MS Anti Spyware 2009 with malware bytes log

H

Hdk20

New Member
Hello fellow CF members, yes I have ms spyware 2009 I got no virus protection either I got the logs below please help and thanks.


Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 5.1.2600 Service Pack 2

2/6/2009 8:02:57 PM
mbam-log-2009-02-06 (20-02-57).txt

Scan type: Quick Scan
Objects scanned: 46644
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 6
Files Infected: 12

Memory Processes Infected:
C:\WINDOWS\system32\6LN0dYGS.exe (Trojan.Obvod) -> Unloaded process successfully.
C:\WINDOWS\system32\6LN0dYGS.exe (Trojan.Obvod) -> Unloaded process successfully.
C:\WINDOWS\system32\6LN0dYGS.exe (Trojan.Obvod) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.MsAntispyware) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\msxml71.dll (Trojan.Siggen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ms antispyware 2009 5.7 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms antispyware 2009 (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Rogue.Installer) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Rogue.Installer) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.MsAntispyware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\6LN0dYGS.exe (Trojan.Obvod) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\6LN0dYGS.exe_ (Trojan.Obvod) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PHR1K3MN\l26[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z0A23DNO\216[1].jpg (Trojan.Obvod) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z0A23DNO\216[2].jpg (Trojan.Obvod) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ad13.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090206195754890.log (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\WINDOWS\kernel32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6LN0dYGS.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\perce.jpg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Here is the ComboFix Log
ComboFix 09-02-06.01 - Administrator 2009-02-06 20:11:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.734 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-01-28 09:11 . 2009-01-28 09:11 <DIR> d-------- c:\program files\Defraggler
2009-01-28 09:11 . 2009-01-28 09:11 <DIR> d-------- c:\program files\CCleaner
2009-01-27 20:14 . 2009-01-27 20:14 <DIR> d-------- c:\windows\system32\xircom
2009-01-27 20:14 . 2009-01-27 20:14 <DIR> d-------- c:\windows\system32\oobe
2009-01-27 20:14 . 2009-01-27 20:14 <DIR> d-------- c:\windows\srchasst
2009-01-27 20:14 . 2009-01-27 20:14 <DIR> d-------- c:\windows\msagent
2009-01-27 20:14 . 2009-01-27 20:14 <DIR> d-------- c:\program files\microsoft frontpage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 01:59 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-07 01:56 46,080 ----a-w c:\windows\system32\userinit.exe
2009-02-07 01:42 34 ----a-w c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2009-01-28 15:02 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-01-28 03:48 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2009-01-28 03:45 --------- d-----w c:\program files\SwiftKit
2009-01-28 03:44 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-14 22:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 22:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-03 03:06 --------- d-----w c:\program files\uTorrent
2008-12-24 16:46 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-12-24 16:46 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-12-24 16:46 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-12-24 16:42 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-24 16:42 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-12-24 16:25 --------- d-----w c:\program files\LimeWire
2008-12-19 23:50 --------- d-----w c:\documents and settings\All Users\Application Data\SwiftKit
2008-12-19 23:48 --------- d-----w c:\program files\SwiftSwitch
2008-12-19 02:51 --------- d-----w c:\documents and settings\All Users\Application Data\SwiftSwitch
2008-12-19 00:28 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 00:28 --------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-17 03:15 --------- d-----w c:\program files\ZhyperMU
2008-12-14 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-14 05:28 --------- d-----w c:\program files\Common Files\AOL
2008-12-14 05:19 --------- d-----w c:\program files\AIM Search
2008-12-14 05:19 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2008-12-14 05:19 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-12 23:32 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-12-12 16:42 --------- d-----w c:\program files\MSN Messenger
2008-12-12 13:21 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-12 13:21 --------- d-----w c:\program files\Java
2008-11-17 23:12 218,624 ----a-w c:\windows\system32\uxtheme.dll
.

------- Sigcheck -------

2006-12-18 14:04 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\system32\user32.dll

2006-12-18 14:04 664576 231ef4179acabe486376b5ca893f1076 c:\windows\system32\wininet.dll

2006-12-30 04:26 360576 504c18abfb3e6b0b8cacbe0ba3a5c63a c:\windows\system32\drivers\tcpip.sys

2006-12-18 14:04 2015232 2b6dceb39e160aa37b141e59c81b2427 c:\windows\system32\ntkrnlpa.exe

2006-12-18 14:04 2135552 34caba7b91dd6a9208a5a612f87d05a6 c:\windows\system32\ntoskrnl.exe

2004-08-04 05:00 949760 9be29c2873df44dd301ec57eee9a6440 c:\windows\explorer.exe
2004-08-04 05:00 1032192 a0732187050030ae399b241436565e64 c:\windows\XPize\Backup\explorer.exe

2004-08-04 05:00 30208 de8fa9cf18f95341079c7e6a215c226a c:\windows\system32\ctfmon.exe
2004-08-04 05:00 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\XPize\Backup\ctfmon.exe

2006-12-18 14:04 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\system32\spoolsv.exe

2009-02-06 19:56 46080 d9472a1bb9253a6ca97dc129aae5e405 c:\windows\system32\userinit.exe

2006-12-18 14:03 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\system32\kernel32.dll
.
((((((((((((((((((((((((((((( snapshot@2009-01-02_10.19.48.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-20 04:07:23 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2009-02-07 01:42:23 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-12-20 04:07:23 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2009-02-07 01:42:23 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
- 2000-08-31 14:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 14:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2004-08-04 11:00:00 24,576 ----a-w c:\windows\system32\init32.exe
- 2009-01-02 16:19:37 53,248 ----a-w c:\windows\Temp\catchme.dll
+ 2009-02-07 02:12:45 53,248 ----a-w c:\windows\Temp\catchme.dll
+ 2009-02-07 02:09:41 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-11-04 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-12-18 12451]
"nltide_3"="advpack.dll" [2004-08-04 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= sysaudio.sys

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=


NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
ShellHWDetection
helpsvc
wuauserv
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab701a55-b9aa-11dd-b48a-00a0d157e67c}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-07 c:\windows\Tasks\At1.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At10.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At11.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At12.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At13.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At14.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At15.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At16.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At17.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At18.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At19.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At2.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At20.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At21.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At22.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At23.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At24.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At25.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At26.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At27.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At28.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At29.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At3.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At30.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At31.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At32.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At33.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At34.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At35.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At36.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At37.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At38.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At39.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At4.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At40.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At41.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At42.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At43.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At44.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At45.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At46.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At47.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At48.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At5.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At6.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At7.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At8.job
- c:\windows\system32\6LN0dYGS.exe []

2009-02-07 c:\windows\Tasks\At9.job
- c:\windows\system32\6LN0dYGS.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windowsue.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m5rfk8va.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 20:12:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-06 20:13:56
ComboFix-quarantined-files.txt 2009-02-07 02:13:54
ComboFix2.txt 2009-01-02 16:20:19

Pre-Run: 82,360,164,352 bytes free
Post-Run: 82,350,059,520 bytes free

296
 
I hope you don't reformat everytime you get infected, thats a lot of wasted time. The infection you had is easy to clean.
 
Not only that, it was running extremly slow and everything cause my brother puts all this crap on it so I ain't letting him on anymore. But thanks next time I will come to you.
 
Thanks JOHNB

Well...thanks to google and the post about the perce.jpg.exe i've been able to get most of the system back in control. But still am getting pop ups as to security issues. I will post in the hackthis forum, but the malware post was great and has at least given me the opportunity to deal with it better. Thanks John!!!

sgtbluto
 
You must log in or register to reply here.
Back
Top