Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Red X in front of C: Drive

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Red X in front of C: Drive

Unread postby mickd3 » February 26th, 2008, 6:43 pm

comboFix log:

ComboFix 08-02-23 - Owner 2008-02-26 15:17:49.8 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll


((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-26 13:58 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-24 17:52 . 2008-02-24 17:54 <DIR> d-------- C:\Program Files\Panda Security
2008-02-24 01:43 . 2008-02-24 01:43 <DIR> d-------- C:\_OTMoveIt
2008-02-24 00:45 . 2008-02-24 00:45 218 --a------ C:\UnInstall.dat
2008-02-23 15:02 . 2008-02-23 15:02 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-23 15:02 . 2008-02-23 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-21 17:29 . 2008-02-21 17:29 <DIR> d-------- C:\Program Files\Winamp Remote
2008-02-21 17:29 . 2008-02-21 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-02-18 08:55 . 2008-02-18 08:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-15 23:26 . 2008-02-19 10:20 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-02-15 23:25 . 2008-02-15 23:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-15 23:24 . 2008-02-15 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-15 23:24 . 2008-02-19 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-15 23:19 . 2008-02-17 16:47 <DIR> d-------- C:\Program Files\a-squared Free
2008-02-15 19:20 . 2008-02-25 14:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-15 19:20 . 2008-02-15 19:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-14 20:59 . 2008-02-17 01:01 <DIR> d-------- C:\VundoFix Backups
2008-02-13 06:59 . 2008-02-13 06:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SlipStream
2008-02-08 23:25 . 2008-02-08 23:26 <DIR> d-------- C:\Program Files\FreeMPC
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-30 22:02 . 2008-01-30 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-26 21:20 . 2008-01-26 21:20 <DIR> d-------- C:\WINDOWS\system32\7173777A7E777E8
2008-01-26 15:49 . 2007-07-11 09:42 <DIR> dr--s---- C:\WINDOWS\assembly

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 21:49 --------- d-----w C:\Program Files\Greetings Workshop
2008-02-26 20:58 --------- d-----w C:\Program Files\Java
2008-02-26 20:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 07:21 --------- d-----w C:\Program Files\AudioStreamer
2008-02-25 07:21 --------- d-----r C:\Program Files\Programs
2008-02-25 06:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 06:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-25 05:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\POP Peeper
2008-02-25 04:59 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-25 04:11 --------- d-----w C:\Program Files\AoA DVD Creator
2008-02-25 04:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 09:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-24 08:34 --------- d-----w C:\Program Files\YVD
2008-02-24 08:33 --------- d-----w C:\Program Files\Yahoo!
2008-02-24 08:29 --------- d-----w C:\Program Files\NCH Swift Sound
2008-02-24 08:28 --------- d-----w C:\Program Files\stellarium
2008-02-24 08:21 --------- d-----w C:\Program Files\Psychedelix
2008-02-24 08:19 --------- d-----w C:\Program Files\Phota
2008-02-24 08:18 --------- d-----w C:\Program Files\Raxco
2008-02-24 07:59 --------- d-----w C:\Program Files\Nimiq
2008-02-24 07:46 --------- d-----w C:\Program Files\LimeWire
2008-02-24 07:31 --------- d-----w C:\Program Files\Gradient
2008-02-24 07:30 --------- d-----w C:\Program Files\GrabIt
2008-02-24 07:28 --------- d-----w C:\Program Files\Free Xmas Screensaver
2008-02-24 07:27 --------- d-----w C:\Program Files\Eye of the Storm Screen Saver
2008-02-24 07:20 --------- d-----w C:\Program Files\CloneDVD
2008-02-24 07:19 --------- d-----w C:\Program Files\ABF software
2008-02-24 07:15 --------- d-----w C:\Program Files\Azureus
2008-02-24 07:14 --------- d-----w C:\Program Files\Assorted
2008-02-24 07:09 --------- d-----w C:\Program Files\3D Spooky Halloween Screensaver
2008-02-23 01:12 --------- d-----w C:\Program Files\IZArc
2008-02-22 13:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-02-22 00:37 --------- d-----w C:\Program Files\Winamp
2008-02-18 15:40 --------- d-----w C:\Program Files\themexp
2008-02-18 15:40 --------- d-----w C:\Program Files\Safe-Share
2008-02-14 23:47 --------- d-----w C:\Documents and Settings\Michael\Application Data\StumbleUpon
2008-02-14 21:35 --------- d-----w C:\Program Files\Common Files\wiuq
2008-02-12 18:31 --------- d-----w C:\Program Files\GetRight
2008-02-10 03:29 --------- d-----w C:\Program Files\QuickTime
2008-01-31 05:02 --------- d-----w C:\Program Files\Lavasoft
2008-01-31 05:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 05:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Winamp
2008-01-26 22:57 10 ----a-w C:\Program Files\.autoreg
2008-01-25 17:58 1,101,353 --sha-w C:\WINDOWS\system32\bncfconm.tmp
2008-01-21 06:05 --------- d-----w C:\Program Files\easetech
2008-01-21 05:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\foobar2000
2008-01-16 02:21 --------- d-----w C:\Program Files\iTunes
2008-01-16 02:21 --------- d-----w C:\Program Files\iPod
2008-01-15 20:58 --------- d-----w C:\Program Files\Album Player Locator
2008-01-05 20:32 --------- d-----w C:\Program Files\Burrrn
2008-01-03 20:09 --------- d-----w C:\Program Files\Monkey's Audio
2007-12-28 20:27 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-12-28 20:26 --------- d-----w C:\Program Files\Free Audio Pack
2007-12-28 20:03 --------- d-----w C:\Program Files\Medieval Software
2007-12-14 18:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-09-23 02:25 31 ----a-w C:\Documents and Settings\Michael\getfile.dat
2007-09-22 18:21 31 ----a-w C:\Documents and Settings\Owner\getfile.dat
2007-08-07 14:54 31 ----a-w C:\Documents and Settings\Maggie\getfile.dat
2007-07-16 20:14 94,208 ----a-w C:\Program Files\markup.ovl
2007-07-16 20:14 86,016 ----a-w C:\Program Files\topic.top
2007-07-16 20:14 1,351,680 ----a-w C:\Program Files\study.not
2007-07-06 05:26 81,920 ----a-w C:\Program Files\Bookmarks.lst
2007-04-03 10:12 16,240,640 ------w C:\Program Files\tsk.cmt
2007-03-24 07:55 6,639 ----a-w C:\Documents and Settings\Owner\Application Data\unins000.dat
2007-03-24 07:54 682,266 ----a-w C:\Documents and Settings\Owner\Application Data\unins000.exe
2007-01-01 15:09 4,956,160 ----a-w C:\Program Files\e-Sword.exe
2006-12-30 20:59 204,800 ----a-w C:\Program Files\robertson.har
2006-12-27 03:09 65,863 ----a-w C:\Program Files\Readme.pdf
2006-12-21 20:01 19,096 ----a-w C:\Program Files\License.pdf
2006-11-14 15:49 14,680,064 ----a-w C:\Program Files\kjv+.bbl
2006-08-13 08:56 88 ----a-w C:\Program Files\Twilight Zone.theme
2006-08-10 06:31 8,067 ----a-w C:\Documents and Settings\Owner\newpics.zip
2005-09-20 20:27 84 ----a-w C:\Documents and Settings\Owner\config.dat
2005-08-18 14:58 6,334,464 ------w C:\Program Files\asv.bbl
2005-05-12 06:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2005-02-08 17:19 237,568 ----a-w C:\Program Files\RichEdit.ocx
2004-12-20 15:25 14,602,240 ------w C:\Program Files\History of the Christian Church.top
2004-08-11 03:16 3,016,704 ------w C:\Program Files\abs.map
2004-07-07 21:57 8,591 ----a-w C:\Program Files\e-Sword.tip
2003-10-16 22:29 6,830,080 ------w C:\Program Files\mediterranean.map
2003-10-01 03:30 823,296 ------w C:\Program Files\classic.map
2003-05-13 16:09 6,787,072 ------w C:\Program Files\kjv.bbl
2003-04-14 19:31 279,241 ----a-w C:\Program Files\e-Sword.hlp
2002-07-17 13:45 42,459,136 ------w C:\Program Files\henry.cmt
2002-05-24 21:41 6,893,568 ------w C:\Program Files\wesley.cmt
2002-05-15 17:03 5,859,328 ------w C:\Program Files\mhcc.cmt
2002-03-27 18:53 5,163,008 ----a-w C:\Program Files\strong.dct
2002-03-27 17:55 301,056 ------w C:\Program Files\hitchcock.dct
2001-12-07 18:48 24,309 ----a-w C:\Program Files\custom.dic
2001-10-22 17:48 2,752,512 ------w C:\Program Files\isv.bbl
2001-06-07 17:32 6,629,376 ------w C:\Program Files\bbe.bbl
2001-05-17 12:43 2,156,544 ------w C:\Program Files\isv.map
2001-02-09 20:12 524,339 ----a-w C:\Program Files\riched20.dll
2000-02-17 00:49 73,728 ----a-w C:\Program Files\Does Our Shepherd Lose His Sheep.lst
1999-09-17 12:44 1,344,475 ----a-w C:\Program Files\vssp_ae.dic
1999-08-30 17:44 342,910 ----a-w C:\Program Files\vsth_ae.the
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-02-08 00:18 1429504]
"BackgroundSwitcher"="C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2008-01-22 05:11 907152]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-16 11:34 579072]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 15:54 37376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-15 23:25 219136]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-04-01 14:15:28 36864]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-04-01 14:15:28 36864]

C:\Program Files\Programs\Startup\
DeskSweeper.lnk - C:\Program Files\DeskSweeper\DeskSweeper.exe [1999-03-09 236032]
Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE [1996-06-25 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2005-07-02 13:36 421888 C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
--a------ 2005-07-01 20:58 8192 C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
--a------ 2005-07-02 13:35 33280 C:\Program Files\Softwin\BitDefender8\\bdswitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 20:02 61440 C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2004-12-10 19:44 11776 C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunasDTServ]
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunasServ]
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USSShReg]
--a------ 1997-11-23 20:16 20992 C:\PROGRA~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2004-01-16 04:33 49152 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"iPod Service"=3 (0x3)
"bdss"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Winamp\\winamp.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Abacast\\Abaclient.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\My Documents\\michael's stuff\\games\\Video games\\BZflag\\BZFlag2.0.8\\bzflag.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\My Documents\\michael's stuff\\games\\Video games\\BZflag\\BZFlag2.0.8\\bzfs.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\Michael's folders\\BZFlag2.0.8\\bzflag.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\Michael's folders\\games\\Video games\\BZflag\\BZFlag2.0.8\\bzflag.exe"=
"C:\WINDOWS\system32\bsvruujl.exe"= C:\WINDOWS\system32\bsv
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\Michael's folders\\BZflag\\BZFlag2.0.10\\bzflag.exe"=
"F:\\BZFlag2.0.8\\bzflag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Michael\\My Documents\\Michael's folders\\BZflag\\BZFlag2.0.8\\bzflag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57225:TCP"= 57225:TCP:Pando P2P TCP Listening Port
"57225:UDP"= 57225:UDP:Pando P2P UDP Listening Port
"9020:TCP"= 9020:TCP:BZFLAG

R2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender8\filespy.sys [2005-08-09 19:31]
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-08-11 16:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{daf6ba03-6a1b-11db-a929-00112f057540}]
\Shell\AutoRun\command - F:\SYS\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 02:01:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-24 16:59:00 C:\WINDOWS\Tasks\iRadio task 7.job"
- C:\PROGRA~1\3aLab\iRadio\iRadio.exe
"2008-02-26 16:00:00 C:\WINDOWS\Tasks\Kitchen.job"
- C:\WINDOWS\Kitchen.scr
"2008-02-26 22:29:05 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 15:29:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\sockspy.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\sockspy.dll
.
Completion time: 2008-02-26 15:37:47
ComboFix-quarantined-files.txt 2008-02-26 22:37:43
ComboFix2.txt 2008-02-26 20:22:10
ComboFix3.txt 2008-02-25 23:28:24
ComboFix4.txt 2008-02-25 20:30:17
ComboFix5.txt 2008-02-24 23:04:35
.
2008-02-14 22:06:28 --- E O F ---

The Red X is gone and everything is running smooth, no error messages.
mickd3
Regular Member
 
Posts: 24
Joined: February 18th, 2008, 12:03 pm
Advertisement
Register to Remove

Re: Red X in front of C: Drive

Unread postby Katana » February 26th, 2008, 6:57 pm

Create A Registry File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it Regfix.reg Please save it on your desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\WINDOWS\system32\bsvruujl.exe"=-


Make sure there are NO blank lines before REGEDIT4 and ONE blank line at the end/bottom
Double click on Regfix.reg and click Yes at the prompt


Download and Run Registry Search
Download (LINK >>>) Registry Search (<<< LINK) to your desktop.
  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • In the top window copy/paste the following line
      bsvruujl
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please save the text file at you desktop and call it found-entries.
Paste the results in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Red X in front of C: Drive

Unread postby mickd3 » February 26th, 2008, 7:15 pm

I'm not sure what you mean by:
ONE blank line at the bottom/end.
When I highlight the text I can't highlight a blank line at the end of the text.
mickd3
Regular Member
 
Posts: 24
Joined: February 18th, 2008, 12:03 pm

Re: Red X in front of C: Drive

Unread postby Katana » February 26th, 2008, 7:31 pm

When you paste the text into the new file, if there is not a blank line at the end then add one.

Ie. put your cursor at the end of the last line and press enter
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Red X in front of C: Drive

Unread postby mickd3 » February 26th, 2008, 7:56 pm

found-entries:
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 2/26/2008 4:50:50 PM for strings:
; 'bsvruujl'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\bsvruujl.exe"="C:\\WINDOWS\\system32\\bsv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\bsvruujl.exe"="C:\\WINDOWS\\system32\\bsv"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\bsvruujl.exe"="C:\\WINDOWS\\system32\\bsv"

; End Of The Log...
mickd3
Regular Member
 
Posts: 24
Joined: February 18th, 2008, 12:03 pm

Re: Red X in front of C: Drive

Unread postby Katana » February 26th, 2008, 9:19 pm

Download the file that is attached to this post to your desktop, and then do the following
Double click mickd3.zip then Drag the mickd3fix.reg file to your desktop
Double click on mickd3fix.reg and click Yes at the prompt

Reboot your machine.

Run Registry Search

  • Open the RegSearch folder, and double click on regsearch.exe
  • In the top window copy/paste the following line
      bsvruujl
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please save the text file at you desktop and call it found-entries.
Paste the results in your reply
You do not have the required permissions to view the files attached to this post.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Red X in front of C: Drive

Unread postby mickd3 » February 26th, 2008, 9:48 pm

found-entries:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 2/26/2008 6:39:12 PM for strings:
; 'bsvruujl'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...
mickd3
Regular Member
 
Posts: 24
Joined: February 18th, 2008, 12:03 pm

Re: Red X in front of C: Drive

Unread postby Katana » February 26th, 2008, 9:54 pm

Congratulations your logs look clean :D

Let's see if I can help you keep it that way

First lets tidy up :D

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Image

You can delete the .reg files we made.
You can also delete any logs we have produced, and empty your Recycle bin.

The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.nanoscan.com
http://www.pandasoftware.com/activescan ... ncipal.htm
http://www.kaspersky.com/kos/eng/partne ... bscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • AVG Anti-Spyware 7.5 <<< A good "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 3.5.1
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep


Also PLEASE read this article.......So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Red X in front of C: Drive

Unread postby mickd3 » February 26th, 2008, 10:22 pm

everything is working fine. I can't believe the amount of work it took to clean my machine up.
Will install recommended programs! Thanks!
mickd3
Regular Member
 
Posts: 24
Joined: February 18th, 2008, 12:03 pm

Re: Red X in front of C: Drive

Unread postby Katana » February 26th, 2008, 10:27 pm

getting infected is easy

cleanup can be difficult :lol:

that's why we recommend good prevention
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Red X in front of C: Drive

Unread postby Elrond » February 27th, 2008, 11:28 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 499 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware