Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Logs for following malware removal steps  (Read 4167 times)

0 Members and 1 Guest are viewing this topic.

tabbylove17

    Topic Starter


    Rookie

    Logs for following malware removal steps
    « on: December 07, 2008, 08:27:49 PM »
    Please can someone look at my logs, not sure if I got rid of all virus. I've run through the malware removal steps and here are my logs for superanti spyware/malwarebytes anti-malware/HJT


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/07/2008 at 07:04 PM

    Application Version : 4.21.1004

    Core Rules Database Version : 3665
    Trace Rules Database Version: 1645

    Scan type       : Complete Scan
    Total Scan Time : 00:39:02

    Memory items scanned      : 313
    Memory threats detected   : 0
    Registry items scanned    : 5797
    Registry threats detected : 7
    File items scanned        : 22934
    File threats detected     : 12

    Adware.Tracking Cookie
       C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][1].txt
       C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][1].txt
       C:\Documents and Settings\Matt & Ariana\Cookies\matt_&[email protected][2].txt
       C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@casalemedia[2].txt
       C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@atdmt[2].txt
       C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@doubleclick[2].txt
       C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@adrevolver[1].txt
       C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@revsci[2].txt

    Rogue.Component/Trace
       HKLM\Software\Microsoft\E04E9B0C
       HKLM\Software\Microsoft\E04E9B0C#e04e9b0c
       HKLM\Software\Microsoft\E04E9B0C#red_srv
       HKLM\Software\Microsoft\E04E9B0C#red_srv_bckp
       HKLM\Software\Microsoft\E04E9B0C#Version
       HKLM\Software\Microsoft\E04E9B0C#e04e368c
       HKLM\Software\Microsoft\E04E9B0C#e04e5f69

    Rootkit.TDSServ/Fake
       C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1359\A0203487.SYS

    Adware.Vundo Variant
       C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1414\A0213359.DLL

    Adware.Vundo/Variant
       C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1415\A0215395.DLL

    Trojan.Unknown Origin
       C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1418\A0217412.DLL




    Malwarebytes' Anti-Malware 1.31
    Database version: 1469
    Windows 5.1.2600 Service Pack 2

    12/7/2008 5:49:47 PM
    mbam-log-2008-12-07 (17-49-47).txt

    Scan type: Quick Scan
    Objects scanned: 71051
    Time elapsed: 25 minute(s), 11 second(s)

    Memory Processes Infected: 3
    Memory Modules Infected: 3
    Registry Keys Infected: 18
    Registry Values Infected: 3
    Registry Data Items Infected: 3
    Folders Infected: 4
    Files Infected: 34

    Memory Processes Infected:
    C:\Documents and Settings\Matt & Ariana\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Unloaded process successfully.
    C:\Program Files\Extra Antivir\Extra Antivir.exe (Rogue.Extraantivir) -> Unloaded process successfully.
    C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Unloaded process successfully.

    Memory Modules Infected:
    C:\WINDOWS\system32\ddcDspPj.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\vtUmLcCv.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\vgjvvb.dll (Trojan.Vundo) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c45c649-d662-40ff-8f3b-cb9c1e13ae58} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3c45c649-d662-40ff-8f3b-cb9c1e13ae58} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtumlccv (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3632e35-300c-487e-b96f-22428439bb1d} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{e3632e35-300c-487e-b96f-22428439bb1d} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f34dd418-b748-46eb-8305-baaeb7353cac} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f34dd418-b748-46eb-8305-baaeb7353cac} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cab59b4-55a3-4737-9fd5-b93c6430bf78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7cab59b4-55a3-4737-9fd5-b93c6430bf78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f34dd418-b748-46eb-8305-baaeb7353cac} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3c45c649-d662-40ff-8f3b-cb9c1e13ae58} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\extra antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiexec.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcdsppj -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcdsppj  -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files\Extra Antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Matt & Ariana\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Matt & Ariana\Application Data\Extra Antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\nnnnNDuU.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\UuDNnnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\UuDNnnnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vtUmLcCv.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\ddcDspPj.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\jPpsDcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jPpsDcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vgjvvb.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\gjeosdmu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Matt & Ariana\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ifmtmlir.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Matt & Ariana\Local Settings\Temporary Internet Files\Content.IE5\2KG3E0C7\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Matt & Ariana\Local Settings\Temporary Internet Files\Content.IE5\M6NM0N4O\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Matt & Ariana\Local Settings\Temporary Internet Files\Content.IE5\M6NM0N4O\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\Extra Antivir\Buy.url (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Program Files\Extra Antivir\Extra Antivir.exe (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Program Files\Extra Antivir\Help.url (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Program Files\Extra Antivir\HowToBuy.txt (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Program Files\Extra Antivir\ID.dat (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Program Files\Extra Antivir\License.txt (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Program Files\Extra Antivir\Uninstall.exe (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Purchase License.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Start Extra Antivir.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Support Page.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Uninstall.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Matt & Ariana\Application Data\Extra Antivir\Extra Antivir.ini (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Matt & Ariana\Application Data\Extra Antivir\spl.ini (Rogue.Extraantivir) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Desktop\Best BDSM P0rn.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Desktop\Gay Fetish Sex.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wpv481228549733.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Matt & Ariana\Start Menu\Programs\Startup\Extra Antivir.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:24:14 PM, on 12/7/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [Zzoechk] C:\WINDOWS\W?nSxS\w?wexec.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Matt & Ariana\Application Data\Twain\Twain.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163132585593
    O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.cashcall.com/LoanStatus/x86/capicom.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O20 - AppInit_DLLs: eofgmvmn.dll rseuuw.dll bnlevj.dll vgjvvb.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

    --
    End of file - 6968 bytes


    CBMatt

    • Mod & Malware Specialist


    • Prodigy

    • Sad and lonely...and loving every minute of it.
    • Thanked: 167
      • Yes
    • Experience: Experienced
    • OS: Windows 7
    Re: Logs for following malware removal steps
    « Reply #1 on: December 10, 2008, 09:51:18 PM »
    Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

    Link #1
    Link #2

    **Note:  It is important that it is saved directly to your Desktop

    Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

    Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
     
    Double click combofix.exe & follow the prompts.

    For Windows XP Systems install the Recovery Console:

    - If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
    - If for some reason your Internet is not working click No.
    - If you are not using Windows XP, you will not be prompted.
    - When prompted to accept the EULA click OK.
    - Accept Microsoft's EULA (Click Yes).
    - When you are told that the RC is installed correctly click YES to continue scanning for malware.

    When finished ComboFix will produce a log for you.
    Post the ComboFix log and a new HijackThis log in your next reply.

    Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

    Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
    Quote
    An undefined problem has an infinite number of solutions.
    —Robert A. Humphrey