NOAH! combofix is froze up

this is sassy14udd they have my account locked up.
I am running combo fix with the kill all cmd u gave me when I was having the same truble
it has come up with a entry that says
the process has tried to run to a nonexistent pipe
then it froze for about a good 10 mins it was on #31 had just completed 30a as the last one, now its completed 32 n stillllll verrrrry slow can still see cursor flashing but it is irregualr
have i ******* up again....



also have new exe running.....pcbi32.exe n i cant find it it will kill thru task manager but starts at reboot

 

combo fix has been running almost a half hr

1:38 the process has tried to write to a nonexistent pipe
after it completed stage 32


still no entry after that is 1:40 cusor still erradict
1:50 completed stage_34
1:52 just noticed wireless is disconnected... no internet connection ...didnt know if tht was normal

ok its 10 after 2 im shuttin it down

 

lol
can you tell i didnt reformat?
I am sorry will stop posting

 

ComboFix clearly states that it may easily double in the time it takes to run on a heavily infected computer. I don't know if your's is since you didn't post any logs first. ComboFix is a very powerful tool and like many tools available today, is not recommended to be run without guidance. It might be the wrong tool for the infection. Did you at least get an updated copy? Despite the errors and the time it was taking, it was continuing to go through the stages and should have been left alone to completion. It makes changes to the system during it's run that are undone upon completion. I recommend you either run a fresh copy of ComboFix through to completion or post a main.txt log from Deckard's System Scanner before doing anything else.

 

tyvm
running it now
will post both logs asap
ty 4 ur help...my guru who knew...lol
sorry

 

combofix log

ComboFix 08-01-09.2 - sASSy 2008-01-09 19:11:11.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.248 [GMT -6:00]
Running from: C:\Documents and Settings\sASSy\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\2333212.exe
C:\WINDOWS\24111.exe
C:\WINDOWS\242444.exe
C:\WINDOWS\434343.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe.bin

.
((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-09 17:41 . 2008-01-09 17:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-09 17:41 . 2008-01-09 17:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-08 10:08 . 2008-01-08 10:08 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\Webshots
2008-01-08 06:44 . 2008-01-08 06:44 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-08 05:57 . 2008-01-08 05:57 <DIR> d-------- C:\WINDOWS\Data
2008-01-08 05:54 . 2008-01-08 05:54 <DIR> d-------- C:\Program Files\Temp
2008-01-08 05:54 . 2008-01-08 05:54 787 --a------ C:\WINDOWS\unins001.dat
2008-01-08 05:54 . 2008-01-08 05:54 787 --a------ C:\WINDOWS\unins000.dat
2008-01-08 05:49 . 2008-01-08 05:49 <DIR> d-------- C:\Program Files\Windows SteadyState
2008-01-08 04:41 . 2008-01-08 04:41 <DIR> d-------- C:\Program Files\UPHClean
2008-01-07 17:58 . 2008-01-07 17:58 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-07 17:39 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-06 09:41 . 2008-01-06 09:42 <DIR> d-------- C:\Program Files\the-myspace-editor
2008-01-06 09:35 . 2008-01-06 09:35 <DIR> d-------- C:\Program Files\Virtual Mechanics
2008-01-06 09:35 . 2008-01-06 09:35 <DIR> d-------- C:\Program Files\Common Files\Wintertree
2008-01-06 09:35 . 2003-09-23 10:38 155,648 --a------ C:\WINDOWS\system32\SSCE5232.dll
2008-01-06 09:35 . 2008-01-06 09:35 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-01-05 21:18 . 2008-01-08 17:55 <DIR> d-------- C:\Program Files\iMesh Applications
2008-01-05 21:18 . 2008-01-09 14:48 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\iMesh
2008-01-05 21:18 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-01-05 17:09 . 2008-01-05 17:09 <DIR> d-------- C:\Program Files\FriendFinder, Inc
2008-01-04 17:53 . 2008-01-04 17:53 1,134,459 --a------ C:\WINDOWS\juelZ.scr
2008-01-04 17:07 . 2008-01-04 17:07 <DIR> d-------- C:\VundoFix Backups
2008-01-04 08:32 . 2008-01-04 08:32 377,856 --a------ C:\WINDOWS\throb.scr
2008-01-04 08:31 . 2008-01-04 08:31 1,246,720 --a------ C:\WINDOWS\FMGREG.scr
2008-01-04 08:11 . 2008-01-04 08:12 1,338,151 --a------ C:\WINDOWS\gregs.scr
2008-01-03 18:58 . 2008-01-09 11:03 0 --a------ C:\WINDOWS\system32\drivers\logiflt.iad
2008-01-03 18:56 . 2007-10-11 19:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
2008-01-03 18:54 . 2008-01-03 18:58 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-01-03 18:54 . 2008-01-03 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-01-03 18:38 . 2008-01-03 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-01-03 18:06 . 2008-01-03 18:06 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\TuneUp Software
2008-01-01 01:25 . 2008-01-05 08:37 <DIR> d-------- C:\WINDOWS\PaltalkScene
2008-01-01 01:25 . 2008-01-05 08:38 <DIR> d-------- C:\Program Files\Paltalk Messenger
2008-01-01 01:25 . 2008-01-05 08:38 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\Paltalk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 23:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-09 17:03 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-01-09 01:19 --------- d-----w C:\Program Files\Hijack This
2008-01-08 14:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-08 12:39 --------- d-----w C:\Program Files\TABLET
2008-01-08 12:20 --------- d-----w C:\Program Files\Yahoo!
2008-01-08 12:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 12:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 12:04 --------- d-----w C:\Program Files\Creative
2008-01-08 11:54 72,748 ----a-w C:\WINDOWS\unins001.exe
2008-01-08 11:54 72,748 ----a-w C:\WINDOWS\unins000.exe
2008-01-04 21:08 700,416 ----a-w C:\StubInstaller.exe
2008-01-04 19:46 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-04 17:30 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-04 04:10 --------- dc----w C:\Documents and Settings\sASSy\Application Data\LimeWire
2008-01-04 00:54 --------- d-----w C:\Program Files\Logitech
2008-01-02 21:28 --------- d-----w C:\Program Files\Common Files\Jasc Software Inc
2008-01-02 20:50 277 ----a-w C:\WINDOWS\Fonts\must_read.txt
2008-01-02 20:43 624 ----a-w C:\WINDOWS\Fonts\babe.txt
2008-01-02 20:36 23,496 ----a-w C:\WINDOWS\Fonts\norp_icons_1.zip
2008-01-02 20:36 181,762 ----a-w C:\WINDOWS\Fonts\darrians_sexy_silho.zip
2008-01-02 20:36 11,318 ----a-w C:\WINDOWS\Fonts\48ways.zip
2008-01-02 20:35 39,209 ----a-w C:\WINDOWS\Fonts\strip_letter_1.zip
2008-01-02 20:35 196,323 ----a-w C:\WINDOWS\Fonts\alpha_silouettes.zip
2008-01-02 20:35 14,300 ----a-w C:\WINDOWS\Fonts\group_sex.zip
2008-01-02 20:34 31,383 ----a-w C:\WINDOWS\Fonts\fuzzy_cootie.zip
2008-01-02 20:34 154,494 ----a-w C:\WINDOWS\Fonts\sexy_spanish_woman_siluetas.zip
2008-01-02 20:33 64,778 ----a-w C:\WINDOWS\Fonts\vintage_erotique.zip
2008-01-02 20:33 258,930 ----a-w C:\WINDOWS\Fonts\wc_fetish_bta.zip
2008-01-02 20:33 137,468 ----a-w C:\WINDOWS\Fonts\comix_cuties.zip
2007-12-03 22:55 --------- dc----w C:\Documents and Settings\sASSy\Application Data\U3
2007-11-21 08:09 --------- d-----w C:\Program Files\JAlbum7.3
2007-11-14 02:11 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 02:03 --------- d-----w C:\Program Files\AIM6
2007-11-12 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-12 01:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-12 00:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-01 10:36 1,138 -c--a-w C:\Documents and Settings\sASSy\Application Data\wklnhst.dat
2007-10-18 09:36 92,672 ----a-w C:\WINDOWS\unlite3.exe
2007-10-18 09:36 442,880 --sha-w C:\WINDOWS\x2.64.exe
2007-10-18 09:36 35,840 ----a-w C:\WINDOWS\TASK.EXE
2007-10-18 09:36 320,000 ----a-w C:\WINDOWS\uninst.exe
2007-10-18 09:36 26,112 ----a-w C:\WINDOWS\TrueProcess.exe
2007-10-18 09:36 106,496 ----a-w C:\WINDOWS\unvise32.exe
2007-10-18 09:32 93,696 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-18 09:32 598,016 ----a-w C:\WINDOWS\SOUNDMAN.EXE
2007-10-18 09:31 331,776 ----a-w C:\WINDOWS\SETUPX32.EXE
2007-10-18 09:31 270,336 ----a-w C:\WINDOWS\Setup1.exe
2007-10-18 09:28 87,040 --sha-w C:\WINDOWS\MOTA113.exe
2007-10-18 09:28 741,376 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 09:28 40,960 ----a-w C:\WINDOWS\P0620Cfg.exe
2007-10-18 09:28 40,448 ----a-w C:\WINDOWS\LOGI_MWX.EXE
2007-10-18 09:28 327,168 ----a-w C:\WINDOWS\IsUninst.exe
2007-10-18 09:28 140,288 ----a-w C:\WINDOWS\lsb_un20.exe
2007-10-18 09:24 77,824 ----a-w C:\WINDOWS\BCMSMD2K.exe
2007-10-18 09:24 62,464 ----a-w C:\WINDOWS\Ctregrun.exe
2007-10-18 09:24 335,872 ----a-w C:\WINDOWS\alcupd.exe
2007-10-18 09:24 237,568 ----a-w C:\WINDOWS\Alcrmv.exe
2007-10-18 09:24 172,032 ----a-w C:\WINDOWS\BCMSMU.exe
2007-10-18 09:24 143,360 ----a-w C:\WINDOWS\BCMSMMSG.exe
2007-10-18 09:24 102,400 ----a-w C:\WINDOWS\CtDrvIns.exe
2007-10-18 09:18 612,352 ----a-w C:\Program Files\posteriza.exe
2007-10-12 15:53 1,118,905 ----a-w C:\WINDOWS\affies.scr
2007-10-12 15:32 1,309,503 ----a-w C:\WINDOWS\island_dawn.scr
2007-09-24 12:56 9 -c-ha-w C:\Documents and Settings\sASSy\Application Data\local.lng.dat
2006-02-25 09:58 430,406 ------w C:\Program Files\whois.exe
2005-10-04 03:55 2,267,015 ------w C:\Program Files\setup_ca_en.execal.exe
2005-08-22 19:33 68,918 -c--a-w C:\Program Files\procexp.chm
2005-08-22 19:29 1,238,544 ----a-w C:\Program Files\procexp.exe
2004-01-05 16:12 1,293 -c--a-w C:\Program Files\README.TXT
2005-05-13 23:12 217,073 -csha-r C:\WINDOWS\meta4.exe
2005-10-08 01:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 18:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-06-13 10:23 300,032 --sh--r C:\WINDOWS\system32\pci32b.exe
2006-04-27 16:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 19:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-09 09:09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility "= "Logi_MwX.Exe" [2007-10-18 03:28 40448 C:\WINDOWS\LOGI_MWX.EXE]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-10-18 03:19 303104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 19:47 8720384]

C:\Documents and Settings\sASSy\Start Menu\Programs\Startup\
Webshots.lnk - D:\Webshots\Webshots\Launcher.exe [2008-01-08 10:08:08]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@= "Service "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe
"kernel "=C:\Program Files\kernel\kernel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"Bubble "= "%ProgramFiles%\Windows SteadyState\Bubble.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Windows Express "=pci32b.exe

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 01:00]
R2 Windows SteadyState;Windows SteadyState Service; "C:\Program Files\Windows SteadyState\SCTSvc.exe" [2007-06-05 15:56]
S3 epatap2k;SCM Parallel Port ATAPI Driver;C:\WINDOWS\system32\DRIVERS\epatap2k.sys [2000-03-17 20:27]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-07 03:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2be3e561-deee-11db-b772-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 23:30:35 C:\WINDOWS\Tasks\1-Click Maintenance.job "
- D:\Tune up\OneClick.exe
.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2008-01-09 19:21:13 - machine was rebooted [sASSy]
ComboFix-quarantined-files.txt 2008-01-10 01:20:21
ComboFix2.txt 2007-10-15 13:38:35
ComboFix3.txt 2007-10-14 17:46:09
.
2008-01-09 09:02:17 --- E O F ---


hi jackthis log

Logfile of HijackThis v1.99.1
Scan saved at 7:24:57 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Webshots\Webshots\webshots.scr
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Webshots.lnk = D:\Webshots\Webshots\Launcher.exe
O8 - Extra context menu item: Save to &Xdrive - C:\Documents and Settings\sASSy\Application Data\Xdrive\Skip the Download\std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fubar.com/imgs/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

tyvmia

 

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\pci32b.exe
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
 "kernel "=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
 "Windows Express "=-

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Once you've posted the CF log, please do an online scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log and one more fresh HijackThis log.

 

Ran Combofix 3 times and it would NOT complete and give me a log
I had to shut down the pc after over an hr of waiting
Did a Kaspersky but i saved that wrong too...




Got mad when it didnt get rid of anything tho so I installed PC-Cillin ran it and It got rid of few nasties, forgive me i was lax and didnt write them down know 1 was the pa saile?saliet? i cant remember i am no help i know
heres this mornings hijac
Logfile of HijackThis v1.99.1
Scan saved at 13:35, on 2008-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\TREND_~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
D:\TREND_~2\Tmntsrv.exe
D:\TREND_~2\TmPfw.exe
D:\TREND_~2\tmproxy.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Trend_Micro_\pccguide.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Webshots\Webshots\webshots.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "D:\Trend_Micro_\pccguide.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Webshots.lnk = D:\Webshots\Webshots\Launcher.exe
O8 - Extra context menu item: Save to &Xdrive - C:\Documents and Settings\sASSy\Application Data\Xdrive\Skip the Download\std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fubar.com/imgs/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - D:\TREND_~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - D:\TREND_~2\PcScnSrv.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - D:\TREND_~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\TREND_~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\TREND_~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

guess i will go back to kaspersky and get you a nother log sir....sorry

 

What exactly did ComboFix do? Was is enumerating the stages of progress? Did it hang on a stage? Please create another CFScript from my previous post, then boot to safe mode and drop it on ComboFix.exe

 

the first time just till stage 32
the second time I saw it put the file up there to run
but it did NOT reboot and generate a report, came back up saying it was going to but never did
the 3rd time it put the script up there again but i did NOT c the second entry for the pcbi32.exe up there and it did NOT reboot and tried to generate a report again but to no avail. I let it sit almost an hr too b4 rebooting andd then running to kaspersky...
downloading a fresh copy now and will run it again

 

combofix finished n gave a lo n safe mode
ComboFix 08-01-09.2 - Administrator 2008-01-12 3:03:11.10 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.358 [GMT -6:00]
Running from: C:\Documents and Settings\sASSy\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\sASSy\My Documents\CFScript.txt

FILE
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\pci32b.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\lvuvc.hs
.
---- Previous Run -------
.
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\pci32b.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-12 03:01 . 2008-01-12 03:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Xentient
2008-01-11 00:18 . 2008-01-11 00:18 262,144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-01-11 00:14 . 2008-01-11 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-01-11 00:14 . 2007-09-17 14:31 1,126,072 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2008-01-11 00:14 . 2006-12-29 00:53 288,848 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2008-01-11 00:14 . 2007-09-17 14:40 202,768 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-01-11 00:14 . 2006-12-29 00:53 111,888 --a------ C:\WINDOWS\system32\drivers\tm_mbd_c.sys
2008-01-11 00:14 . 2006-12-29 00:53 75,088 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2008-01-11 00:14 . 2007-09-17 14:40 35,856 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-01-10 21:04 . 2008-01-10 21:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-10 21:04 . 2008-01-10 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-09 17:41 . 2008-01-10 14:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-09 17:41 . 2008-01-09 17:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-08 10:08 . 2008-01-08 10:08 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\Webshots
2008-01-08 06:44 . 2008-01-08 06:44 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-08 05:57 . 2008-01-08 05:57 <DIR> d-------- C:\WINDOWS\Data
2008-01-08 05:54 . 2008-01-08 05:54 <DIR> d-------- C:\Program Files\Temp
2008-01-08 05:54 . 2008-01-08 05:54 787 --a------ C:\WINDOWS\unins001.dat
2008-01-08 05:54 . 2008-01-08 05:54 787 --a------ C:\WINDOWS\unins000.dat
2008-01-08 05:49 . 2008-01-08 05:49 <DIR> d-------- C:\Program Files\Windows SteadyState
2008-01-08 04:41 . 2008-01-08 04:41 <DIR> d-------- C:\Program Files\UPHClean
2008-01-07 17:58 . 2008-01-07 17:58 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-07 17:39 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-06 09:41 . 2008-01-06 09:42 <DIR> d-------- C:\Program Files\the-myspace-editor
2008-01-06 09:35 . 2008-01-06 09:35 <DIR> d-------- C:\Program Files\Virtual Mechanics
2008-01-06 09:35 . 2008-01-06 09:35 <DIR> d-------- C:\Program Files\Common Files\Wintertree
2008-01-06 09:35 . 2003-09-23 10:38 155,648 --a------ C:\WINDOWS\system32\SSCE5232.dll
2008-01-06 09:35 . 2008-01-06 09:35 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-01-05 21:18 . 2008-01-08 17:55 <DIR> d-------- C:\Program Files\iMesh Applications
2008-01-05 21:18 . 2008-01-09 14:48 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\iMesh
2008-01-05 21:18 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-01-05 17:09 . 2008-01-05 17:09 <DIR> d-------- C:\Program Files\FriendFinder, Inc
2008-01-04 17:53 . 2008-01-04 17:53 1,134,459 --a------ C:\WINDOWS\juelZ.scr
2008-01-04 17:07 . 2008-01-04 17:07 <DIR> d-------- C:\VundoFix Backups
2008-01-04 08:32 . 2008-01-04 08:32 377,856 --a------ C:\WINDOWS\throb.scr
2008-01-04 08:31 . 2008-01-04 08:31 1,246,720 --a------ C:\WINDOWS\FMGREG.scr
2008-01-04 08:11 . 2008-01-04 08:12 1,338,151 --a------ C:\WINDOWS\gregs.scr
2008-01-03 18:58 . 2008-01-12 02:58 0 --a------ C:\WINDOWS\system32\drivers\logiflt.iad
2008-01-03 18:56 . 2007-10-11 19:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll
2008-01-03 18:54 . 2008-01-03 18:58 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-01-03 18:54 . 2008-01-03 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-01-03 18:38 . 2008-01-03 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-01-03 18:06 . 2008-01-03 18:06 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\TuneUp Software
2008-01-01 01:25 . 2008-01-05 08:37 <DIR> d-------- C:\WINDOWS\PaltalkScene
2008-01-01 01:25 . 2008-01-05 08:38 <DIR> d-------- C:\Program Files\Paltalk Messenger
2008-01-01 01:25 . 2008-01-05 08:38 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\Paltalk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-11 05:46 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-09 01:19 --------- d-----w C:\Program Files\Hijack This
2008-01-08 14:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-08 12:39 --------- d-----w C:\Program Files\TABLET
2008-01-08 12:20 --------- d-----w C:\Program Files\Yahoo!
2008-01-08 12:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 12:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 12:04 --------- d-----w C:\Program Files\Creative
2008-01-08 11:54 72,748 ----a-w C:\WINDOWS\unins001.exe
2008-01-08 11:54 72,748 ----a-w C:\WINDOWS\unins000.exe
2008-01-04 21:08 700,416 ----a-w C:\StubInstaller.exe
2008-01-04 19:46 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-04 17:30 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-04 04:10 --------- dc----w C:\Documents and Settings\sASSy\Application Data\LimeWire
2008-01-04 00:54 --------- d-----w C:\Program Files\Logitech
2008-01-02 21:28 --------- d-----w C:\Program Files\Common Files\Jasc Software Inc
2008-01-02 20:50 277 ----a-w C:\WINDOWS\Fonts\must_read.txt
2008-01-02 20:43 624 ----a-w C:\WINDOWS\Fonts\babe.txt
2008-01-02 20:36 23,496 ----a-w C:\WINDOWS\Fonts\norp_icons_1.zip
2008-01-02 20:36 181,762 ----a-w C:\WINDOWS\Fonts\darrians_sexy_silho.zip
2008-01-02 20:36 11,318 ----a-w C:\WINDOWS\Fonts\48ways.zip
2008-01-02 20:35 39,209 ----a-w C:\WINDOWS\Fonts\strip_letter_1.zip
2008-01-02 20:35 196,323 ----a-w C:\WINDOWS\Fonts\alpha_silouettes.zip
2008-01-02 20:35 14,300 ----a-w C:\WINDOWS\Fonts\group_sex.zip
2008-01-02 20:34 31,383 ----a-w C:\WINDOWS\Fonts\fuzzy_cootie.zip
2008-01-02 20:34 154,494 ----a-w C:\WINDOWS\Fonts\sexy_spanish_woman_siluetas.zip
2008-01-02 20:33 64,778 ----a-w C:\WINDOWS\Fonts\vintage_erotique.zip
2008-01-02 20:33 258,930 ----a-w C:\WINDOWS\Fonts\wc_fetish_bta.zip
2008-01-02 20:33 137,468 ----a-w C:\WINDOWS\Fonts\comix_cuties.zip
2007-12-03 22:55 --------- dc----w C:\Documents and Settings\sASSy\Application Data\U3
2007-11-21 08:09 --------- d-----w C:\Program Files\JAlbum7.3
2007-11-16 00:51 15,489 ----a-w C:\WINDOWS\system32\646c5ad.exe
2007-11-14 06:05 15,489 ----a-w C:\WINDOWS\system32\216d701.exe
2007-11-14 05:03 15,489 ----a-w C:\WINDOWS\system32\1de3081.exe
2007-11-14 02:11 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-14 01:07 15,489 ----a-w C:\WINDOWS\system32\105e4cc.exe
2007-11-13 21:28 15,489 ----a-w C:\WINDOWS\system32\3daf23.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 02:03 --------- d-----w C:\Program Files\AIM6
2007-11-12 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-12 01:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-12 00:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-10 10:01 15,489 ----a-w C:\WINDOWS\system32\1d2288c.exe
2007-11-10 06:05 15,489 ----a-w C:\WINDOWS\system32\fa0c73.exe
2007-11-10 02:34 15,489 ----a-w C:\WINDOWS\system32\39147c.exe
2007-11-09 21:04 15,489 ----a-w C:\WINDOWS\system32\46ff7ec.exe
2007-11-09 17:19 15,489 ----a-w C:\WINDOWS\system32\3a15695.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-01 10:36 1,138 -c--a-w C:\Documents and Settings\sASSy\Application Data\wklnhst.dat
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 09:36 92,672 ----a-w C:\WINDOWS\unlite3.exe
2007-10-18 09:36 442,880 --sha-w C:\WINDOWS\x2.64.exe
2007-10-18 09:36 35,840 ----a-w C:\WINDOWS\TASK.EXE
2007-10-18 09:36 320,000 ----a-w C:\WINDOWS\uninst.exe
2007-10-18 09:36 26,112 ----a-w C:\WINDOWS\TrueProcess.exe
2007-10-18 09:36 106,496 ----a-w C:\WINDOWS\unvise32.exe
2007-10-18 09:32 93,696 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-18 09:32 598,016 ----a-w C:\WINDOWS\SOUNDMAN.EXE
2007-10-18 09:31 331,776 ----a-w C:\WINDOWS\SETUPX32.EXE
2007-10-18 09:31 270,336 ----a-w C:\WINDOWS\Setup1.exe
2007-10-18 09:28 87,040 --sha-w C:\WINDOWS\MOTA113.exe
2007-10-18 09:28 741,376 ----a-w C:\WINDOWS\iun6002.exe
2007-10-18 09:28 40,960 ----a-w C:\WINDOWS\P0620Cfg.exe
2007-10-18 09:28 40,448 ----a-w C:\WINDOWS\LOGI_MWX.EXE
2007-10-18 09:28 327,168 ----a-w C:\WINDOWS\IsUninst.exe
2007-10-18 09:28 140,288 ----a-w C:\WINDOWS\lsb_un20.exe
2007-10-18 09:24 77,824 ----a-w C:\WINDOWS\BCMSMD2K.exe
2007-10-18 09:24 62,464 ----a-w C:\WINDOWS\Ctregrun.exe
2007-10-18 09:24 335,872 ----a-w C:\WINDOWS\alcupd.exe
2007-10-18 09:24 237,568 ----a-w C:\WINDOWS\Alcrmv.exe
2007-10-18 09:24 172,032 ----a-w C:\WINDOWS\BCMSMU.exe
2007-10-18 09:24 143,360 ----a-w C:\WINDOWS\BCMSMMSG.exe
2007-10-18 09:24 102,400 ----a-w C:\WINDOWS\CtDrvIns.exe
2007-10-18 09:18 612,352 ----a-w C:\Program Files\posteriza.exe
2007-10-12 15:53 1,118,905 ----a-w C:\WINDOWS\affies.scr
2007-10-12 15:32 1,309,503 ----a-w C:\WINDOWS\island_dawn.scr
2007-10-12 02:00 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll
2007-10-12 02:00 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll
2007-10-12 01:57 416,280 ----a-w C:\WINDOWS\system32\lvcodec2.dll
2007-10-12 01:18 21,138 ----a-w C:\WINDOWS\system32\Repository.reg
2007-09-24 12:56 9 -c-ha-w C:\Documents and Settings\sASSy\Application Data\local.lng.dat
2006-02-25 09:58 430,406 ------w C:\Program Files\whois.exe
2005-10-04 03:55 2,267,015 ------w C:\Program Files\setup_ca_en.execal.exe
2005-08-22 19:33 68,918 -c--a-w C:\Program Files\procexp.chm
2005-08-22 19:29 1,238,544 ----a-w C:\Program Files\procexp.exe
2004-01-05 16:12 1,293 -c--a-w C:\Program Files\README.TXT
2005-05-13 23:12 217,073 -csha-r C:\WINDOWS\meta4.exe
2005-10-08 01:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 18:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 16:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 19:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-09_19.20.03.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-18 12:42:22 80,896 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
- 2008-01-09 18:53:30 643,072 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-12 09:02:49 643,072 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-09 18:53:30 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-12 09:02:50 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-09 18:53:31 6,057,984 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-12 09:02:50 864,256 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-09 18:53:31 208,896 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-12 09:02:50 196,608 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-11 06:15:47 4,710 ----a-r C:\WINDOWS\Installer\{BB4B6355-D38A-492C-873B-A1B2CF6C3832}\ARPPRODUCTICON.exe
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 19:47 8720384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility "= "Logi_MwX.Exe" [2007-10-18 03:28 40448 C:\WINDOWS\LOGI_MWX.EXE]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-10-18 03:19 303104]
"pccguide.exe "= "D:\Trend_Micro_\pccguide.exe" [2007-01-23 00:26 3429904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 19:47 8720384]

C:\Documents and Settings\sASSy\Start Menu\Programs\Startup\
Webshots.lnk - D:\Webshots\Webshots\Launcher.exe [2008-01-08 10:08:08]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"Bubble "= "%ProgramFiles%\Windows SteadyState\Bubble.exe "

R2 Windows SteadyState;Windows SteadyState Service; "C:\Program Files\Windows SteadyState\SCTSvc.exe" [2007-06-05 15:56]
S1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 01:00]
S3 epatap2k;SCM Parallel Port ATAPI Driver;C:\WINDOWS\system32\DRIVERS\epatap2k.sys [2000-03-17 20:27]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-07 03:50]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 23:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job "
- D:\Tune up\OneClick.exe
.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2008-01-12 3:09:24
ComboFix-quarantined-files.txt 2008-01-12 09:08:33
ComboFix2.txt 2008-01-10 01:21:13
ComboFix3.txt 2007-10-15 13:38:35
ComboFix4.txt 2007-10-14 17:46:09
.
2008-01-09 09:02:17 --- E O F ---

 

Great! Get that Kaspersky scan log for me now, please.

 

u want a new one?
theres a link in one of posts to the first one....

 

kaspersky log monday 13th

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-01-14 07:51
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/01/2008
Kaspersky Anti-Virus database records: 510442
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 151901
Number of viruses found: 18
Number of infected objects: 76
Number of suspicious objects: 0
Duration of the scan process: 02:15:15

Infected Object Name / Virus Name / Last Action
C:\Deckard1\System Scanner\backup\WINDOWS\temp\winbgahxw.exe Infected: Trojan-Downloader.Win32.Agent.dsy skipped
C:\Deckard1\System Scanner\backup\WINDOWS\temp\winsnuj.exe Infected: Trojan-Downloader.Win32.Agent.dsy skipped
C:\Deckard1\System Scanner\backup\WINDOWS\temp\wintrvfd.exe Infected: Trojan-Downloader.Win32.Agent.dsy skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\sASSy\.housecall6.6\Quarantine\backup-20070923-144249-298.dll.bac_a02732 Infected: not-a-virus:AdWare.Win32.Virtumonde.vr skipped
C:\Documents and Settings\sASSy\.housecall6.6\Quarantine\backup-20070923-144249-451.dll.bac_a02732 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\sASSy\.housecall6.6\Quarantine\Crypted_PAINBot.exe.bac_a02732 Infected: Virus.Win32.Sality.o skipped
C:\Documents and Settings\sASSy\.housecall6.6\Quarantine\MigPol.exe.bac_a02732 Infected: Virus.Win32.Sality.o skipped
C:\Documents and Settings\sASSy\.housecall6.6\Quarantine\MigPolWin.exe.bac_a02732 Infected: Virus.Win32.Sality.o skipped
C:\Documents and Settings\sASSy\.housecall6.6\Quarantine\T-1402996-_ORGASM _ rock n roll trivia SVCD Dirty.zip.bac_a02732/Setup.exe Infected: not-virus:Hoax.Win32.Agent.o skipped
C:\Documents and Settings\sASSy\.housecall6.6\Quarantine\T-1402996-_ORGASM _ rock n roll trivia SVCD Dirty.zip.bac_a02732 ZIP: infected - 1 skipped
C:\Documents and Settings\sASSy\.housecall6.6\Quarantine\T-1402996-_ORGASM _ rock n roll trivia SVCD Dirty.zip.bac_a02732 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\sASSy\.housecall6.6\Quarantine\T-1452660-_PANTHEON_ rock n roll trivia SVCD (Music).zip.bac_a02732/Setup.exe Infected: not-virus:Hoax.Win32.Agent.o skipped
C:\Documents and Settings\sASSy\.housecall6.6\Quarantine\T-1452660-_PANTHEON_ rock n roll trivia SVCD (Music).zip.bac_a02732 ZIP: infected - 1 skipped
C:\Documents and Settings\sASSy\.housecall6.6\Quarantine\T-1452660-_PANTHEON_ rock n roll trivia SVCD (Music).zip.bac_a02732 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\sASSy\.housecall6.6\Quarantine\T-1502836-_XTC_ rock n roll trivia [Full] [Radio.Version].zip.bac_a02732/Setup.exe Infected: not-virus:Hoax.Win32.Agent.o skipped
C:\Documents and Settings\sASSy\.housecall6.6\Quarantine\T-1502836-_XTC_ rock n roll trivia [Full] [Radio.Version].zip.bac_a02732 ZIP: infected - 1 skipped
C:\Documents and Settings\sASSy\.housecall6.6\Quarantine\T-1502836-_XTC_ rock n roll trivia [Full] [Radio.Version].zip.bac_a02732 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\sASSy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\sASSy\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\sASSy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\sASSy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\sASSy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sASSy\Local Settings\History\History.IE5\MSHist012008011420080115\index.dat Object is locked skipped
C:\Documents and Settings\sASSy\Local Settings\temp\~DF95FA.tmp Object is locked skipped
C:\Documents and Settings\sASSy\Local Settings\temp\~DF974A.tmp Object is locked skipped
C:\Documents and Settings\sASSy\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\sASSy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sASSy\My Documents\DL\pass\ophcrack-win32-installer-2.4.exe/file36 Infected: not-a-virusSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\sASSy\My Documents\DL\pass\ophcrack-win32-installer-2.4.exe/file64 Infected: not-a-virusSWTool.Win32.PWDump.d skipped
C:\Documents and Settings\sASSy\My Documents\DL\pass\ophcrack-win32-installer-2.4.exe/file65 Infected: not-a-virusSWTool.Win32.PWDump.d skipped
C:\Documents and Settings\sASSy\My Documents\DL\pass\ophcrack-win32-installer-2.4.exe Inno: infected - 3 skipped
C:\Documents and Settings\sASSy\My Documents\DL\the-myspace-editor.exe/data0004 Infected: Trojan-Downloader.Win32.Small.hhp skipped
C:\Documents and Settings\sASSy\My Documents\DL\the-myspace-editor.exe NSIS: infected - 1 skipped
C:\Documents and Settings\sASSy\My Documents\DL\themes\ancientsunset.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\sASSy\My Documents\DL\themes\ancientsunset.exe/WISE0014.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\sASSy\My Documents\DL\themes\ancientsunset.exe WiseSFX: infected - 2 skipped
C:\Documents and Settings\sASSy\My Documents\DL\themes\ancientsunset.exe WiseSFXDropper: infected - 2 skipped
C:\Documents and Settings\sASSy\My Documents\DL\themes\aurora_km.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\sASSy\My Documents\DL\themes\aurora_km.exe/WISE0014.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\sASSy\My Documents\DL\themes\aurora_km.exe WiseSFX: infected - 2 skipped
C:\Documents and Settings\sASSy\My Documents\DL\themes\aurora_km.exe WiseSFXDropper: infected - 2 skipped
C:\Documents and Settings\sASSy\My Documents\DL\themes\bluefantasy.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\sASSy\My Documents\DL\themes\bluefantasy.exe/WISE0014.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\sASSy\My Documents\DL\themes\bluefantasy.exe WiseSFX: infected - 2 skipped
C:\Documents and Settings\sASSy\My Documents\DL\themes\bluefantasy.exe WiseSFXDropper: infected - 2 skipped
C:\Documents and Settings\sASSy\My Documents\DL\turbo_internet_booster_free.exe/file5 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\sASSy\My Documents\DL\turbo_internet_booster_free.exe Inno: infected - 1 skipped
C:\Documents and Settings\sASSy\My Documents\DL\WebfettiSetup2.2.60.11-2.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\Documents and Settings\sASSy\My Documents\DL\WebfettiSetup2.2.60.11-2.exe CAB: infected - 1 skipped
C:\Documents and Settings\sASSy\ntuser.dat Object is locked skipped
C:\Documents and Settings\sASSy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\sASSy\Shared\mpegs\Track 1 (angels).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\sASSy\Shared\Wicked Remix.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pci32b.exe.vir Infected: Trojan.Win32.Buzus.aa skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D6677667-73FC-44F0-AD67-604FC48BA7D4}\RP22\A0000751.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\System Volume Information\_restore{D6677667-73FC-44F0-AD67-604FC48BA7D4}\RP27\A0003127.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\System Volume Information\_restore{D6677667-73FC-44F0-AD67-604FC48BA7D4}\RP30\A0004170.exe Infected: Trojan.Win32.Buzus.aa skipped
C:\System Volume Information\_restore{D6677667-73FC-44F0-AD67-604FC48BA7D4}\RP34\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{5661A8BF-2551-4C08-AB54-794D9758253B}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\105e4cc.exe Infected: Trojan.Win32.Agent.ckl skipped
C:\WINDOWS\system32\1d2288c.exe Infected: Trojan.Win32.Agent.ckl skipped
C:\WINDOWS\system32\1de3081.exe Infected: Trojan.Win32.Agent.ckl skipped
C:\WINDOWS\system32\216d701.exe Infected: Trojan.Win32.Agent.ckl skipped
C:\WINDOWS\system32\39147c.exe Infected: Trojan.Win32.Agent.ckl skipped
C:\WINDOWS\system32\3a15695.exe Infected: Trojan.Win32.Agent.ckl skipped
C:\WINDOWS\system32\3daf23.exe Infected: Trojan.Win32.Agent.ckl skipped
C:\WINDOWS\system32\46ff7ec.exe Infected: Trojan.Win32.Agent.ckl skipped
C:\WINDOWS\system32\646c5ad.exe Infected: Trojan.Win32.Agent.ckl skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\fa0c73.exe Infected: Trojan.Win32.Agent.ckl skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{D6677667-73FC-44F0-AD67-604FC48BA7D4}\RP34\change.log Object is locked skipped
D:\Trend_Micro_\Quarantine\25.tmp Infected: Trojan.Win32.BHO.adh skipped
D:\Trend_Micro_\Quarantine\Backup\A0006288.RB0 Infected: Virus.Win32.Sality.o skipped
D:\Trend_Micro_\Quarantine\Backup\tzchange.RB0 Infected: Virus.Win32.Sality.o skipped
E:\Trend_Zone\Trend Micro 2007 + Keygen\keygen.exe Object is locked skipped
G:\Documents\themes\ancientsunset.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
G:\Documents\themes\ancientsunset.exe/WISE0014.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
G:\Documents\themes\ancientsunset.exe WiseSFX: infected - 2 skipped
G:\Documents\themes\ancientsunset.exe WiseSFXDropper: infected - 2 skipped
G:\Documents\themes\aurora_km.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
G:\Documents\themes\aurora_km.exe/WISE0014.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
G:\Documents\themes\aurora_km.exe WiseSFX: infected - 2 skipped
G:\Documents\themes\aurora_km.exe WiseSFXDropper: infected - 2 skipped
G:\Documents\themes\bluefantasy.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
G:\Documents\themes\bluefantasy.exe/WISE0014.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
G:\Documents\themes\bluefantasy.exe WiseSFX: infected - 2 skipped
G:\Documents\themes\bluefantasy.exe WiseSFXDropper: infected - 2 skipped
H:\backups\backup-20071005-171652-635.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
H:\backups\backup-20071005-171653-325.dll Object is locked skipped
H:\backups\backup-20071005-171759-738.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
H:\backups\backup-20071005-171800-103.dll Object is locked skipped
H:\backups\backup-20071005-171909-176.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
H:\backups\backup-20071005-171911-629.dll Object is locked skipped
H:\backups\backup-20071005-172023-301.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
H:\backups\backup-20071005-172024-502.dll Object is locked skipped
H:\backups\backup-20071223-203426-735.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped

Scan process completed.


going to panda active scan they will get most of these

 

Here's the list of infected items found by Kaspersky.

Code:

C:\Deckard1\System Scanner\backup\WINDOWS\temp\winbgahxw.exe --> Trojan-Downloader.Win32.Agent.dsy
C:\Deckard1\System Scanner\backup\WINDOWS\temp\winsnuj.exe --> Trojan-Downloader.Win32.Agent.dsy
C:\Deckard1\System Scanner\backup\WINDOWS\temp\wintrvfd.exe --> Trojan-Downloader.Win32.Agent.dsy
C:\Documents and Settings\sASSy\My Documents\DL\pass\ophcrack-win32-installer-2.4.exe/file36 --> PSWTool.Win32.PWDump.2
C:\Documents and Settings\sASSy\My Documents\DL\pass\ophcrack-win32-installer-2.4.exe/file64 --> PSWTool.Win32.PWDump.d
C:\Documents and Settings\sASSy\My Documents\DL\pass\ophcrack-win32-installer-2.4.exe/file65 --> PSWTool.Win32.PWDump.d
C:\Documents and Settings\sASSy\My Documents\DL\the-myspace-editor.exe/data0004 --> Trojan-Downloader.Win32.Small.hhp
C:\Documents and Settings\sASSy\My Documents\DL\themes\ancientsunset.exe/WISE0013.BIN --> Win32.NewDotNet
C:\Documents and Settings\sASSy\My Documents\DL\themes\ancientsunset.exe/WISE0014.BIN --> AdTool.Win32.WhenU.a
C:\Documents and Settings\sASSy\My Documents\DL\themes\aurora_km.exe/WISE0013.BIN --> Win32.NewDotNet
C:\Documents and Settings\sASSy\My Documents\DL\themes\aurora_km.exe/WISE0014.BIN --> AdTool.Win32.WhenU.a
C:\Documents and Settings\sASSy\My Documents\DL\themes\bluefantasy.exe/WISE0013.BIN --> Win32.NewDotNet
C:\Documents and Settings\sASSy\My Documents\DL\themes\bluefantasy.exe/WISE0014.BIN --> AdTool.Win32.WhenU.a
C:\Documents and Settings\sASSy\My Documents\DL\turbo_internet_booster_free.exe/file5 --> Win32.NewDotNet
C:\Documents and Settings\sASSy\My Documents\DL\WebfettiSetup2.2.60.11-2.exe/mwsSetup.CommonCodebase.exe --> AdTool.Win32.MyWebSearch.bc
C:\Documents and Settings\sASSy\Shared\mpegs\Track 1 (angels).wma --> Trojan-Downloader.WMA.Wimad.l
C:\Documents and Settings\sASSy\Shared\Wicked Remix.wma --> Trojan-Downloader.WMA.Wimad.l
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir --> Trojan-Downloader.Win32.Agent.haq
C:\QooBox\Quarantine\C\WINDOWS\system32\pci32b.exe.vir --> Trojan.Win32.Buzus.aa
C:\WINDOWS\system32\105e4cc.exe --> Trojan.Win32.Agent.ckl
C:\WINDOWS\system32\1d2288c.exe --> Trojan.Win32.Agent.ckl
C:\WINDOWS\system32\1de3081.exe --> Trojan.Win32.Agent.ckl
C:\WINDOWS\system32\216d701.exe --> Trojan.Win32.Agent.ckl
C:\WINDOWS\system32\39147c.exe --> Trojan.Win32.Agent.ckl
C:\WINDOWS\system32\3a15695.exe --> Trojan.Win32.Agent.ckl
C:\WINDOWS\system32\3daf23.exe --> Trojan.Win32.Agent.ckl
C:\WINDOWS\system32\46ff7ec.exe --> Trojan.Win32.Agent.ckl
C:\WINDOWS\system32\646c5ad.exe --> Trojan.Win32.Agent.ckl
C:\WINDOWS\system32\fa0c73.exe --> Trojan.Win32.Agent.ckl
G:\Documents\themes\ancientsunset.exe/WISE0013.BIN --> Win32.NewDotNet
G:\Documents\themes\ancientsunset.exe/WISE0014.BIN --> AdTool.Win32.WhenU.a
G:\Documents\themes\aurora_km.exe/WISE0013.BIN --> Win32.NewDotNet
G:\Documents\themes\aurora_km.exe/WISE0014.BIN --> AdTool.Win32.WhenU.a
G:\Documents\themes\bluefantasy.exe/WISE0013.BIN --> Win32.NewDotNet
G:\Documents\themes\bluefantasy.exe/WISE0014.BIN --> AdTool.Win32.WhenU.a
H:\backups\backup-20071005-171652-635.dll --> AdTool.Win32.MyWebSearch.as
H:\backups\backup-20071005-171759-738.dll --> AdTool.Win32.MyWebSearch.as
H:\backups\backup-20071005-171909-176.dll --> AdTool.Win32.MyWebSearch.as
H:\backups\backup-20071005-172023-301.dll --> AdTool.Win32.MyWebSearch.as
H:\backups\backup-20071223-203426-735.dll --> AdTool.Win32.MyWebSearch.ba

And here's my recommendation. Let's nuke 'em with ComboFix.


Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

KillAll::

File::
C:\Documents and Settings\sASSy\My Documents\DL\the-myspace-editor.exe
C:\Documents and Settings\sASSy\My Documents\DL\themes\ancientsunset.exe
C:\Documents and Settings\sASSy\My Documents\DL\themes\aurora_km.exe
C:\Documents and Settings\sASSy\My Documents\DL\themes\bluefantasy.exe
C:\Documents and Settings\sASSy\My Documents\DL\turbo_internet_booster_free.exe
C:\Documents and Settings\sASSy\My Documents\DL\WebfettiSetup2.2.60.11-2.exe
C:\Documents and Settings\sASSy\Shared\mpegs\Track 1 (angels).wma
C:\Documents and Settings\sASSy\Shared\Wicked Remix.wma
C:\WINDOWS\system32\105e4cc.exe
C:\WINDOWS\system32\1d2288c.exe
C:\WINDOWS\system32\1de3081.exe
C:\WINDOWS\system32\216d701.exe
C:\WINDOWS\system32\39147c.exe
C:\WINDOWS\system32\3a15695.exe
C:\WINDOWS\system32\3daf23.exe
C:\WINDOWS\system32\46ff7ec.exe
C:\WINDOWS\system32\646c5ad.exe
C:\WINDOWS\system32\fa0c73.exe
G:\Documents\themes\ancientsunset.exe
G:\Documents\themes\aurora_km.exe
G:\Documents\themes\bluefantasy.exe
H:\backups\backup-20071005-171652-635.dll
H:\backups\backup-20071005-171759-738.dll
H:\backups\backup-20071005-171909-176.dll
H:\backups\backup-20071005-172023-301.dll
H:\backups\backup-20071223-203426-735.dll
Folder::
C:\Deckard1

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

well i dunno but i think they nuked combofix....lol
its been stuck on stage 36 for over 3 hrs
skipped 24 for some reason
lol but gave me a 34 a b and c
any way im thinking i shud stop it but dont know what to do...
its been running since at least 5am this morn dude...
I think this bug is wise to combofix cuz I havent been able to get a log cept that one n safe mode....
whats next guru?
lol
ty for all ur help btw

 

I'm not touching it
i guess its just havin a slow day
is on last part now deleting files
jusched.log now

 

Very odd. Where is it at now?

 

on the 5th H:\ deletion....
slowly but surely....
lol

 

Wow. I've never known of it taking so long before. Did you click on the ComboFix window? Are you running other programs or anything? Is CF running on the computer you're posting with?