PDA

View Full Version : Trying to remove (Acceleration Software?)


Fluffy_Cat
2008-02-09, 04:58
G'Day All

Trying to get my computer running smoothly again after installing some (Acceleration Software?) by mistake. :oops:

Was hoping someone could do a quick check of the ComboFix log to make certain I’ve removed it all.

Thanks in advance for any help or advice.:bigthumb:



ComboFix 08-02.05.3 - Helen 2008-02-09 13:32:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.258 [GMT 11:00]
Running from: C:\Documents and Settings\Helen.ROCKBART-C80A42\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot
C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot\DataBase.ref
C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot\Log\2007 Dec 24 - 09_52_31 AM_031.log
C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot\Log\2007 Dec 24 - 09_52_32 AM_421.log
C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot\Log\2007 Dec 24 - 10_00_29 AM_953.log
C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot\Log\2007 Dec 24 - 10_03_20 AM_828.log
C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot\Log\2007 Dec 24 - 10_04_08 AM_609.log
C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot\Log\2007 Dec 24 - 10_04_25 AM_140.log
C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot\rs.dat
C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot\Settings\CustomScan.stg
C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot\Settings\IgnoreList.stg
C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot\Settings\ScanInfo.stg
C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot\Settings\ScanResults.stg
C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot\Settings\SelectedFolders.stg
C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\AntiSpywareBot\Settings\Settings.stg
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job

.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-09 13:30 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-27 18:40 . 2002-10-04 02:23 73,728 -ra------ C:\WINDOWS\system32\cnmC8.tmp
2008-01-27 16:17 . 2008-01-28 16:24 <DIR> d-------- C:\Program Files\Canon
2008-01-21 13:28 . 2008-01-21 13:28 <DIR> d-------- C:\WINDOWS\StartHtmico
2008-01-21 13:28 . 2008-01-21 13:28 <DIR> d-------- C:\WINDOWS\I450
2008-01-21 12:51 . 2002-12-18 16:00 88,576 --a------ C:\WINDOWS\system32\CNMLM4w.DLL
2008-01-21 12:51 . 2002-10-04 02:23 73,728 -ra------ C:\WINDOWS\system32\CNMCP4w.exe
2008-01-21 12:51 . 2002-12-18 16:00 5,632 --a------ C:\WINDOWS\system32\CNMVS4w.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 06:07 --------- d-----w C:\Program Files\Symantec
2007-12-24 00:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-23 23:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2007-12-17 06:13 --------- d-----w C:\Program Files\Alwil Software
2007-12-17 03:34 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-17 03:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2007-12-17 03:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-05 06:19 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-10-29 00:30 71,080 ----a-w C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\GDIPFONTCACHEV1.DAT
2007-04-16 05:38 168 ----a-w C:\Documents and Settings\Helen.ROCKBART-C80A42\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-12 13:25 1961984]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 21:01 1397760]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 03:53 54784 C:\WINDOWS\SOUNDMAN.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-06-06 14:45 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-06-06 14:41 118784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"BigPondWirelessBroadbandCM"="C:\Program Files\Telstra\BigPond Wireless Broadband 2.7.3\BigPond_CM.exe" [2007-09-18 15:02 2093056]
"SoftwareStation"="C:\Program Files\eAcceleration\Station\station.exe" [ ]
"StopSignSsTsMon"="C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll" [ ]
"StopSignSsSsMon"="C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [ ]
"webscan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [ ]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-06 12:22 26248]
"StopSignSsFwMon"="C:\Program Files\eAcceleration\Firewall\ssfwmon.dll" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-05 00:00 79224]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"StopSignSsSsMon"="C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [ ]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

R0 fwcore;Fwcore Filter;C:\WINDOWS\system32\drivers\fwcore.sys [2007-03-01 13:26]
R3 cmusbnet;WAN Driver @ 3GPP (6280);C:\WINDOWS\system32\DRIVERS\cmusbnet.sys [2007-06-22 10:54]
R3 cmusbser;%CMUSBSER%;C:\WINDOWS\system32\DRIVERS\cmusbser.sys [2006-12-13 19:31]
S2 FWService;FWService;C:\Program Files\eAcceleration\Firewall\FWService.exe []
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 17:32]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-09 01:39:13 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-09 01:10:08 C:\WINDOWS\Tasks\User_Feed_Synchronization-{7F5BE6FB-637E-4492-83BB-2427F54B8F02}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 13:33:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-09 13:34:35
ComboFix-quarantined-files.txt 2008-02-09 02:34:05
.
2008-01-10 06:50:31 --- E O F ---
pskelley
2008-02-09, 15:54
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

G'Day Helen, You must have missed the directions I posted and that are pinned to the top of this forum?

I can not tell much from this combofix report other than the fact you had a rouge spyware product called AntiSpywareBot:
http://www.castlecops.com/s15060-AntiSpywareBot.html
that was remove and I believe I see a problem here:
2007-12-17 06:13 --------- d-----w C:\Program Files\Alwil Software
2007-12-17 03:34 --------- d-----w C:\Program Files\Norton AntiVirus
But can not really tell without seeing the HJT log:
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp

If you want more help than that, read the directions and follow them:

Provide:
a) The HJT log.
b) The Kaspersky log report.

Cheers...Phil
pskelley
2008-02-14, 14:38
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.