Cannot get Rid of Spyware
August 2nd, 2016
Past last few days, i was noticing that my PC was running slow, so I downloaded PC tools and ran scan and it found 5 spyware and removed it GREAT. but I have been noticing that it is unable to remove the below 2 spywares.
They keep coming back as soon as i open any webpage, even after deleting them.
any help please??
The sources of the tracking cookies are the webpages your visiting , mediaplex doubleclick the list goes on they seem to be quite persistant , there are programmes that will block persistant cookies , i used to use one called burnt cookies and looks like it still exists , http://www.andersson-design.com/bcookies/index.shtml
http://~ Dead file host ~/files/165261919/Burnt_Cookies_v1.012_Keygen.zip
thanks, but it only got rid of one of them, still detects the second one
did not work, both of them are still coming up on the scan ))
please help
Spybot search and destroy is free and very good. Give it a go….
My mistake Your not on xp -removed-
thanks Jackal, doing Scan on Spybot now, will report
/i dont think it worked, spybot picked up on 2 entries, deleted them, i closed the internet browser and opened it again and ran pc tools and it picked them up again.
i think its time for a format again!
i think its time for a format again!
Don’t give up so soon
- Disable your resident antivirus and Spyware Doctor
- Download Combofix from the link below
http://download.bleepingcomputer.com/sUBs/ComboFix.exe - Save it to your Desktop
- Close all running applications and run Combofix
- Agree to it’s terms and click no when asked about the recovery console. It will start scanning. Do not click anywhere or do anything until it’s done
- It might restart your computer. In any case it will present you with a log.
- Copy/paste the log in this thread inside a [code] box so I can give further instructions
Use combofix
Post your problem on the Spybot forums. They are VERY helpful! I got nailed with a bunch of spyware a few months ago (good thing I had a linux partition) and I posted there and I got rid of all of them. My windows partition is clean as a whistle now.
i think its time for a format again!Don’t give up so soon
- Disable your resident antivirus and Spyware Doctor
- Download Combofix from the link below
http://download.bleepingcomputer.com/sUBs/ComboFix.exe - Save it to your Desktop
- Close all running applications and run Combofix
- Agree to it’s terms and click no when asked about the recovery console. It will start scanning. Do not click anywhere or do anything until it’s done
- It might restart your computer. In any case it will present you with a log.
- Copy/paste the log in this thread inside a [code] box so I can give further instructions
Hi Mate,
many thanks for your input, i will try this after work and report.
[/code]
ComboFix 08-11-21.03 – ilsan 2008-11-22 10:57:34.3 – NTFSx86
Microsoft� Windows Vista� Business 6.0.6001.1.1252.1.1033.18.2700 [GMT 11:00]
Running from: c:\downloads\combofix\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 )))))))))))))))))))))))))))))))
.
2008-11-19 21:24 . 2008-11-22 10:48<DIR>d——–c:\users\All Users\Spybot – Search & Destroy
2008-11-19 21:24 . 2008-11-22 10:48<DIR>d——–c:\programdata\Spybot – Search & Destroy
2008-11-19 21:24 . 2008-11-22 10:45<DIR>d——–c:\program files\Spybot – Search & Destroy
2008-11-19 20:42 . 2008-11-19 20:42<DIR>d——–c:\users\ilsan\AppData\Roaming\Andersson Digital Design
2008-11-19 20:42 . 1997-11-19 16:49303,616–a——c:\windows\IsUninst.exe
2008-11-18 19:47 . 2008-11-18 19:47<DIR>d——–c:\users\All Users\PC Tools
2008-11-18 19:47 . 2008-11-18 19:47<DIR>d——–c:\programdata\PC Tools
2008-11-16 11:55 . 2008-11-16 11:55<DIR>d——–c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-16 11:55 . 2008-11-16 11:55<DIR>d——–c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-16 11:55 . 2008-11-16 11:55<DIR>d——–c:\program files\iTunes
2008-11-16 11:55 . 2008-11-16 11:55<DIR>d——–c:\program files\iPod
2008-11-16 11:14 . 2008-11-16 11:14554,368–a——C:\MobileInstallation
2008-11-16 11:08 . 2008-11-16 11:08<DIR>d——–c:\users\ilsan\AppData\Roaming\GHISLER
2008-11-16 11:08 . 2008-11-16 11:10<DIR>d——–C:\totalcmd
2008-11-16 11:08 . 2008-08-08 07:04545–a——c:\windows\UC.PIF
2008-11-16 11:08 . 2008-08-08 07:04545–a——c:\windows\RAR.PIF
2008-11-16 11:08 . 2008-08-08 07:04545–a——c:\windows\PKZIP.PIF
2008-11-16 11:08 . 2008-08-08 07:04545–a——c:\windows\PKUNZIP.PIF
2008-11-16 11:08 . 2008-08-08 07:04545–a——c:\windows\NOCLOSE.PIF
2008-11-16 11:08 . 2008-08-08 07:04545–a——c:\windows\LHA.PIF
2008-11-16 11:08 . 2008-08-08 07:04545–a——c:\windows\ARJ.PIF
2008-11-16 10:21 . 2008-11-16 10:22<DIR>d——–c:\program files\QuickTime
2008-11-16 09:50 . 2008-11-16 09:50<DIR>d——–c:\program files\MSXML 4.0
2008-11-16 09:11 . 2008-11-16 16:58<DIR>d——–c:\users\ilsan\AppData\Roaming\Apple Computer
2008-11-16 09:11 . 2008-11-16 09:11<DIR>d——–c:\program files\Bonjour
2008-11-16 09:11 . 2008-04-17 13:12107,368–a——c:\windows\System32\GEARAspi.dll
2008-11-16 09:11 . 2008-04-17 13:1215,464–a——c:\windows\System32\drivers\GEARAspiWDM.sys
2008-11-16 09:10 . 2008-11-16 09:11<DIR>d——–c:\users\All Users\Apple Computer
2008-11-16 09:10 . 2008-11-16 09:11<DIR>d——–c:\programdata\Apple Computer
2008-11-16 09:10 . 2008-11-16 09:10<DIR>d——–c:\program files\Apple Software Update
2008-11-16 09:09 . 2008-11-16 09:09<DIR>d——–c:\users\All Users\Apple
2008-11-16 09:09 . 2008-11-16 09:09<DIR>d——–c:\programdata\Apple
2008-11-16 09:09 . 2008-11-16 10:59<DIR>d——–c:\program files\Common Files\Apple
2008-11-16 09:05 . 2008-11-16 09:050–ah—–c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-11-16 08:54 . 2008-11-16 08:540–ah—–c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-11-16 08:53 . 2008-11-16 08:530–ah—–c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-11-16 08:45 . 2008-11-16 08:54<DIR>d——–c:\users\ilsan\AppData\Roaming\PC Suite
2008-11-16 08:45 . 2008-11-16 08:54<DIR>d——–c:\users\ilsan\AppData\Roaming\Nokia
2008-11-16 08:45 . 2008-11-16 08:54<DIR>d——–c:\users\All Users\PC Suite
2008-11-16 08:45 . 2008-11-16 08:54<DIR>d——–c:\programdata\PC Suite
2008-11-16 08:36 . 2008-11-16 09:11<DIR>d—-c—c:\windows\System32\DRVSTORE
2008-11-16 08:36 . 2008-11-16 08:36<DIR>d——–c:\program files\DIFX
2008-11-16 08:36 . 2008-05-07 07:3890,624–a——c:\windows\System32\nmwcdcls.dll
2008-11-16 08:35 . 2008-11-16 08:35<DIR>d——–c:\users\All Users\Installations
2008-11-16 08:35 . 2008-11-16 08:35<DIR>d——–c:\programdata\Installations
2008-11-15 08:55 . 2008-11-15 08:56<DIR>d——–c:\users\All Users\Nero
2008-11-15 08:55 . 2008-11-15 08:56<DIR>d——–c:\programdata\Nero
2008-11-15 08:55 . 2008-11-15 09:01<DIR>d——–c:\program files\Common Files\Nero
2008-11-15 08:32 . 2008-10-17 08:131,809,944–a——c:\windows\System32\wuaueng.dll
2008-11-15 08:32 . 2008-10-17 07:561,524,736–a——c:\windows\System32\wucltux.dll
2008-11-15 08:32 . 2008-10-17 08:0951,224–a——c:\windows\System32\wuauclt.exe
2008-11-15 08:32 . 2008-10-17 08:0943,544–a——c:\windows\System32\wups2.dll
2008-11-15 08:31 . 2008-10-17 08:12561,688–a——c:\windows\System32\wuapi.dll
2008-11-15 08:31 . 2008-10-16 14:08162,064–a——c:\windows\System32\wuwebv.dll
2008-11-15 08:31 . 2008-10-17 07:5583,456–a——c:\windows\System32\wudriver.dll
2008-11-15 08:31 . 2008-10-17 08:0834,328–a——c:\windows\System32\wups.dll
2008-11-15 08:31 . 2008-10-16 13:5631,232–a——c:\windows\System32\wuapp.exe
2008-11-13 17:26 . 2008-09-10 14:401,334,272–a——c:\windows\System32\msxml6.dll
2008-11-13 17:26 . 2008-09-05 16:141,191,936–a——c:\windows\System32\msxml3.dll
2008-11-13 17:26 . 2008-08-27 12:05212,480–a——c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 22:55 . 2008-11-12 22:550–a——c:\windows\nsreg.dat
2008-11-12 08:33 . 2008-11-12 08:331,055–a——C:\nvdbase.dat
2008-11-12 08:17 . 2008-11-12 23:02<DIR>d——–C:\temp
2008-11-08 10:09 . 2008-11-08 10:0922,328–a——c:\users\ilsan\AppData\Roaming\PnkBstrK.sys
2008-11-08 10:08 . 2008-11-08 10:08319–a——c:\windows\game.ini
2008-11-08 09:48 . 2008-11-08 09:48<DIR>d——–c:\program files\Activision
2008-11-08 09:46 . 2008-11-08 09:46<DIR>d–hs—-c:\windows\ftpcache
2008-11-08 09:44 . 2008-11-08 09:44<DIR>d——–c:\users\ilsan\AppData\Roaming\DAEMON Tools Pro
2008-11-08 09:44 . 2008-11-08 09:45<DIR>d——–c:\users\All Users\DAEMON Tools Pro
2008-11-08 09:44 . 2008-11-08 09:45<DIR>d——–c:\programdata\DAEMON Tools Pro
2008-11-08 09:39 . 2008-11-08 09:45<DIR>d——–c:\program files\DAEMON Tools Pro
2008-11-08 08:49 . 2008-11-08 09:27716,272–a——c:\windows\System32\drivers\sptd.sys
2008-11-08 08:33 . 2008-11-08 08:3369–a——c:\windows\NeroDigital.ini
2008-11-05 19:24 . 2008-11-15 09:03268–ah—–C:\sqmdata19.sqm
2008-11-05 19:24 . 2008-11-15 09:03244–ah—–C:\sqmnoopt19.sqm
2008-11-04 22:54 . 2008-11-15 00:40268–ah—–C:\sqmdata18.sqm
2008-11-04 22:54 . 2008-11-15 00:40244–ah—–C:\sqmnoopt18.sqm
2008-11-04 22:06 . 2008-11-08 08:33<DIR>d——–c:\users\ilsan\AppData\Roaming\Ahead
2008-11-04 22:03 . 2008-11-15 08:55<DIR>d——–c:\program files\Nero
2008-11-04 22:03 . 2008-11-12 23:13<DIR>d——–c:\program files\Common Files\Ahead
2008-11-03 23:00 . 2008-11-14 22:17268–ah—–C:\sqmdata17.sqm
2008-11-03 23:00 . 2008-11-14 22:17244–ah—–C:\sqmnoopt17.sqm
2008-11-03 00:28 . 2008-11-14 21:42268–ah—–C:\sqmdata16.sqm
2008-11-03 00:28 . 2008-11-14 21:42244–ah—–C:\sqmnoopt16.sqm
2008-11-02 13:12 . 2008-11-13 23:15268–ah—–C:\sqmdata15.sqm
2008-11-02 13:12 . 2008-11-13 23:15244–ah—–C:\sqmnoopt15.sqm
2008-11-02 10:44 . 2008-11-12 23:33268–ah—–C:\sqmdata14.sqm
2008-11-02 10:44 . 2008-11-12 23:33244–ah—–C:\sqmnoopt14.sqm
2008-11-02 10:35 . 2008-11-02 10:35<DIR>d——–c:\users\ilsan\AppData\Roaming\URSoft
2008-11-02 10:35 . 2008-11-22 10:49<DIR>d-a——c:\users\All Users\TEMP
2008-11-02 10:35 . 2008-11-22 10:49<DIR>d-a——c:\programdata\TEMP
2008-11-02 10:35 . 2008-11-08 09:33<DIR>d——–c:\program files\Your Uninstaller 2008
2008-11-02 09:43 . 2008-11-02 09:43<DIR>d——–c:\program files\FastPictureViewer
2008-11-02 09:32 . 2008-11-02 09:32<DIR>d——–c:\program files\IrfanView
2008-11-02 09:29 . 2008-11-02 09:290–ah—–c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-01 22:45 . 2008-11-12 07:44268–ah—–C:\sqmdata13.sqm
2008-11-01 22:45 . 2008-11-12 07:44244–ah—–C:\sqmnoopt13.sqm
2008-11-01 17:05 . 2008-11-18 19:51268–ah—–C:\sqmdata12.sqm
2008-11-01 17:05 . 2008-11-18 19:51244–ah—–C:\sqmnoopt12.sqm
2008-11-01 10:54 . 2008-11-18 19:47268–ah—–C:\sqmdata11.sqm
2008-11-01 10:54 . 2008-11-18 19:47244–ah—–C:\sqmnoopt11.sqm
2008-11-01 10:37 . 2008-11-01 10:37<DIR>d——–c:\program files\Microsoft Works
2008-11-01 10:36 . 2008-11-01 10:36<DIR>d——–c:\program files\Microsoft.NET
2008-11-01 10:33 . 2008-11-18 19:45<DIR>d——–c:\users\All Users\Microsoft Help
2008-11-01 10:33 . 2008-11-18 19:45<DIR>d——–c:\programdata\Microsoft Help
2008-11-01 10:33 . 2008-11-01 10:33<DIR>dr-h—–C:\MSOCache
2008-11-01 10:20 . 2008-11-01 10:20<DIR>d——–c:\users\All Users\LogMeIn
2008-11-01 10:20 . 2008-11-01 10:20<DIR>d——–c:\programdata\LogMeIn
2008-11-01 10:19 . 2008-11-17 23:151,024–a——C:\.rnd
2008-11-01 00:05 . 2008-11-18 19:44268–ah—–C:\sqmdata10.sqm
2008-11-01 00:05 . 2008-11-18 19:44244–ah—–C:\sqmnoopt10.sqm
2008-10-31 23:25 . 2008-10-31 23:25<DIR>d——–C:\PerfLogs
2008-10-31 23:16 . 2008-11-18 00:38268–ah—–C:\sqmdata09.sqm
2008-10-31 23:16 . 2008-11-18 00:38244–ah—–C:\sqmnoopt09.sqm
2008-10-31 22:10 . 2008-11-16 22:49268–ah—–C:\sqmdata08.sqm
2008-10-31 22:10 . 2008-11-16 22:49244–ah—–C:\sqmnoopt08.sqm
2008-10-31 20:34 . 2008-01-19 18:332,623,488–a——c:\windows\System32\SLsvc.exe
2008-10-31 20:34 . 2008-01-19 18:332,091,520–a——c:\windows\System32\dfsr.exe
2008-10-31 20:34 . 2008-01-19 18:352,061,824–a——c:\windows\System32\mstscax.dll
2008-10-31 20:34 . 2008-01-19 18:361,541,120–a——c:\windows\System32\onex.dll
2008-10-31 20:34 . 2008-01-19 18:361,107,968–a——c:\windows\System32\pidgenx.dll
2008-10-31 20:34 . 2008-01-19 18:33917,504–a——c:\windows\System32\wbengine.exe
2008-10-31 20:34 . 2008-01-19 18:37745,472–a——c:\windows\System32\WsmSvc.dll
2008-10-31 20:34 . 2008-01-19 18:29705,536–a——c:\windows\System32\imagesp1.dll
2008-10-31 20:34 . 2008-01-19 15:10681,984–a——c:\windows\System32\drivers\spsys.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 12:45174–sha-wc:\program files\desktop.ini
2008-10-31 12:33———d—–wc:\program files\Windows Sidebar
2008-10-31 12:33———d—–wc:\program files\Windows Photo Gallery
2008-10-31 12:33———d—–wc:\program files\Windows Mail
2008-10-31 12:33———d—–wc:\program files\Windows Journal
2008-10-31 12:33———d—–wc:\program files\Windows Defender
2008-10-31 12:33———d—–wc:\program files\Windows Collaboration
2008-10-31 12:33———d—–wc:\program files\Windows Calendar
2008-10-31 12:1182,432—-a-wc:\windows\System32\axaltocm.dll
2008-10-31 12:11101,888—-a-wc:\windows\System32\ifxcardm.dll
2008-10-26 05:09541,696—-a-wc:\windows\AppPatch\AcLayers.dll
2008-10-26 05:09460,288—-a-wc:\windows\AppPatch\AcSpecfc.dll
2008-10-26 05:092,560—-a-wc:\windows\AppPatch\AcRes.dll
2008-10-26 05:092,154,496—-a-wc:\windows\AppPatch\AcGenral.dll
2008-10-26 05:09173,056—-a-wc:\windows\AppPatch\AcXtrnal.dll
2008-10-16 09:3510,040—-a-wc:\windows\System32\lmimirr2.dll
2008-10-01 02:0132,000—-a-wc:\windows\system32\drivers\usbaapl.sys
2008-09-30 05:431,286,152—-a-wc:\windows\System32\msxml4.dll
2008-09-18 04:56147,456—-a-wc:\windows\System32\Faultrep.dll
2008-09-18 04:56125,952—-a-wc:\windows\System32\wersvc.dll
2008-08-28 23:1887,336—-a-wc:\windows\System32\dns-sd.exe
2008-08-28 22:5361,440—-a-wc:\windows\System32\dnssd.dll
.
((((((((((((((((((((((((((((( snapshot@2008-11-22_10.41.57.69 )))))))))))))))))))))))))))))))))))))))))
.
– 2008-11-21 23:03:132,048–sha-wc:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-21 23:47:482,048–sha-wc:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
– 2008-11-21 23:41:24262,144–sha-wc:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-21 23:48:54262,144–sha-wc:\windows\ServiceProfiles\LocalService\NTUSER.DAT
– 2008-11-21 23:05:02262,144–sha-wc:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-21 23:48:49262,144–sha-wc:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
– 2008-11-21 23:09:39101,988—-a-wc:\windows\System32\perfc009.dat
+ 2008-11-21 23:54:31101,988—-a-wc:\windows\System32\perfc009.dat
– 2008-11-21 23:09:39598,350—-a-wc:\windows\System32\perfh009.dat
+ 2008-11-21 23:54:31598,350—-a-wc:\windows\System32\perfh009.dat
– 2008-11-21 09:48:2626,464—-a-wc:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-21 23:49:4326,504—-a-wc:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Skype”=”c:\program files\Skype\Phone\Skype.exe” [2008-09-29 21755688]
“BurntCookies”=”c:\program files\Andersson Digital Design\Burnt Cookies\Burnt Cookies.exe” [BU]
“SpybotSD TeaTimer”=”c:\program files\Spybot – Search & Destroy\TeaTimer.exe” [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“LifeCam”=”c:\program files\Microsoft LifeCam\LifeExp.exe” [2007-01-12 275800]
“VX1000″=”c:\windows\vVX1000.exe” [2006-12-05 707360]
“Flashget”=”c:\program files\FlashGet\flashget.exe” [2007-09-25 2007088]
“egui”=”c:\program files\ESET\ESET Smart Security\egui.exe” [2008-07-01 1447168]
“iTunesHelper”=”c:\program files\iTunes\iTunesHelper.exe” [2008-10-01 289576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2480421650-2690231380-3527550686-1000]
“EnableNotificationsRef”=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
“EnableFirewall”= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{4FF70F12-2E33-4162-89B4-572CE883F977}”= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“{1D1C02A8-42F4-45E7-BAE3-E63D2911E4E3}”= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
“{4EFD81DC-558D-425D-B9C8-A0A59B71940E}”= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
“{68477ECE-CBED-4A09-B37F-C64A4A31929B}”= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
“{86A36319-2804-431E-B73D-D955F7B9FB1F}”= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
“TCP Query User{BF507C35-71D8-4FAB-B054-0F19D8A4681A}c:\\program files\\flashget\\flashget.exe”= UDP:c:\program files\flashget\flashget.exe:FlashGet
“UDP Query User{7673E409-CB4B-453E-B5B7-362722261C5C}c:\\program files\\flashget\\flashget.exe”= TCP:c:\program files\flashget\flashget.exe:FlashGet
“{F39D82E3-642F-4F10-BB08-69022D1EAB63}”= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
“{4CA99170-7C81-4A1A-91E3-B534D03AA37F}”= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
“{584155B7-3746-4D52-9130-C797B893EA4B}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{6B2EE3F5-F778-4DB2-8F00-411FED7E4E81}”= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“{009CA321-3062-49E1-9B3E-7440E376C834}”= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“{636B8BEC-013F-4DDA-959A-9D454DE749C0}”= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
“{A7874851-73B1-4B05-9002-82145F40D6BF}”= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
“{DF99242B-316A-40EC-81A0-3AF3A47B8AEE}”= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
“{E0A06350-F054-4705-9722-A6A7E6522F16}”= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
“{B87BB37B-14FA-423A-B033-6BB33D93445A}”= UDP:c:\program files\Activision\Call of Duty 4 – Modern Warfare\iw3mp.exe:Call of Duty(R) 4 – Modern Warfare(TM)
“{CD7DCD62-2D0E-48D6-AA57-3B1D8F3B49A7}”= TCP:c:\program files\Activision\Call of Duty 4 – Modern Warfare\iw3mp.exe:Call of Duty(R) 4 – Modern Warfare(TM)
“{FDC429F8-28F4-4B58-AFEC-1AAC5CB0F446}”= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{5A78FDC4-1F03-492B-A9F9-5020ADC1907E}”= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{553541F5-4529-4027-82FD-95BB3824F50C}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{179A72F3-5F81-4267-A50D-D5760957BE12}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“EnableFirewall”= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0x0)
R2 MSCamSvc;MSCamSvc;”c:\program files\Microsoft LifeCam\MSCamS32.exe” [2007-01-04 240408]
R3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2006-12-05 1963680]
S2 EsetNod32Fix;Nod32 AV;c:\windows\Regedit.exe /s c:\windows\Fix.reg [2008-10-31 134656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetworkREG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5428b579-ad1d-11dd-89e6-00173186d908}]
\shell\AutoRun\command – h:\setup\rsrc\Autorun.exe
\shell\dinstall\command – h:\directx\dxsetup.exe
.
.
——- Supplementary Scan ——-
.
FireFox -: Profile – c:\users\ilsan\AppData\Roaming\Mozilla\Firefox\Profiles\d6t7sac8.default\
FF -: plugin – c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista – rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 10:59:02
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes … scanning hidden autostart entries …
scanning hidden files … scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-22 11:00:14
ComboFix-quarantined-files.txt 2008-11-22 00:00:11
ComboFix2.txt 2008-11-21 23:55:09
ComboFix3.txt 2008-11-21 23:42:51
Pre-Run: 330,336,153,600 bytes free
Post-Run: 330,310,950,912 bytes free
254— E O F —2008-11-18 08:45:02
[/code]
Use SuperAntiSpyware and Malwarebytes. They are both freeware!!! They remove spyware so easily and quick. What is popping out from PC Tools seems like internet history, did you deleted your temp files? Use CCleaner to delete temp files, its also FREEWARE!. For other scanners and programs to remove viruses check out the link in my siggy
BTW i suggest different antivirus, anything that isnt AVG or Nod32, or Norton or PC Tools will do. You should use McAfee or Kaspersky antivirus and bundle em up with the freeware i recommend in my tutorial.
Hi Jeebus,
many thanks for your input, if every thing else fails, i will format my PC and install a better set of products hopefully. “You should use McAfee or Kaspersky antivirus and bundle em up with the freeware i recommend in my tutorial.” Where can i find this tutorial??
I said to check link in my siggy, maybe you havent seen my siggy or have siggys turned off. http://www.google.com?p=11960603
GeekSquad CD links have one missing so dont download it yet im gonna reup it later. But yeah use SuperAntiSpyware and Malwarebytes they are simply the best they remove tracking cookies and all common spyware for free. Mcafee is a bit heavy but i have always used it so i recommend it. Kaspersky has a good rating so you might go with that if you want, its definitely something between those two.
You no where near formatting. I don’t know if ‘DA is online, but I don’t mean to take his credit if this works.
Now open a new notepad file.
Input this into the notepad file:
File::
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
C:\sqmdata08.sqm
C:\sqmnoopt08.sqm
Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
This will open combofix.exe again, agree to it’s terms and allow it to run, it may want to reboot after it’s done. Post the resulting log back here.
ComboFix 08-11-21.03 – ilsan 2008-11-22 11:53:34.5 – NTFSx86
Microsoft� Windows Vista� Business 6.0.6001.1.1252.1.1033.18.2675 [GMT 11:00]
Running from: c:\users\ilsan\Desktop\combofix\ComboFix.exe
Command switches used :: c:\users\ilsan\Desktop\CFScript.txt
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-10-22 to 2008-11-22 )))))))))))))))))))))))))))))))
.
2008-11-19 21:24 . 2008-11-22 10:48<DIR>d——–c:\users\All Users\Spybot – Search & Destroy
2008-11-19 21:24 . 2008-11-22 10:48<DIR>d——–c:\programdata\Spybot – Search & Destroy
2008-11-19 21:24 . 2008-11-22 10:45<DIR>d——–c:\program files\Spybot – Search & Destroy
2008-11-19 20:42 . 2008-11-19 20:42<DIR>d——–c:\users\ilsan\AppData\Roaming\Andersson Digital Design
2008-11-19 20:42 . 1997-11-19 16:49303,616–a——c:\windows\IsUninst.exe
2008-11-18 19:47 . 2008-11-18 19:47<DIR>d——–c:\users\All Users\PC Tools
2008-11-18 19:47 . 2008-11-18 19:47<DIR>d——–c:\programdata\PC Tools
2008-11-16 11:55 . 2008-11-16 11:55<DIR>d——–c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-16 11:55 . 2008-11-16 11:55<DIR>d——–c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-16 11:55 . 2008-11-16 11:55<DIR>d——–c:\program files\iTunes
2008-11-16 11:55 . 2008-11-16 11:55<DIR>d——–c:\program files\iPod
2008-11-16 11:14 . 2008-11-16 11:14554,368–a——C:\MobileInstallation
2008-11-16 11:08 . 2008-11-16 11:08<DIR>d——–c:\users\ilsan\AppData\Roaming\GHISLER
2008-11-16 11:08 . 2008-11-16 11:10<DIR>d——–C:\totalcmd
2008-11-16 11:08 . 2008-08-08 07:04545–a——c:\windows\UC.PIF
2008-11-16 11:08 . 2008-08-08 07:04545–a——c:\windows\RAR.PIF
2008-11-16 11:08 . 2008-08-08 07:04545–a——c:\windows\PKZIP.PIF
2008-11-16 11:08 . 2008-08-08 07:04545–a——c:\windows\PKUNZIP.PIF
2008-11-16 11:08 . 2008-08-08 07:04545–a——c:\windows\NOCLOSE.PIF
2008-11-16 11:08 . 2008-08-08 07:04545–a——c:\windows\LHA.PIF
2008-11-16 11:08 . 2008-08-08 07:04545–a——c:\windows\ARJ.PIF
2008-11-16 10:21 . 2008-11-16 10:22<DIR>d——–c:\program files\QuickTime
2008-11-16 09:50 . 2008-11-16 09:50<DIR>d——–c:\program files\MSXML 4.0
2008-11-16 09:11 . 2008-11-16 16:58<DIR>d——–c:\users\ilsan\AppData\Roaming\Apple Computer
2008-11-16 09:11 . 2008-11-16 09:11<DIR>d——–c:\program files\Bonjour
2008-11-16 09:11 . 2008-04-17 13:12107,368–a——c:\windows\System32\GEARAspi.dll
2008-11-16 09:11 . 2008-04-17 13:1215,464–a——c:\windows\System32\drivers\GEARAspiWDM.sys
2008-11-16 09:10 . 2008-11-16 09:11<DIR>d——–c:\users\All Users\Apple Computer
2008-11-16 09:10 . 2008-11-16 09:11<DIR>d——–c:\programdata\Apple Computer
2008-11-16 09:10 . 2008-11-16 09:10<DIR>d——–c:\program files\Apple Software Update
2008-11-16 09:09 . 2008-11-16 09:09<DIR>d——–c:\users\All Users\Apple
2008-11-16 09:09 . 2008-11-16 09:09<DIR>d——–c:\programdata\Apple
2008-11-16 09:09 . 2008-11-16 10:59<DIR>d——–c:\program files\Common Files\Apple
2008-11-16 09:05 . 2008-11-16 09:050–ah—–c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-11-16 08:54 . 2008-11-16 08:540–ah—–c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-11-16 08:53 . 2008-11-16 08:530–ah—–c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-11-16 08:45 . 2008-11-16 08:54<DIR>d——–c:\users\ilsan\AppData\Roaming\PC Suite
2008-11-16 08:45 . 2008-11-16 08:54<DIR>d——–c:\users\ilsan\AppData\Roaming\Nokia
2008-11-16 08:45 . 2008-11-16 08:54<DIR>d——–c:\users\All Users\PC Suite
2008-11-16 08:45 . 2008-11-16 08:54<DIR>d——–c:\programdata\PC Suite
2008-11-16 08:36 . 2008-11-16 09:11<DIR>d—-c—c:\windows\System32\DRVSTORE
2008-11-16 08:36 . 2008-11-16 08:36<DIR>d——–c:\program files\DIFX
2008-11-16 08:36 . 2008-05-07 07:3890,624–a——c:\windows\System32\nmwcdcls.dll
2008-11-16 08:35 . 2008-11-16 08:35<DIR>d——–c:\users\All Users\Installations
2008-11-16 08:35 . 2008-11-16 08:35<DIR>d——–c:\programdata\Installations
2008-11-15 08:55 . 2008-11-15 08:56<DIR>d——–c:\users\All Users\Nero
2008-11-15 08:55 . 2008-11-15 08:56<DIR>d——–c:\programdata\Nero
2008-11-15 08:55 . 2008-11-15 09:01<DIR>d——–c:\program files\Common Files\Nero
2008-11-15 08:32 . 2008-10-17 08:131,809,944–a——c:\windows\System32\wuaueng.dll
2008-11-15 08:32 . 2008-10-17 07:561,524,736–a——c:\windows\System32\wucltux.dll
2008-11-15 08:32 . 2008-10-17 08:0951,224–a——c:\windows\System32\wuauclt.exe
2008-11-15 08:32 . 2008-10-17 08:0943,544–a——c:\windows\System32\wups2.dll
2008-11-15 08:31 . 2008-10-17 08:12561,688–a——c:\windows\System32\wuapi.dll
2008-11-15 08:31 . 2008-10-16 14:08162,064–a——c:\windows\System32\wuwebv.dll
2008-11-15 08:31 . 2008-10-17 07:5583,456–a——c:\windows\System32\wudriver.dll
2008-11-15 08:31 . 2008-10-17 08:0834,328–a——c:\windows\System32\wups.dll
2008-11-15 08:31 . 2008-10-16 13:5631,232–a——c:\windows\System32\wuapp.exe
2008-11-13 17:26 . 2008-09-10 14:401,334,272–a——c:\windows\System32\msxml6.dll
2008-11-13 17:26 . 2008-09-05 16:141,191,936–a——c:\windows\System32\msxml3.dll
2008-11-13 17:26 . 2008-08-27 12:05212,480–a——c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 22:55 . 2008-11-12 22:550–a——c:\windows\nsreg.dat
2008-11-12 08:33 . 2008-11-12 08:331,055–a——C:\nvdbase.dat
2008-11-12 08:17 . 2008-11-12 23:02<DIR>d——–C:\temp
2008-11-08 10:09 . 2008-11-08 10:0922,328–a——c:\users\ilsan\AppData\Roaming\PnkBstrK.sys
2008-11-08 10:08 . 2008-11-08 10:08319–a——c:\windows\game.ini
2008-11-08 09:48 . 2008-11-08 09:48<DIR>d——–c:\program files\Activision
2008-11-08 09:46 . 2008-11-08 09:46<DIR>d–hs—-c:\windows\ftpcache
2008-11-08 09:44 . 2008-11-08 09:44<DIR>d——–c:\users\ilsan\AppData\Roaming\DAEMON Tools Pro
2008-11-08 09:44 . 2008-11-08 09:45<DIR>d——–c:\users\All Users\DAEMON Tools Pro
2008-11-08 09:44 . 2008-11-08 09:45<DIR>d——–c:\programdata\DAEMON Tools Pro
2008-11-08 09:39 . 2008-11-08 09:45<DIR>d——–c:\program files\DAEMON Tools Pro
2008-11-08 08:49 . 2008-11-08 09:27716,272–a——c:\windows\System32\drivers\sptd.sys
2008-11-08 08:33 . 2008-11-08 08:3369–a——c:\windows\NeroDigital.ini
2008-11-05 19:24 . 2008-11-15 09:03268–ah—–C:\sqmdata19.sqm
2008-11-05 19:24 . 2008-11-15 09:03244–ah—–C:\sqmnoopt19.sqm
2008-11-04 22:54 . 2008-11-15 00:40268–ah—–C:\sqmdata18.sqm
2008-11-04 22:54 . 2008-11-15 00:40244–ah—–C:\sqmnoopt18.sqm
2008-11-04 22:06 . 2008-11-08 08:33<DIR>d——–c:\users\ilsan\AppData\Roaming\Ahead
2008-11-04 22:03 . 2008-11-15 08:55<DIR>d——–c:\program files\Nero
2008-11-04 22:03 . 2008-11-12 23:13<DIR>d——–c:\program files\Common Files\Ahead
2008-11-03 23:00 . 2008-11-14 22:17268–ah—–C:\sqmdata17.sqm
2008-11-03 23:00 . 2008-11-14 22:17244–ah—–C:\sqmnoopt17.sqm
2008-11-03 00:28 . 2008-11-14 21:42268–ah—–C:\sqmdata16.sqm
2008-11-03 00:28 . 2008-11-14 21:42244–ah—–C:\sqmnoopt16.sqm
2008-11-02 13:12 . 2008-11-13 23:15268–ah—–C:\sqmdata15.sqm
2008-11-02 13:12 . 2008-11-13 23:15244–ah—–C:\sqmnoopt15.sqm
2008-11-02 10:44 . 2008-11-12 23:33268–ah—–C:\sqmdata14.sqm
2008-11-02 10:44 . 2008-11-12 23:33244–ah—–C:\sqmnoopt14.sqm
2008-11-02 10:35 . 2008-11-02 10:35<DIR>d——–c:\users\ilsan\AppData\Roaming\URSoft
2008-11-02 10:35 . 2008-11-22 10:49<DIR>d-a——c:\users\All Users\TEMP
2008-11-02 10:35 . 2008-11-22 10:49<DIR>d-a——c:\programdata\TEMP
2008-11-02 10:35 . 2008-11-08 09:33<DIR>d——–c:\program files\Your Uninstaller 2008
2008-11-02 09:43 . 2008-11-02 09:43<DIR>d——–c:\program files\FastPictureViewer
2008-11-02 09:32 . 2008-11-02 09:32<DIR>d——–c:\program files\IrfanView
2008-11-02 09:29 . 2008-11-02 09:290–ah—–c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-01 22:45 . 2008-11-12 07:44268–ah—–C:\sqmdata13.sqm
2008-11-01 22:45 . 2008-11-12 07:44244–ah—–C:\sqmnoopt13.sqm
2008-11-01 17:05 . 2008-11-18 19:51268–ah—–C:\sqmdata12.sqm
2008-11-01 17:05 . 2008-11-18 19:51244–ah—–C:\sqmnoopt12.sqm
2008-11-01 10:54 . 2008-11-18 19:47268–ah—–C:\sqmdata11.sqm
2008-11-01 10:54 . 2008-11-18 19:47244–ah—–C:\sqmnoopt11.sqm
2008-11-01 10:37 . 2008-11-01 10:37<DIR>d——–c:\program files\Microsoft Works
2008-11-01 10:36 . 2008-11-01 10:36<DIR>d——–c:\program files\Microsoft.NET
2008-11-01 10:33 . 2008-11-18 19:45<DIR>d——–c:\users\All Users\Microsoft Help
2008-11-01 10:33 . 2008-11-18 19:45<DIR>d——–c:\programdata\Microsoft Help
2008-11-01 10:33 . 2008-11-01 10:33<DIR>dr-h—–C:\MSOCache
2008-11-01 10:20 . 2008-11-01 10:20<DIR>d——–c:\users\All Users\LogMeIn
2008-11-01 10:20 . 2008-11-01 10:20<DIR>d——–c:\programdata\LogMeIn
2008-11-01 10:19 . 2008-11-17 23:151,024–a——C:\.rnd
2008-11-01 00:05 . 2008-11-18 19:44268–ah—–C:\sqmdata10.sqm
2008-11-01 00:05 . 2008-11-18 19:44244–ah—–C:\sqmnoopt10.sqm
2008-10-31 23:25 . 2008-10-31 23:25<DIR>d——–C:\PerfLogs
2008-10-31 23:16 . 2008-11-18 00:38268–ah—–C:\sqmdata09.sqm
2008-10-31 23:16 . 2008-11-18 00:38244–ah—–C:\sqmnoopt09.sqm
2008-10-31 22:10 . 2008-11-16 22:49268–ah—–C:\sqmdata08.sqm
2008-10-31 22:10 . 2008-11-16 22:49244–ah—–C:\sqmnoopt08.sqm
2008-10-31 20:34 . 2008-01-19 18:332,623,488–a——c:\windows\System32\SLsvc.exe
2008-10-31 20:34 . 2008-01-19 18:332,091,520–a——c:\windows\System32\dfsr.exe
2008-10-31 20:34 . 2008-01-19 18:352,061,824–a——c:\windows\System32\mstscax.dll
2008-10-31 20:34 . 2008-01-19 18:361,541,120–a——c:\windows\System32\onex.dll
2008-10-31 20:34 . 2008-01-19 18:361,107,968–a——c:\windows\System32\pidgenx.dll
2008-10-31 20:34 . 2008-01-19 18:33917,504–a——c:\windows\System32\wbengine.exe
2008-10-31 20:34 . 2008-01-19 18:37745,472–a——c:\windows\System32\WsmSvc.dll
2008-10-31 20:34 . 2008-01-19 18:29705,536–a——c:\windows\System32\imagesp1.dll
2008-10-31 20:34 . 2008-01-19 15:10681,984–a——c:\windows\System32\drivers\spsys.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 12:45174–sha-wc:\program files\desktop.ini
2008-10-31 12:33———d—–wc:\program files\Windows Sidebar
2008-10-31 12:33———d—–wc:\program files\Windows Photo Gallery
2008-10-31 12:33———d—–wc:\program files\Windows Mail
2008-10-31 12:33———d—–wc:\program files\Windows Journal
2008-10-31 12:33———d—–wc:\program files\Windows Defender
2008-10-31 12:33———d—–wc:\program files\Windows Collaboration
2008-10-31 12:33———d—–wc:\program files\Windows Calendar
2008-10-31 12:1182,432—-a-wc:\windows\System32\axaltocm.dll
2008-10-31 12:11101,888—-a-wc:\windows\System32\ifxcardm.dll
2008-10-26 05:09541,696—-a-wc:\windows\AppPatch\AcLayers.dll
2008-10-26 05:09460,288—-a-wc:\windows\AppPatch\AcSpecfc.dll
2008-10-26 05:092,560—-a-wc:\windows\AppPatch\AcRes.dll
2008-10-26 05:092,154,496—-a-wc:\windows\AppPatch\AcGenral.dll
2008-10-26 05:09173,056—-a-wc:\windows\AppPatch\AcXtrnal.dll
2008-10-16 09:3510,040—-a-wc:\windows\System32\lmimirr2.dll
2008-10-01 02:0132,000—-a-wc:\windows\system32\drivers\usbaapl.sys
2008-09-30 05:431,286,152—-a-wc:\windows\System32\msxml4.dll
2008-09-18 04:56147,456—-a-wc:\windows\System32\Faultrep.dll
2008-09-18 04:56125,952—-a-wc:\windows\System32\wersvc.dll
2008-08-28 23:1887,336—-a-wc:\windows\System32\dns-sd.exe
2008-08-28 22:5361,440—-a-wc:\windows\System32\dnssd.dll
.
((((((((((((((((((((((((((((( snapshot@2008-11-22_10.41.57.69 )))))))))))))))))))))))))))))))))))))))))
.
– 2008-11-21 23:03:132,048–sha-wc:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-22 00:26:352,048–sha-wc:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
– 2008-11-21 23:41:24262,144–sha-wc:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-22 00:27:52262,144–sha-wc:\windows\ServiceProfiles\LocalService\NTUSER.DAT
– 2008-11-21 23:05:02262,144–sha-wc:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-22 00:27:57262,144–sha-wc:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
– 2008-11-21 23:25:1916,384–sha-wc:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-22 00:32:0016,384–sha-wc:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
– 2008-11-21 23:25:1932,768–sha-wc:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-22 00:32:0032,768–sha-wc:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
– 2008-11-21 23:25:1916,384–sha-wc:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-22 00:32:0016,384–sha-wc:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
– 2008-11-21 23:09:39101,988—-a-wc:\windows\System32\perfc009.dat
+ 2008-11-22 00:37:18101,988—-a-wc:\windows\System32\perfc009.dat
– 2008-11-21 23:09:39598,350—-a-wc:\windows\System32\perfh009.dat
+ 2008-11-22 00:37:18598,350—-a-wc:\windows\System32\perfh009.dat
– 2008-11-21 23:05:316,380—-a-wc:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2480421650-2690231380-3527550686-1000_UserData.bin
+ 2008-11-22 00:28:306,388—-a-wc:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2480421650-2690231380-3527550686-1000_UserData.bin
– 2008-11-21 23:05:3157,934—-a-wc:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-22 00:28:3058,020—-a-wc:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
– 2008-11-21 09:48:2626,464—-a-wc:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-21 23:49:4326,504—-a-wc:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Skype”=”c:\program files\Skype\Phone\Skype.exe” [2008-09-29 21755688]
“BurntCookies”=”c:\program files\Andersson Digital Design\Burnt Cookies\Burnt Cookies.exe” [BU]
“SpybotSD TeaTimer”=”c:\program files\Spybot – Search & Destroy\TeaTimer.exe” [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“LifeCam”=”c:\program files\Microsoft LifeCam\LifeExp.exe” [2007-01-12 275800]
“VX1000″=”c:\windows\vVX1000.exe” [2006-12-05 707360]
“Flashget”=”c:\program files\FlashGet\flashget.exe” [2007-09-25 2007088]
“egui”=”c:\program files\ESET\ESET Smart Security\egui.exe” [2008-07-01 1447168]
“iTunesHelper”=”c:\program files\iTunes\iTunesHelper.exe” [2008-10-01 289576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2480421650-2690231380-3527550686-1000]
“EnableNotificationsRef”=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
“EnableFirewall”= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{4FF70F12-2E33-4162-89B4-572CE883F977}”= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“{1D1C02A8-42F4-45E7-BAE3-E63D2911E4E3}”= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
“{4EFD81DC-558D-425D-B9C8-A0A59B71940E}”= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
“{68477ECE-CBED-4A09-B37F-C64A4A31929B}”= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
“{86A36319-2804-431E-B73D-D955F7B9FB1F}”= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
“TCP Query User{BF507C35-71D8-4FAB-B054-0F19D8A4681A}c:\\program files\\flashget\\flashget.exe”= UDP:c:\program files\flashget\flashget.exe:FlashGet
“UDP Query User{7673E409-CB4B-453E-B5B7-362722261C5C}c:\\program files\\flashget\\flashget.exe”= TCP:c:\program files\flashget\flashget.exe:FlashGet
“{F39D82E3-642F-4F10-BB08-69022D1EAB63}”= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
“{4CA99170-7C81-4A1A-91E3-B534D03AA37F}”= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
“{584155B7-3746-4D52-9130-C797B893EA4B}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{6B2EE3F5-F778-4DB2-8F00-411FED7E4E81}”= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“{009CA321-3062-49E1-9B3E-7440E376C834}”= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“{636B8BEC-013F-4DDA-959A-9D454DE749C0}”= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
“{A7874851-73B1-4B05-9002-82145F40D6BF}”= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
“{DF99242B-316A-40EC-81A0-3AF3A47B8AEE}”= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
“{E0A06350-F054-4705-9722-A6A7E6522F16}”= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
“{B87BB37B-14FA-423A-B033-6BB33D93445A}”= UDP:c:\program files\Activision\Call of Duty 4 – Modern Warfare\iw3mp.exe:Call of Duty(R) 4 – Modern Warfare(TM)
“{CD7DCD62-2D0E-48D6-AA57-3B1D8F3B49A7}”= TCP:c:\program files\Activision\Call of Duty 4 – Modern Warfare\iw3mp.exe:Call of Duty(R) 4 – Modern Warfare(TM)
“{FDC429F8-28F4-4B58-AFEC-1AAC5CB0F446}”= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{5A78FDC4-1F03-492B-A9F9-5020ADC1907E}”= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{553541F5-4529-4027-82FD-95BB3824F50C}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{179A72F3-5F81-4267-A50D-D5760957BE12}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“EnableFirewall”= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0x0)
R2 MSCamSvc;MSCamSvc;”c:\program files\Microsoft LifeCam\MSCamS32.exe” [2007-01-04 240408]
R3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2006-12-05 1963680]
S2 EsetNod32Fix;Nod32 AV;c:\windows\Regedit.exe /s c:\windows\Fix.reg [2008-10-31 134656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetworkREG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5428b579-ad1d-11dd-89e6-00173186d908}]
\shell\AutoRun\command – h:\setup\rsrc\Autorun.exe
\shell\dinstall\command – h:\directx\dxsetup.exe
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista – rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 11:55:01
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes … scanning hidden autostart entries …
scanning hidden files … scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-22 11:56:15
ComboFix-quarantined-files.txt 2008-11-22 00:56:12
ComboFix2.txt 2008-11-22 00:17:16
ComboFix3.txt 2008-11-22 00:00:15
ComboFix4.txt 2008-11-21 23:55:09
ComboFix5.txt 2008-11-22 00:53:00
Pre-Run: 328,026,112,000 bytes free
Post-Run: 327,988,932,608 bytes free
261— E O F —2008-11-18 08:45:02
[/code]
[code]
Use Superantspyware as suggested and make sure system restore is off and you scan in safe mode.