Options

Can't change my background wallpaper (malware?)

Unknown
edited August 2009 in Spyware & Virus Removal
I can no change my wallpaper, I assume I have malware and have downloaded HIJACK this and attached the log here. Please help, thanks!

Comments

  • chiazchiaz
    edited August 2009
    Hello, and welcome.

    Can you please copy and paste your HijackThis log in your reply.

    Thanks.
  • jaltgelt
    edited August 2009
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:19:56 AM, on 8/16/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    C:\Program Files\Donar MP3 Recorder\Donar MP3 Recorder.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Citrix\ICA Client\pnagent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\mmc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brembo.com/US/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://hayes.hayes-lemmerz.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "C:\WINDOWS\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
    O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
    O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
    O4 - HKLM\..\Run: [MyWebSearch Plugin] "C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
    O4 - HKLM\..\Run: [My Web Search Bar] "C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe"
    O4 - HKLM\..\Run: [PATHPILOT] C:\Program Files\Donar MP3 Recorder\Donar MP3 Recorder.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe"
    O4 - Startup: Thumbs.db
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm172YYUS
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02ED726B-6517-4245-8E46-233E4B91CEE3} (Bo6bootstrap Control) - http://bi.hayes-lemmerz.com:8085/wi/distribution/install.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
    O16 - DPF: {9D887407-4690-45C0-9451-15CD63E615CA} (BOSIRichEditActiveX Control) - http://nvl-ti.na.hayes-lemmerz.com/tiweb65/downloads/BOSIActiveXMemoControl.cab
    O16 - DPF: {D636032F-E4DE-4851-AA0C-D5D6A66B8318} (BOSIActiveFormX Control) - http://nvl-ti.na.hayes-lemmerz.com/tiweb65/downloads/BOSIActiveXGrid.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.hayes-lemmerz.com
    O17 - HKLM\Software\..\Telephony: DomainName = na.hayes-lemmerz.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.hayes-lemmerz.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.hayes-lemmerz.com
    O20 - AppInit_DLLs: cru629.dat
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    --
    End of file - 9841 bytes
  • chiazchiaz
    edited August 2009
    Thanks for posting that.

    Are you familiar with this domain?
    na.hayes-lemmerz.com

    ========================================

    Please download Malwarebytes' Anti-Malware by clicking the link below:
    http://www.besttechie.net/tools/mbam-setup.exe

    Double Click mbam-setup.exe to install the application.

    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * You'll be required to post the contents of this log later.

    Please Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



    Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

    Go here ======> A guide and tutorial on using ComboFix <====== Go here

    Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should get a prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    (2) Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.


    Please include the MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system.


    Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.
  • jaltgelt
    edited August 2009
    I did the MBAm and it fixed the issue, do i still need to do the combofix, here is the MBAM log:

    Malwarebytes' Anti-Malware 1.40
    Database version: 2647
    Windows 5.1.2600 Service Pack 2
    8/18/2009 7:33:38 AM
    mbam-log-2009-08-18 (07-33-38).txt
    Scan type: Quick Scan
    Objects scanned: 103487
    Time elapsed: 10 minute(s), 30 second(s)
    Memory Processes Infected: 1
    Memory Modules Infected: 1
    Registry Keys Infected: 118
    Registry Values Infected: 7
    Registry Data Items Infected: 12
    Folders Infected: 25
    Files Infected: 106
    Memory Processes Infected:
    C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.
    Memory Modules Infected:
    C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWeb) -> Delete on reboot.
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{926a61c9-5c20-4583-aca7-ace21088816e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Adsl Software Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\AVR (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • chiazchiaz
    edited August 2009
    Yes, please continue with ComboFix and post the log as well. Sometimes infections may appear to be removed but remnants may actually remain.
  • jaltgelt
    edited August 2009
    Here is the combofix log:

    ComboFix 09-08-10.06 - jaltgelt 08/22/2009 11:00.1.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.584 [GMT -4:00]
    Running from: c:\documents and settings\jaltgelt\My Documents\My Music\PC ISSUES\ComboFix.exe
    AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\program files\AskSearch\bin\DefaultSearch.dll
    c:\recycler\S-1-5-21-1644491937-1935655697-682003330-1003
    c:\recycler\S-1-5-21-1644491937-1935655697-682003330-1003\desktop.ini
    c:\recycler\S-1-5-21-1644491937-1935655697-682003330-1003\INFO2
    c:\recycler\S-1-5-21-606747145-220523388-682003330-500
    .
    ((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
    .
    2009-08-18 11:21 . 2009-08-18 11:21
    d
    w- c:\documents and settings\jaltgelt\Application Data\Malwarebytes
    2009-08-18 11:20 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-18 11:20 . 2009-08-18 11:20
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-08-18 11:20 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-18 11:20 . 2009-08-18 11:21
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-16 11:19 . 2009-08-16 11:19
    d
    w- c:\program files\Trend Micro
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-22 14:49 . 2009-03-15 13:49
    d
    w- c:\documents and settings\jaltgelt\Application Data\BitTorrent
    2009-08-21 21:52 . 2009-07-22 21:58
    d
    w- c:\program files\Donar MP3 Recorder
    2009-08-21 10:24 . 2006-11-16 15:51 12 ----a-w- c:\windows\bthservsdp.dat
    2009-08-16 00:20 . 2008-09-03 17:41
    d
    w- c:\program files\Windows Live Safety Center
    2009-08-05 23:29 . 2009-03-15 13:48
    d
    w- c:\documents and settings\jaltgelt\Application Data\DNA
    2009-07-22 22:01 . 2007-07-10 12:06 23128 -c--a-w- c:\documents and settings\jaltgelt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-26 16:18 . 2006-03-03 22:33 659456 ----a-w- c:\windows\system32\wininet.dll
    2009-06-26 16:18 . 2004-08-04 05:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-03 19:27 . 2004-08-04 05:00 1290752 ----a-w- c:\windows\system32\quartz.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2005-02-22 1611488]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-07-17 111952]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-27 185896]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
    "SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2006-03-24 282624]
    "PATHPILOT"="c:\program files\Donar MP3 Recorder\Donar MP3 Recorder.exe" [2009-03-03 360960]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864]
    "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
    c:\documents and settings\jaltgelt\Start Menu\Programs\Startup\
    Thumbs.db [2008-1-7 7168]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    Program Neighborhood Agent.lnk - c:\program files\Citrix\ICA Client\pnagent.exe [2006-5-2 233744]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "disablecad"= 1 (0x1)
    "SynchronousMachineGroupPolicy"= 1 (0x1)
    "SynchronousUserGroupPolicy"= 1 (0x1)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @=&quot;Service"
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
    S2 MyWebSearchService;My Web Search Service;c:\progra~1\MYWEBS~1\bar\2.bin\mwssvc.exe --> c:\progra~1\MYWEBS~1\bar\2.bin\mwssvc.exe [?]
    S3 XLPINIT;XLPINIT;c:\windows\system32\drivers\xromlp.sys [12/6/2003 7:44 AM 69148]
    S3 XLPWRITER;XLPWRITER;c:\windows\system32\drivers\xromio.sys [1/28/2001 11:07 AM 170508]
    .
    Contents of the 'Scheduled Tasks' folder
    2009-08-21 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-09-01 20:04]
    2009-08-21 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-09-01 20:04]
    .
    - - - - ORPHANS REMOVED - - - -
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
    ShellExecuteHooks-{E1872FA4-6140-4868-B088-DD5407AE96AA} - (no file)

    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.brembo.com/US/
    uInternet Connection Wizard,ShellNext = hxxp://hayes.hayes-lemmerz.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:9090
    uInternet Settings,ProxyOverride = *.local
    IE: &Search
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
    DPF: {02ED726B-6517-4245-8E46-233E4B91CEE3} - hxxp://bi.hayes-lemmerz.com:8085/wi/distribution/install.cab
    DPF: {9D887407-4690-45C0-9451-15CD63E615CA} - hxxp://nvl-ti.na.hayes-lemmerz.com/tiweb65/downloads/BOSIActiveXMemoControl.cab
    DPF: {D636032F-E4DE-4851-AA0C-D5D6A66B8318} - hxxp://nvl-ti.na.hayes-lemmerz.com/tiweb65/downloads/BOSIActiveXGrid.cab
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-22 11:03
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    [HKEY_USERS\S-1-5-21-299502267-1958367476-682003330-42119\Software\Microsoft\Driver Signing]
    @Denied: (2) (Administrators)
    @Allowed: (2) (Administrators)
    @SACL=
    "Policy"=dword:00000000
    .
    Completion time: 2009-08-22 11:10
    ComboFix-quarantined-files.txt 2009-08-22 15:10
    Pre-Run: 59,134,275,584 bytes free
    Post-Run: 60,592,480,256 bytes free
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    142 --- E O F --- 2009-08-18 21:50
  • chiazchiaz
    edited August 2009
    I think our work is done here - your PC should be clean now.

    It's time to remove ComboFix.

    Go to to Start > Run
    Type in box

    combofix /u

    Note: the space between the X and the /u

    Press Enter.

    This command will:

    Delete the following:
    ComboFix and its associated files and folders.
    VundoFix backups, if present
    The C:\Deckard folder, if present
    The C:_OtMoveIt folder, if present

    Reset the clock settings.
    Hide file extensions, if required.
    Hide System/Hidden files, if required.
    Reset System Restore.


    Even if you have no more queries, I would appreciate if you can reply once more to this thread so that I will be able to have this archived. Thanks. :)
  • jaltgelt
    edited August 2009
    Thanks so much!!
  • chiazchiaz
    edited August 2009
    Glad we could be of assistance! This topic is now closed.

    If I have helped you, please consider making a personal donation (Paypal) to me at parasite[AT]parasitedb.com.
    To support Icrontic, click here:
    http://icrontic.com/support
    Donations are entirely voluntary in nature and will have no bearing on the future help that you may receive.

    If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

    If you are not the user who started this thread, you must start your own Thread instead :)
Sign In or Register to comment.