Hopefully it all looks good.
Other Reports In Post 80
Member
Hopefully it all looks good.
Other Reports In Post 80
Last edited by Pumpa; 11-29-2007 at 01:06 AM.
Super Moderator
Things are looking very promising.
Run ComboFix again; so, I can compare the log with the last one.
Run ISeeYouXP.bat
Attach the following logs:
ComboFix
ISeeYouXP
a-squared Team - www.emsisoft.com
"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Member
Well its time to pack for Europe and a well earned break.
I have Time for one more post.
Cheers
Super Moderator
Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).Close Notepad.REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{60E2746A-9C2E-45A2-85CE-7E1A8A890961}"=-
Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.
Now run Pocket Killbox:
Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..
Select:
- Delete on Reboot
- then Click on the All Files button.
- Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
H:\WINDOWS\0.log
H:\WINDOWS\relax.ini
H:\WINDOWS\s1650e~1.tmp
H:\WINDOWS\thumbs.db
H:\WINDOWS\system32\khqgujsh.ini
H:\WINDOWS\system32\mwpbtabb.ini
H:\WINDOWS\system32\paaivpcd.ini
H:\WINDOWS\system32\mcrh.tmp
H:\WINDOWS\system32\vuvpqxfv.dll
H:\WINDOWS\system32\xpgwmtys.dll- Return to Killbox, go to the File menu, and choose Paste from Clipboard.
- Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.
That should do it.
Open The ISeeYouXP Folder, locate HideIT.bat and double-click the batch file.
Delete the followng:
H:\!Killbox
H:\combofix.txt
H:\combof~1.txt
H:\DECKARD
H:\ISeeYouXP
H:\QOOBOX
H:\SDFIX
H:\vundofix.txt
H:\VUNDOFIX
FixReg.Reg
Empty the recycle bin
Run ATF Cleaner
Safe Surfing!
a-squared Team - www.emsisoft.com
"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Member
Thanks guys.
Did not receive PendingFileRenameOperations
Just one more thing..best all round program to have running in the background to make sure that it doesn't happen again?
Damian
Administrator
A GIANT THANK YOU to SPD!!!!!!
for jumping in here and Saving the Day when I hit my WALL of knowlege...or Wall of LACK of Knowledge!!!!!
Pumpa,
Take a look here for recommended steps to protect the computer
PROTECT YOURSELF FROM MALWARE: Tools & Tips
My personal top recommendation would be SpyWareBlaster for sure.
Have a great time in Europe!!! Wish I was going with you
Member
You all have a Merry Christmas
Thanks Heaps
Damian
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote