe.lnk
backup=d:\windows\pss\TrayMin600.exe.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Chris Jablonski^Start Menu^Programs^Startup^My_AutoWarkey_Script.lnk]
path=d:\documents and settings\Chris Jablonski\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk
backup=d:\windows\pss\My_AutoWarkey_Script.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"rpcapd"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"MioNet"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"avg8emc"=2 (0x2)
"avg8wd"=2 (0x2)
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"comHost"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"MSK80Service"=2 (0x2)
"MPS9"=2 (0x2)
"MpfService"=2 (0x2)
"mcusrmgr"=2 (0x2)
"mctskshd.exe"=2 (0x2)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"McRedirector"=2 (0x2)
"McProxy"=2 (0x2)
"mcpromgr"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmispupdmgr"=2 (0x2)
"McLogManagerService"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\World of Warcraft\\Launcher.exe"=
"d:\\Program Files\\Download Manager\\DLM.exe"=
"d:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"d:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\AIM6\\aim6.exe"=
"d:\\Program Files\\Warcraft III\\pickup.listchecker.exe"=
"d:\\WINDOWS\\system32\\wupdmgr.exe"=
"d:\\Program Files\\World of Warcraft\\BNUpdate.exe"=
"d:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe"=
"d:\\Program Files\\World of Warcraft\\Updates\\WoW-3.0.1-to-3.0.2-Update\\Updater.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-BurningCrusade-enUS-Slim-Installer\\Installer.exe"=
"d:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
"d:\\Program Files\\Common Files\\Blizzard Entertainment\\World of Warcraft Installer\\Installer.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"d:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"d:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"d:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader
"1700:TCP"= 1700:TCP:*:Disabled:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:*:Disabled:MioNet Remote Drive Verification
"6111:TCP"= 6111:TCP:wc3
"6110:TCP"= 6110:TCP:wc3
"6114:TCP"= 6114:TCP:wc3
"3274:TCP"= 3274:TCP:wow
"8086:TCP"= 8086:TCP:wow
"8087:TCP"= 8087:TCP:wow
"9081:TCP"= 9081:TCP:wow
"9090:TCP"= 9090:TCP:wow
"9097:TCP"= 9097:TCP:wow
"9100:TCP"= 9100:TCP:wow

R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [5/22/2009 6:36 PM 28544]
R3 HSFHWATI;HSFHWATI;d:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 6:06 PM 231424]
R3 phc600;USB PC Camera (phc600);d:\windows\system32\drivers\phc600.sys [11/19/2008 1:43 AM 440064]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\Viewpoint\Common\ViewpointService.exe" --> d:\program files\Viewpoint\Common\ViewpointService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-15 d:\windows\Tasks\McDefragTask.job
- d:\windows\system32\defrag.exe [2004-08-04 00:12]

2009-05-01 d:\windows\Tasks\McQcTask.job
- d:\program files\mcafee\mqc\QcConsol.exe [2009-04-29 20:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.watch-movies-links.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - d:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 15:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-2111687655-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
d:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-24 15:54
ComboFix-quarantined-files.txt 2009-05-24 19:54
ComboFix2.txt 2009-05-22 22:21
ComboFix3.txt 2009-05-22 22:07
ComboFix4.txt 2009-05-15 19:44

Pre-Run: 37,948,407,808 bytes free
Post-Run: 38,367,072,256 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
238 --- E O F --- 2008-11-18 21:25
reaperofelement
Regular Member
 
Posts: 28
Joined: April 28th, 2009, 9:38 pm

Re: Maleware probelm, My HiJackThis log

Unread postby flashh4 » May 25th, 2009, 12:32 pm

Hi reaperofelement, would you post the contents of ComboFix-quarantined-files.txt for me.
This should get you to those files.
Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\ComboFix-quarantined-files.txt

or try this >>> navigate to your C:\Qoobox <- This folder. Then post the contents of ComboFix-quarantined-files.txt

Post the contents of the logfile which will open.


Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Maleware probelm, My HiJackThis log

Unread postby reaperofelement » May 25th, 2009, 8:05 pm

Alright Chuck here's the .txt file you wanted.

2009-05-15 19:27:17 . 2009-05-24 19:50:52 858 ----a-w D:\Qoobox\Quarantine\catchme.log
2009-05-22 22:04:18 . 2009-05-24 19:51:33 0 ----a-w D:\Qoobox\Quarantine\catchme.txt
2009-05-15 19:43:27 . 2009-05-08 21:05:46 322 ----a-w D:\Qoobox\Quarantine\C\autorun.inf.vir
2009-05-22 22:06:32 . 2009-05-11 19:00:48 324 ----a-w D:\Qoobox\Quarantine\C\desktop.ini.vir
2009-05-15 19:43:27 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\C\RECYCLER\S-0-1-34-100013498-100029783-100014235-4921.com.vir
2009-05-15 19:43:27 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\C\RECYCLER\S-0-2-79-100017223-100006776-100029718-1619.com.vir
2009-05-15 19:43:27 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\C\RECYCLER\S-0-9-85-100024240-100025291-100010176-5020.com.vir
2009-05-15 19:43:27 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\C\RECYCLER\S-3-1-58-100026666-100006904-100016457-9531.com.vir
2009-05-15 19:43:27 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\C\RECYCLER\S-6-8-33-100008770-100025621-100007244-8313.com.vir
2009-05-15 19:43:27 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\C\RECYCLER\S-7-1-10-100031659-100004384-100017697-2980.com.vir
2009-05-15 19:43:27 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\C\RECYCLER\S-8-1-47-100027246-100017640-100002790-9991.com.vir
2009-05-15 19:43:27 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\C\RECYCLER\S-9-0-20-100013894-100011210-100013542-3595.com.vir
2009-05-15 19:43:27 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\C\RECYCLER\S-9-5-45-100010741-100001236-100002314-4307.com.vir
2009-05-15 19:43:27 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\C\RECYCLER\S-9-8-12-100026266-100017457-100015365-7325.com.vir
2009-03-26 20:05:47 . 2009-05-08 21:05:46 396 ----a-w D:\Qoobox\Quarantine\D\autorun.inf.vir
2008-09-07 00:31:33 . 2008-09-07 00:32:00 5,745,425 ----a-w D:\Qoobox\Quarantine\D\Documents and Settings\Chris Jablonski\My Documents\LimeWire\Saved\he had it coming lil kim.mp3.vir
2008-09-07 00:44:01 . 2008-09-07 00:44:24 3,545,425 ----a-w D:\Qoobox\Quarantine\D\Documents and Settings\Chris Jablonski\My Documents\LimeWire\Saved\unperidictable ludacris ft.mp3.vir
2009-02-02 11:08:34 . 2009-02-02 11:08:34 65,536 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\MediaRepair.exe.vir
2008-09-21 12:45:10 . 2008-09-21 12:45:10 6,402,048 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\mplayerc.exe.vir
2008-12-12 09:00:03 . 2009-03-26 20:14:04 66,266 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\uninst.exe.vir
2009-01-25 18:17:04 . 2009-01-25 18:17:04 196,608 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\WECPUpdate.exe.vir
2009-03-26 20:14:04 . 2009-03-26 20:14:04 52 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Windows Essentials Media Codec Pack.url.vir
2006-12-10 20:32:12 . 2006-12-10 20:32:12 741,376 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\audxlib.dll.vir
2008-12-11 11:27:02 . 2008-12-11 11:27:02 39 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffavisynth.avsi.vir
2008-12-17 17:23:04 . 2008-12-17 17:23:04 53,760 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffavisynth.dll.vir
2008-12-11 11:27:02 . 2008-12-11 11:27:02 547 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffdshow.ax.manifest.vir
2008-12-19 16:26:06 . 2008-12-19 16:26:06 2,625,536 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffdshow.ax.vir
2008-12-17 17:23:34 . 2008-12-17 17:23:34 96,768 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffvdub.vdf.vir
2008-11-26 17:55:22 . 2008-11-26 17:55:22 683,520 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_kernelDeint.dll.vir
2008-12-18 13:55:28 . 2008-12-18 13:55:28 142,848 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_liba52.dll.vir
2008-12-17 17:33:30 . 2008-12-17 17:33:30 257,024 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_libdts.dll.vir
2008-12-17 17:33:00 . 2008-12-17 17:33:00 485,888 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_libfaad2.dll.vir
2008-12-17 17:32:54 . 2008-12-17 17:32:54 178,688 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_libmad.dll.vir
2007-02-26 19:20:20 . 2007-02-26 19:20:20 153,600 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_realaac.dll.vir
2008-12-17 17:32:58 . 2008-12-17 17:32:58 183,296 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_samplerate.dll.vir
2008-12-17 17:17:34 . 2008-12-17 17:17:34 239,247 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_theora.dll.vir
2008-12-17 17:33:26 . 2008-12-17 17:33:26 146,944 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_tremor.dll.vir
2008-12-17 17:33:20 . 2008-12-17 17:33:20 113,152 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_unrar.dll.vir
2008-12-11 11:27:02 . 2008-12-11 11:27:02 547 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_vfw.dll.manifest.vir
2008-12-17 17:22:48 . 2008-12-17 17:22:48 57,344 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_vfw.dll.vir
2008-12-17 17:22:58 . 2008-12-17 17:22:58 93,184 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_wmv9.dll.vir
2008-12-17 17:41:18 . 2008-12-17 17:41:18 884,237 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_x264.dll.vir
2008-12-17 17:24:26 . 2008-12-17 17:24:26 53,760 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\FLT_ffdshow.dll.vir
2008-12-19 15:15:58 . 2008-12-19 15:15:58 4,338,246 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\libavcodec.dll.vir
2008-12-17 17:15:46 . 2008-12-17 17:15:46 145,609 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\libmpeg2_ff.dll.vir
2008-12-17 16:59:54 . 2008-12-17 16:59:54 560,802 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\libmplayer.dll.vir
2008-04-08 17:15:46 . 2008-04-08 17:15:46 348,160 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\msvcr71.dll.vir
2008-12-11 11:27:02 . 2008-12-11 11:27:02 1,708 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\openIE.js.vir
2008-11-26 16:49:10 . 2008-11-26 16:49:10 238,080 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\TomsMoComp_ff.dll.vir
2008-12-17 17:37:44 . 2008-12-17 17:37:44 791,742 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\xvidcore.dll.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\andreas_78er.matrix.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\andreas_doppelte_99er.matrix.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\andreas_einfache_99er.matrix.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Bulletproof's Heavy Compression Matrix.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Bulletproof's High Quality Matrix.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\CG-Animation Matrix.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_autogk_sharp.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 910 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_avc_hr.cfg.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v1.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3ehr.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3hr.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3lr.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3uhr_rev2.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3ulr_rev3.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\hvs-best-picture.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\hvs-better-picture.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\hvs-good-picture.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Low Bitrate Matrix.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\MPEG.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\pvcd.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 2,697 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix.cfg.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 1,244 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix2.cfg.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 1,244 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix_def.cfg.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Soulhunters V3.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Soulhunters V5.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Standard.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Ultimate Matrix.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Ultra Low Bitrate Matrix.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 128 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Very Low Bitrate Matrix.xcm.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 82,598 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1026.bg.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 22,148 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1028.tc.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 99,356 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1029.cz.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 78,406 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1031.de.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 9 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1033.en.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 115,322 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1034.es.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 69,860 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1035.fi.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 114,950 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1036.fr.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 10,636 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1038.hu.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 85,420 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1040.it.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 94,746 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1041.ja.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 130,524 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1045.pl.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 11,084 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1046.br.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 62,196 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1049.ru.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 70,960 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1051.sk.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 9,802 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1053.se.vir
2008-12-11 11:27:00 . 2008-12-11 11:27:00 67,828 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.2052.sc.vir
2008-09-17 22:57:44 . 2008-09-17 22:57:44 344,064 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Gabset\FLVSplitter.ax.vir
2008-09-18 20:31:28 . 2008-09-18 20:31:28 446,464 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Gabset\Mpeg2DecFilter.ax.vir
2008-09-20 16:14:14 . 2008-09-20 16:14:14 1,019,904 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Gabset\VSFilter.dll.vir
2008-03-29 06:42:04 . 2008-03-29 06:42:04 108,032 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\avi.dll.vir
2008-03-29 06:41:54 . 2008-03-29 06:41:54 97,280 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\avs.dll.vir
2008-03-29 06:42:14 . 2008-03-29 06:42:14 102,400 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\avss.dll.vir
2007-05-15 19:07:46 . 2007-05-15 19:07:46 4,835 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\cue2xml.js.vir
2008-03-29 06:42:00 . 2008-03-29 06:42:00 103,424 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\dsmux.exe.vir
2008-03-29 06:42:22 . 2008-03-29 06:42:22 245,248 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\dxr.dll.vir
2008-03-29 06:42:02 . 2008-03-29 06:42:02 335,872 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\gdsmux.exe.vir
2009-01-29 16:33:30 . 2009-01-29 16:33:30 1,187 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\license.txt.vir
2008-03-29 06:41:52 . 2008-03-29 06:41:52 23,552 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mkunicode.dll.vir
2008-03-29 06:41:54 . 2008-03-29 06:41:54 135,168 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mkv2vfr.exe.vir
2008-03-29 06:42:08 . 2008-03-29 06:42:08 148,992 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mkx.dll.vir
2008-03-29 06:41:52 . 2008-03-29 06:41:52 79,360 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mkzlib.dll.vir
2008-03-29 06:42:20 . 2008-03-29 06:42:20 159,744 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll.vir
2008-03-29 06:42:04 . 2008-03-29 06:42:04 141,312 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mp4.dll.vir
2008-03-29 06:42:02 . 2008-03-29 06:42:02 120,832 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\ogm.dll.vir
2008-03-29 06:42:30 . 2008-03-29 06:42:30 536,576 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\splitter.ax.vir
2008-03-29 06:42:00 . 2008-03-29 06:42:00 163,840 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\ts.dll.vir
2008-06-14 15:36:00 . 2008-06-14 15:36:00 1,583 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\WavPack\license.txt.vir
2008-04-15 09:56:04 . 2008-04-15 09:56:04 147,456 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\WavPack\WavPackDSDecoder.ax.vir
2008-04-15 09:56:04 . 2008-04-15 09:56:04 81,920 ----a-w D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\WavPack\WavPackDSSplitter.ax.vir
2009-05-08 19:13:41 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\D\RECYCLER\S-0-1-34-100013498-100029783-100014235-4921.com.vir
2008-02-29 04:14:04 . 2008-02-29 04:14:04 223,744 ----a-w D:\Qoobox\Quarantine\D\WINDOWS\system32\b4fm.dll.vir
2008-07-18 15:09:47 . 2008-05-16 17:41:44 208,896 ----a-w D:\Qoobox\Quarantine\D\WINDOWS\system32\ConTest.dll.vir
2009-03-26 20:05:50 . 2009-05-14 23:06:42 4 ----a-w D:\Qoobox\Quarantine\D\WINDOWS\system32\gaopdxcounter.vir
2009-03-26 20:05:50 . 2009-03-26 20:05:50 13,312 ----a-w D:\Qoobox\Quarantine\D\WINDOWS\system32\gaopdxtrpnqocuhnkcltbfhhkdmcorvxejdnix.dll.vir
2009-03-30 23:39:05 . 2009-03-30 23:39:05 40,960 ----a-w D:\Qoobox\Quarantine\D\WINDOWS\system32\drivers\gaopdxnkcmtftpjbqlmpkuabuhyidntqlaetjb.sys.vir
2009-04-06 22:26:18 . 2009-04-07 00:09:57 34,816 ----a-w D:\Qoobox\Quarantine\D\WINDOWS\system32\drivers\gaopdxstjexgsnpiqhxnsvdkmrxwuywmttkbmq.sys.vir
2009-03-26 21:12:13 . 2009-03-26 21:12:13 37,888 ----a-w D:\Qoobox\Quarantine\D\WINDOWS\system32\drivers\gaopdxtyxubvmfjpypiqwerxduxxtavbdmwivs.sys.vir
2009-04-06 20:50:30 . 2009-04-06 20:50:30 34,816 ----a-w D:\Qoobox\Quarantine\D\WINDOWS\system32\drivers\gaopdxvxepargwvewbrfvxviyalkibgsatfmov.sys.vir
2009-04-06 22:20:12 . 2009-04-06 22:20:12 34,816 ----a-w D:\Qoobox\Quarantine\D\WINDOWS\system32\drivers\gaopdxwrtuirflxowpcqppptmpuiurdbqvrbvn.sys.vir
2009-03-26 21:32:34 . 2009-03-26 21:32:34 37,888 ----a-w D:\Qoobox\Quarantine\D\WINDOWS\system32\drivers\gaopdxxbcrmoddvcxeitypawyroducjdtnipqd.sys.vir
2009-04-13 07:43:38 . 2009-04-19 21:11:24 39,936 ----a-w D:\Qoobox\Quarantine\D\WINDOWS\system32\drivers\gxvxcserv.sys.vir
2009-05-15 19:31:26 . 2009-05-15 19:31:26 34,682 ----a-w D:\Qoobox\Quarantine\D\WINDOWS\system32\drivers\_gaopdxljffevmlmwxquwakixbtwmhkufkntobw_.sys.zip
2009-05-15 19:43:28 . 2009-05-08 21:05:46 315 ----a-w D:\Qoobox\Quarantine\E\autorun.inf.vir
2009-05-15 19:43:28 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\E\RECYCLER\S-0-1-34-100013498-100029783-100014235-4921.com.vir
2009-05-15 19:43:28 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\E\RECYCLER\S-0-2-79-100017223-100006776-100029718-1619.com.vir
2009-05-15 19:43:28 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\E\RECYCLER\S-0-9-85-100024240-100025291-100010176-5020.com.vir
2009-05-15 19:43:28 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\E\RECYCLER\S-3-1-58-100026666-100006904-100016457-9531.com.vir
2009-05-15 19:43:28 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\E\RECYCLER\S-6-8-33-100008770-100025621-100007244-8313.com.vir
2009-05-15 19:43:28 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\E\RECYCLER\S-7-1-10-100031659-100004384-100017697-2980.com.vir
2009-05-15 19:43:28 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\E\RECYCLER\S-8-1-47-100027246-100017640-100002790-9991.com.vir
2009-05-15 19:43:28 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\E\RECYCLER\S-9-0-20-100013894-100011210-100013542-3595.com.vir
2009-05-15 19:43:28 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\E\RECYCLER\S-9-5-45-100010741-100001236-100002314-4307.com.vir
2009-05-15 19:43:28 . 2009-03-26 13:10:42 23,040 ----a-w D:\Qoobox\Quarantine\E\RECYCLER\S-9-8-12-100026266-100017457-100015365-7325.com.vir
2009-05-22 22:07:05 . 2009-05-22 22:07:05 562 ----a-w D:\Qoobox\Quarantine\Registry_backups\SafeBoot-procexp90.Sys.reg.dat
2009-05-15 19:31:25 . 2009-05-15 19:31:29 865 ----a-w D:\Qoobox\Quarantine\Registry_backups\Service_gaopdxserv.sys.reg.dat
2009-05-15 19:42:41 . 2009-05-24 19:52:47 8,374 ----a-w D:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-05-15 19:43:40 . 2009-05-15 19:43:40 171 ----a-w D:\Qoobox\Quarantine\Registry_backups\WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}.reg.dat
2009-05-15 19:43:39 . 2009-05-15 19:43:39 171 ----a-w D:\Qoobox\Quarantine\Registry_backups\WebBrowser-{9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E}.reg.dat
reaperofelement
Regular Member
 
Posts: 28
Joined: April 28th, 2009, 9:38 pm

Re: Maleware probelm, My HiJackThis log

Unread postby reaperofelement » May 25th, 2009, 8:07 pm

Oh yeah, can I defrag my computer. I forgot to ask about that in the last post sorry about that, thanks Chuck.
reaperofelement
Regular Member
 
Posts: 28
Joined: April 28th, 2009, 9:38 pm

Re: Maleware probelm, My HiJackThis log

Unread postby flashh4 » May 26th, 2009, 7:40 am

Hi reaperofelement, Please DO NOT defrag your computer until we are finished, we are almost done. I will be back soon with another fix.

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Maleware probelm, My HiJackThis log

Unread postby flashh4 » May 26th, 2009, 8:14 pm

Hi reaperofelement, we are almost done with the cleaning.

MCAFEE ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a "M"-sign.
* Right-click it -> chose "Exit."
* A popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
You successfully disabled the McAfee Guard.



NEXT


Run CFScript
Open Notepad and copy/paste the text in the box into the window:

Code: Select all
KILLALL::

DeQuarantine::
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\MediaRepair.exe.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\mplayerc.exe.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\uninst.exe.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\WECPUpdate.exe.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Windows Essentials Media Codec Pack.url.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\audxlib.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffavisynth.avsi.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffavisynth.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffdshow.ax.manifest.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffdshow.ax.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ffvdub.vdf.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_kernelDeint.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_liba52.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_libdts.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_libfaad2.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_libmad.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_realaac.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_samplerate.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_theora.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_tremor.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_unrar.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_vfw.dll.manifest.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_vfw.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_wmv9.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\ff_x264.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\FLT_ffdshow.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\libavcodec.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\libmpeg2_ff.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\libmplayer.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\msvcr71.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\openIE.js.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\TomsMoComp_ff.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\xvidcore.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\andreas_78er.matrix.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\andreas_doppelte_99er.matrix.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\andreas_einfache_99er.matrix.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Bulletproof's Heavy Compression Matrix.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Bulletproof's High Quality Matrix.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\CG-Animation Matrix.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_autogk_sharp.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_avc_hr.cfg.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v1.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3ehr.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3hr.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3lr.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3uhr_rev2.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3ulr_rev3.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\hvs-best-picture.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\hvs-better-picture.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\hvs-good-picture.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Low Bitrate Matrix.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\MPEG.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\pvcd.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix.cfg.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix2.cfg.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix_def.cfg.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Soulhunters V3.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Soulhunters V5.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Standard.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Ultimate Matrix.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Ultra Low Bitrate Matrix.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\custom matrices\Very Low Bitrate Matrix.xcm.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1026.bg.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1028.tc.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1029.cz.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1031.de.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1033.en.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1034.es.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1035.fi.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1036.fr.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1038.hu.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1040.it.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1041.ja.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1045.pl.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1046.br.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1049.ru.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1051.sk.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.1053.se.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\FFDShow\languages\ffdshow.2052.sc.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Gabset\FLVSplitter.ax.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Gabset\Mpeg2DecFilter.ax.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Gabset\VSFilter.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\avi.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\avs.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\avss.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\cue2xml.js.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\dsmux.exe.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\dxr.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\gdsmux.exe.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\license.txt.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mkunicode.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mkv2vfr.exe.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mkx.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mkzlib.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\mp4.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\ogm.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\splitter.ax.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\Haali\ts.dll.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\WavPack\license.txt.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\WavPack\WavPackDSDecoder.ax.vir
D:\Qoobox\Quarantine\D\Program Files\Essentials Codec Pack\WavPack\WavPackDSSplitter.ax.vir

Folder::
d:\program files\LimeWire
d:\documents and settings\Chris Jablonski\Application Data\LimeWire
d:\program files\Common Files\Symantec Shared
d:\documents and settings\All Users\Application Data\Symantec
d:\documents and settings\All Users\Application Data\avg8
D:\Program Files\LimeWire

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\uTorrent\\uTorrent.exe"=-




Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to disable your anti virus program please see this:
http://www.bleepingcomputer.com/forums/topic114351.html


After doing that close any open browsers.

Image


Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Post Next:
1. ComboFix log
2. DeQuarantine log
3. New HJT log

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware