Results 1 to 10 of 24

Thread: computer infected with spyware

Hybrid View

  1. 04-23-2008, 11:46 PM #1
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079

    An apology....

    I am so sorry John, I made an error when I posted the CFScript for you. This is probably why the fix didn't work. Hope you come back to see this and try it again.
    Judy

    Do the following;
    * Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    File::
    C:\WINDOWS\cuawsppw
    C:\WINDOWS\ions.dll
    C:\Documents and Settings\All Users\Application Data\slypcfwl

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Scbu"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Qnx"=
    Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Please post the new ComboFix log in your next reply.
    Reply With Quote Reply With Quote
  2. 04-24-2008, 03:54 PM #2
    john
    john is offline Junior Member
    Join Date
    Apr 2008
    Posts
    11
    No problem im sure you looking at alot of these, mixup bound to happen. I hope i did wright this time


    ComboFix 08-04-18.3 - HP_Administrator 2008-04-24 15:52:22.11 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1428 [GMT -5:00]
    Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
    * Created a new restore point
    * Resident AV is active


    FILE ::
    C:\Documents and Settings\All Users\Application Data\slypcfwl
    C:\WINDOWS\cuawsppw
    C:\WINDOWS\ions.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\ions.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
    .

    2008-04-23 22:12 . 2007-12-02 11:33 114,688 --a------ C:\WINDOWS\Lavish.dll
    2008-04-21 12:22 . 2008-04-21 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
    2008-04-16 00:17 . 2008-04-16 00:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-16 00:17 . 2008-04-16 00:17 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
    2008-04-16 00:17 . 2008-04-16 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-15 01:49 . 2008-04-16 18:10 <DIR> d-------- C:\Program Files\EsetOnlineScanner
    2008-04-15 01:07 . 2008-04-15 01:07 1,160 --a------ C:\WINDOWS\mozver.dat
    2008-04-15 00:55 . 2008-04-23 17:17 <DIR> d-------- C:\Downloads
    2008-04-15 00:37 . 2008-04-15 00:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\HPQ
    2008-04-15 00:07 . 2008-04-16 06:29 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
    2008-04-15 00:00 . 2008-04-15 00:00 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-13 16:09 . 2008-04-13 16:09 <DIR> d-------- C:\Program Files\Enigma Software Group
    2008-04-13 11:40 . 2008-04-13 11:40 <DIR> d-------- C:\WINDOWS\cuawsppw
    2008-04-13 11:40 . 2008-04-13 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\slypcfwl
    2008-04-13 11:39 . 2008-04-13 11:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
    2008-03-28 18:53 . 2008-04-17 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2008-04-21 17:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-16 23:25 111,104 ----a-w C:\WINDOWS\system32\netdde.exe
    2008-04-16 23:25 111,104 ----a-w C:\WINDOWS\system32\dllcache\netdde.exe
    2008-04-16 23:20 --------- d-----w C:\Program Files\microsoft money 2006
    2008-03-28 23:54 --------- d-----w C:\Program Files\Lavasoft
    2008-03-28 23:53 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
    2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-14 19:20 --------- d-----w C:\Program Files\Rhapsody
    2008-03-14 19:20 --------- d-----w C:\Program Files\Real
    2008-03-01 23:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-02-16 09:32 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2008-02-16 09:32 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2008-02-16 09:32 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2008-02-16 09:32 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2008-02-16 09:32 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-02-11 14:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
    2008-02-11 14:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
    2008-02-08 18:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
    2008-02-05 13:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
    2007-11-07 01:46 4,946 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
    2005-03-18 23:40 1,348,242 ----a-w C:\Program Files\Apr2005_d3dx9_25_x64.cab
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-19_19.08.32.56 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-20 00:02:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-24 00:52:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-05-18 21:23 68856]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
    "AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [ ]
    "Scbu"="C:\PROGRA~1\CROSOF~1\logonui.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 23:00 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "Qnx"="C:\Program Files\Common Files\S?mantec\r?gedit.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 23:05 7557120]
    "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupda te.exe" [2006-01-11 13:05 212992]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent .exe" [2005-09-22 19:29 303104]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-31 09:33 180269]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-28 01:50 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 01:50 81920]

    C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
    iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2007-12-17 08:35:58 107520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
    backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
    path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
    backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
    path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
    backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
    --------- 2005-08-03 01:19 77312 C:\WINDOWS\arpwrmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --------- 2004-08-09 23:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
    --a------ 2003-05-21 18:37 229437 C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
    --a------ 2007-10-30 21:57 1095256 C:\Program Files\DISC\DISCover.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
    --a------ 2006-03-20 11:05 90112 c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
    --a------ 2006-10-30 16:27 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-09-29 23:01 67584 C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    --a------ 2003-10-23 19:51 233472 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2003-06-25 11:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
    --a------ 2006-02-16 00:34 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    --a------ 2003-09-01 06:42 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
    --a------ 2005-06-02 01:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    --a------ 2005-02-02 16:44 61440 C:\HP\KBD\KBD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    --a------ 2005-09-22 19:29 303104 c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    --a------ 2006-01-11 13:05 212992 C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
    --a------ 2005-08-24 19:25 101080 C:\Program Files\Microsoft Location Finder\LocationFinder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2006-02-13 23:05 7557120 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-02-13 23:05 1519616 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
    --a------ 2005-08-11 23:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a------ 2005-07-23 00:14 237568 C:\WINDOWS\SMINST\RECGUARD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    --a------ 2004-12-14 04:23 663552 C:\Windows\Creator\Remind_XP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2006-03-08 06:54 16010240 C:\WINDOWS\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-05-18 21:23 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-05-31 09:33 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Quick Access]
    --a------ 2006-09-14 11:15 225280 C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    --a------ 2008-01-30 14:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    --a------ 2005-08-10 13:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    --a------ 2005-07-08 19:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "C:\\WINDOWS\\system32\\java.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\DISC\\DISCover.exe"=
    "C:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=

    S0 antispywarebot;antispywarebot;C:\WINDOWS\system32\ DRIVERS\antispywarebot.sys []

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-18 0101 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    ************************************************** ************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-24 15:54:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    Completion time: 2008-04-24 15:55:53
    ComboFix-quarantined-files.txt 2008-04-24 20:54:56
    ComboFix2.txt 2008-04-24 02:34:02
    ComboFix3.txt 2008-04-24 02:24:16
    ComboFix4.txt 2008-04-23 22:40:35
    ComboFix5.txt 2008-04-20 00:08:51

    Pre-Run: 261,999,755,264 bytes free
    Post-Run: 261,986,488,320 bytes free

    244 --- E O F --- 2008-04-13 21:33:24
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules