Solve : spyware guard?

1.	Solve : spyware guard?
Answer» Part2 of combofix O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-23 06:43:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\drivers\MFX.sys 52076 bytes executable C:\SYZ_DAT scan completed successfully hidden files: 2 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant] "ImagePath"="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'explorer.exe'(2812) c:\docume~1\Owner\LOCALS~1\Temp\IadHide5.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Sygate\SPF\Smc.exe c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\program files\a2 free\a2service.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\Yahoo!\browser\ycommon.exe c:\program files\SBC Self Support Tool\bin\mpbtn.exe c:\windows\system32\ntvdm.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\HPZipm12.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgrsx.exe . ********************************************************************** . Completion time: 2008-12-23 7:01:10 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-23 15:00:47 ComboFix2.txt 2008-12-23 04:44:28 Pre-RUN: 28,020,379,648 bytes free Post-Run: 28,001,595,392 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 286--- E O F ---2008-12-21 16:27:08 Thanks MelNote: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Now download The Avenger by Swandog46 and save it to your Desktop. Extract avenger.exe from the Zip file and save it to your Desktop Run avenger.exe by double-clicking on it. Do not change any CHECK box options!! Copy everything in the Code box below, and paste it into the Input script here window: Code: [Select]Comment: Files to delete: c:\windows\system32\drivers\e522f5d0.sys Folders to delete: C:\148370517 Now click the Execute button. Click Yes to the prompt to confirm you want to execute. Click Yes to the "Reboot now?" question that will appear when Avenger finishes running. Your PC should reboot, if not, reboot it yourself. A log file from Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot. Add the Avenger log in your next post. Hello EvilFantasy Avenger log: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP *************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "c:\windows\system32\drivers\e522f5d0.sys" not found! Deletion of file "c:\windows\system32\drivers\e522f5d0.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: "C:\148370517" is not a folder! It may instead be a file. Deletion of folder "C:\148370517" failed! Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY) --> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file Completed script processing. *************** Finished! Terminate. Thanks again for your time! Mel Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. . The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. . ---------- Download OTCleanIt.exe and save it to your Desktop. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not delete it yourself. . Important: Restart the computer before continuing. How is the computer running now?Hello EvilFantasy: The computer is running GREAT I am having 1 problem..... I can't get it to do my laundry Who do I talk to about that? You guys and gals are GREAT I hope you have a good Christmas/Hanaka Thanks again MelYour welcome and Happy Holidays... Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.** Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it HARDER for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Answer»

Part2 of combofix
O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 06:43:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\drivers\MFX.sys 52076 bytes executable
C:\SYZ_DAT

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(2812)
c:\docume~1\Owner\LOCALS~1\Temp\IadHide5.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sygate\SPF\Smc.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\a2 free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\windows\system32\ntvdm.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-23 7:01:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-23 15:00:47
ComboFix2.txt 2008-12-23 04:44:28

Pre-RUN: 28,020,379,648 bytes free
Post-Run: 28,001,595,392 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

286--- E O F ---2008-12-21 16:27:08

Thanks MelNote: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Now download The Avenger by Swandog46 and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your Desktop
Run avenger.exe by double-clicking on it.
Do not change any CHECK box options!!
Copy everything in the Code box below, and paste it into the Input script here window:

Code: [Select]Comment:

Files to delete:
c:\windows\system32\drivers\e522f5d0.sys

Folders to delete:
C:\148370517

Now click the Execute button.
Click Yes to the prompt to confirm you want to execute.
Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
Your PC should reboot, if not, reboot it yourself.
A log file from Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.

Add the Avenger log in your next post.

Hello EvilFantasy
Avenger log:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "c:\windows\system32\drivers\e522f5d0.sys" not found!
Deletion of file "c:\windows\system32\drivers\e522f5d0.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: "C:\148370517" is not a folder! It may instead be a file.
Deletion of folder "C:\148370517" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file

Completed script processing.

*******************

Finished! Terminate.
Thanks again for your time!
Mel

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

.
Important: Restart the computer before continuing.

How is the computer running now?Hello EvilFantasy:
The computer is running GREAT
I am having 1 problem.....
I can't get it to do my laundry
Who do I talk to about that?
You guys and gals are GREAT
I hope you have a good Christmas/Hanaka
Thanks again MelYour welcome and Happy Holidays...

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it HARDER for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Solve : spyware guard?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment