Computer Hope

Software => Computer viruses and spyware => Topic started by: tabbylove17 on December 07, 2008, 08:27:49 PM

Title: Logs for following malware removal steps
Post by: tabbylove17 on December 07, 2008, 08:27:49 PM

Please can someone look at my logs, not sure if I got rid of all virus. I've run through the malware removal steps and here are my logs for superanti spyware/malwarebytes anti-malware/HJT


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/07/2008 at 07:04 PM

Application Version : 4.21.1004

Core Rules Database Version : 3665
Trace Rules Database Version: 1645

Scan type       : Complete Scan
Total Scan Time : 00:39:02

Memory items scanned      : 313
Memory threats detected   : 0
Registry items scanned    : 5797
Registry threats detected : 7
File items scanned        : 22934
File threats detected     : 12

Adware.Tracking Cookie
   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][1].txt
   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][1].txt
   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][2].txt
   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@casalemedia[2].txt
   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@atdmt[2].txt
   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@doubleclick[2].txt
   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@adrevolver[1].txt
   C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@revsci[2].txt

Rogue.Component/Trace
   HKLM\Software\Microsoft\E04E9B0C
   HKLM\Software\Microsoft\E04E9B0C#e04e9b0c
   HKLM\Software\Microsoft\E04E9B0C#red_srv
   HKLM\Software\Microsoft\E04E9B0C#red_srv_bckp
   HKLM\Software\Microsoft\E04E9B0C#Version
   HKLM\Software\Microsoft\E04E9B0C#e04e368c
   HKLM\Software\Microsoft\E04E9B0C#e04e5f69

Rootkit.TDSServ/Fake
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1359\A0203487.SYS

Adware.Vundo Variant
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1414\A0213359.DLL

Adware.Vundo/Variant
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1415\A0215395.DLL

Trojan.Unknown Origin
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1418\A0217412.DLL




Malwarebytes' Anti-Malware 1.31
Database version: 1469
Windows 5.1.2600 Service Pack 2

12/7/2008 5:49:47 PM
mbam-log-2008-12-07 (17-49-47).txt

Scan type: Quick Scan
Objects scanned: 71051
Time elapsed: 25 minute(s), 11 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 3
Registry Keys Infected: 18
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 4
Files Infected: 34

Memory Processes Infected:
C:\Documents and Settings\Matt & Ariana\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Extra Antivir\Extra Antivir.exe (Rogue.Extraantivir) -> Unloaded process successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\ddcDspPj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vtUmLcCv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vgjvvb.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c45c649-d662-40ff-8f3b-cb9c1e13ae58} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3c45c649-d662-40ff-8f3b-cb9c1e13ae58} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtumlccv (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3632e35-300c-487e-b96f-22428439bb1d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e3632e35-300c-487e-b96f-22428439bb1d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f34dd418-b748-46eb-8305-baaeb7353cac} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f34dd418-b748-46eb-8305-baaeb7353cac} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cab59b4-55a3-4737-9fd5-b93c6430bf78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7cab59b4-55a3-4737-9fd5-b93c6430bf78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f34dd418-b748-46eb-8305-baaeb7353cac} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3c45c649-d662-40ff-8f3b-cb9c1e13ae58} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\extra antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiexec.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcdsppj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcdsppj  -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Extra Antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Application Data\Extra Antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\nnnnNDuU.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UuDNnnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UuDNnnnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUmLcCv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ddcDspPj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jPpsDcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jPpsDcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vgjvvb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gjeosdmu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifmtmlir.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Local Settings\Temporary Internet Files\Content.IE5\2KG3E0C7\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Local Settings\Temporary Internet Files\Content.IE5\M6NM0N4O\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Local Settings\Temporary Internet Files\Content.IE5\M6NM0N4O\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Extra Antivir\Buy.url (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Program Files\Extra Antivir\Extra Antivir.exe (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Program Files\Extra Antivir\Help.url (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Program Files\Extra Antivir\HowToBuy.txt (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Program Files\Extra Antivir\ID.dat (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Program Files\Extra Antivir\License.txt (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Program Files\Extra Antivir\Uninstall.exe (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Purchase License.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Start Extra Antivir.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Support Page.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Uninstall.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Application Data\Extra Antivir\Extra Antivir.ini (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Application Data\Extra Antivir\spl.ini (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Best BDSM P0rn.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Gay Fetish Sex.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv481228549733.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Start Menu\Programs\Startup\Extra Antivir.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:14 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Zzoechk] C:\WINDOWS\W?nSxS\w?wexec.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Matt & Ariana\Application Data\Twain\Twain.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163132585593
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.cashcall.com/LoanStatus/x86/capicom.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O20 - AppInit_DLLs: eofgmvmn.dll rseuuw.dll bnlevj.dll vgjvvb.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 6968 bytes

Title: Re: Logs for following malware removal steps
Post by: CBMatt on December 10, 2008, 09:51:18 PM

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.

For Windows XP Systems install the Recovery Console:

- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
- If for some reason your Internet is not working click No.
- If you are not using Windows XP, you will not be prompted.
- When prompted to accept the EULA click OK.
- Accept Microsoft's EULA (Click Yes).
- When you are told that the RC is installed correctly click YES to continue scanning for malware.

When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.