Help with virtumonde and smitfraud please

The black screen comes up asking what system I want to open in...the instructions say at that time to press F8 and key up or down to which system you want..that would be Windows 2000 Professional which it's set on already so I don't have to go up or down...then it says to hit enter, which I do and it just goes into starting up Windows....even on the next page when it starts loading, it gives you an F8 option so I even tried it there....it just keeps going to open in Windows with the logo.
 
Hi

If you do that again and let it open in Windows with the logo,
is there safe mode in each corner of desktop after desktop and icons are loaded?
 
Hi

If you do that again and let it open in Windows with the logo,
is there safe mode in each corner of desktop after desktop and icons are loaded?

mmm..I haven't noticed that but I can try again and look...can I hit the F8 on the F2 screen before it gets to the which program to you want to use?
 
Hi

"can I hit the F8 on the F2 screen before it gets to the which program to you want to use?"

No.

You should hit F8 after that menu.
 
Yipee Shaba...Avenger finally worked. As you'll see below it took a few times but it kept rebooting by itself then executed. I have to check above now and see what else you said to post and I'll get that next! yipee..I hope this does it now. Barb...oh and btw, I think it worked because I typed the commands into Avenger and my spacing looked different from when I copied and pasted yours, so in the translation something was different, maybe...brb with other log.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows 2000 (build 2195, Service Pack 4)
Sun Mar 23 07:23:23 2008

07:23:23: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows 2000 (build 2195, Service Pack 4)
Sun Mar 23 07:27:14 2008

07:27:14: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows 2000 (build 2195, Service Pack 4)
Sun Mar 23 07:27:48 2008

07:27:48: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows 2000 (build 2195, Service Pack 4)
Sun Mar 23 07:49:35 2008

07:49:35: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows 2000 (build 2195, Service Pack 4)
Sun Mar 23 08:01:25 2008

08:01:25: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows 2000 (build 2195, Service Pack 4)
Sun Mar 23 08:02:16 2008

08:02:16: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows 2000 (build 2195, Service Pack 4)
Sun Mar 23 08:29:47 2008

08:29:47: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows 2000 (build 2195, Service Pack 4)
Sun Mar 23 08:30:26 2008

08:30:26: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows 2000

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINNT\system32\drivers\core.cache.dsk" deleted successfully.
File "C:\WINNT\system32\drivers\rdbsss.sys" deleted successfully.
Driver "rdbsss" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
 
New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:08 PM, on 3/23/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1202406028803
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe

--
End of file - 7913 bytes
 
Hi

That's wonderful news :)

Re-run combofix

Post:

- a fresh HijackThis log
- combofix report
 
ComboFix 08-03-18.1 - Administrator 03/24/2008 14:21:52.5 - FAT32x86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3

.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-24 14:22 . 03/24/08 02:22p 6,736 --a------ C:\WINNT\system32\drivers\PROCEXP90.SYS
2008-03-24 04:39 . 03/24/08 04:39a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2f8.dat
2008-03-24 02:55 . 03/24/08 02:54a 102,400 --a------ C:\WINNT\system32\drivers\cavasm.sys
2008-03-24 02:55 . 03/24/08 02:54a 73,728 --a------ C:\WINNT\system32\CavEmLSP.dll
2008-03-24 02:54 . 03/24/08 02:54a 434,252 --a------ C:\WINNT\system32\MSVCRTD.DLL
2008-03-24 02:54 . 03/24/08 02:54a 216,576 --a------ C:\WINNT\system32\monln.dll
2008-03-19 03:28 . 03/19/08 03:28a <DIR> d-------- C:\Program Files\Trend Micro
2008-03-18 02:57 . 03/18/08 02:57a <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2008-03-18 02:57 . 03/18/08 02:57a <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-03-17 22:33 . 03/17/08 10:33p <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-28 06:59 . 09/24/07 11:31p 69,632 --a------ C:\WINNT\system32\javacpl.cpl
2008-02-28 06:57 . 02/28/08 06:57a <DIR> d-------- C:\Program Files\Java
2008-02-28 06:56 . 02/28/08 06:56a <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-27 17:23 . 02/27/08 05:23p <DIR> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 10:54 499,712 ----a-w C:\WINNT\system32\msvcp71.dll
2008-03-24 10:54 348,160 ----a-w C:\WINNT\system32\msvcr71.dll
2008-03-24 10:54 1,060,864 ----a-w C:\WINNT\system32\mfc71.dll
2008-03-01 04:23 40,088 ----a-w C:\Program Files\larger2.jpg
2008-03-01 04:22 40,088 ----a-w C:\Program Files\New Audreylarger2.jpg
2008-02-12 22:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Comodo
2008-02-12 22:44 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2008-02-12 22:39 --------- d-----w C:\Program Files\Comodo
2008-02-12 22:04 6,193,264 ----a-w C:\Program Files\fwinstall.exe
2008-02-12 00:56 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2008-02-11 16:18 437,392 ----a-w C:\Program Files\msgr8us.exe
2008-02-11 15:21 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-11 14:09 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-11 14:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-11 14:09 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2008-02-11 14:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-09 09:36 --------- d-----w C:\Program Files\Enigma Software Group
2008-02-07 19:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AntiSpyware
2006-07-08 10:09 6,224,944 ----a-w C:\Program Files\pkreader.exe
2006-07-08 06:15 361,544,078 ----a-w C:\Program Files\GTA2INSTALLER.ZIP
2006-07-01 20:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-06-27 18:47 16,706,160 ----a-w C:\Program Files\AdbeRdr60_enu_full.exe
2006-06-15 07:50 762,512 ----a-w C:\Program Files\ytb612_efgsip.exe
2005-12-29 01:39 271 ---h--w C:\Program Files\desktop.ini
2005-12-29 01:39 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 20:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiSpyware"="C:\Program Files\AntiSpyware\AntiSpyware.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/04/08 03:33p 1481968]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/07 05:43p 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p 111376 C:\WINNT\system32\mobsync.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/25/06 09:50p 180269]
"YBrowser"="C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe" [07/21/06 04:19p 129536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/23/07 01:59a 286720]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [02/12/08 02:39p 1115728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/07 01:11a 132496]
"cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [03/24/08 02:54a 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 12:05p 186640]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/06 01:55p 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/07 01:41p 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 03/24/08 02:54a 216576 C:\WINNT\system32\monln.dll

R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [10/23/99 12:22p]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 14:27:44
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbsss]
"ImagePath"="System32\drivers\rdbsss.sys"
.
Completion time: 03/24/2008 14:29:58
ComboFix-quarantined-files.txt 2008-03-24 22:29:48
ComboFix5.txt 2008-03-20 17:18:44
ComboFix4.txt 2008-03-20 17:48:36
ComboFix3.txt 2008-03-21 17:57:46
ComboFix2.txt 2008-03-21 18:29:24
.
2008-03-12 08:39:12 --- E O F ---

--------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:09 PM, on 3/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKCU\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1202406028803
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: monln - C:\WINNT\SYSTEM32\monln.dll
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe

--
End of file - 8335 bytes
 
Hi

Please download the Registry Search tool by clicking on the "hard drive" icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for rdbsss and click OK. Post the logfile from the tool here for me.
 
Do you mean this:

Get Information About Your Drives
Display comprehensive information for all local and network drives.
Note: WScript will incorrectly report sizes over 2GB
4788
5343

(Icons aren't showing when I copy it but all the topics on this page have a little hard drive next to them and a search magnifying glass)
 
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "rdbsss" 3/25/2008 10:55:50 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDBSSS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDBSSS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDBSSS\0000]
"Service"="rdbsss"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDBSSS\0000]
"DeviceDesc"="rdbsss"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDBSSS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDBSSS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDBSSS\0000]
"Service"="rdbsss"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDBSSS\0000]
"DeviceDesc"="rdbsss"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDBSSS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDBSSS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDBSSS\0000]
"Service"="rdbsss"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDBSSS\0000]
"DeviceDesc"="rdbsss"
 
Hi

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Driver::
rdbsss

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Here you go Shaba.....

ComboFix 08-03-18.1 - Administrator 03/25/2008 11:16:56.6 - FAT32x86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

2008-03-25 11:24 . 08-03-25 11:24 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3b4.dat
2008-03-24 14:22 . 08-03-24 14:22 6,736 --a------ C:\WINNT\system32\drivers\PROCEXP90.SYS
2008-03-24 02:55 . 08-03-24 02:54 102,400 --a------ C:\WINNT\system32\drivers\cavasm.sys
2008-03-24 02:55 . 08-03-24 02:54 73,728 --a------ C:\WINNT\system32\CavEmLSP.dll
2008-03-24 02:54 . 08-03-24 02:54 434,252 --a------ C:\WINNT\system32\MSVCRTD.DLL
2008-03-24 02:54 . 08-03-24 02:54 216,576 --a------ C:\WINNT\system32\monln.dll
2008-03-19 03:28 . 08-03-19 03:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-18 02:57 . 08-03-18 02:57 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2008-03-18 02:57 . 08-03-18 02:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-03-17 22:33 . 08-03-17 22:33 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-28 06:59 . 07-09-24 23:31 69,632 --a------ C:\WINNT\system32\javacpl.cpl
2008-02-28 06:57 . 08-02-28 06:57 <DIR> d-------- C:\Program Files\Java
2008-02-28 06:56 . 08-02-28 06:56 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-27 17:23 . 08-02-27 17:23 <DIR> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 10:54 499,712 ----a-w C:\WINNT\system32\msvcp71.dll
2008-03-24 10:54 348,160 ----a-w C:\WINNT\system32\msvcr71.dll
2008-03-24 10:54 1,060,864 ----a-w C:\WINNT\system32\mfc71.dll
2008-03-01 04:23 40,088 ----a-w C:\Program Files\larger2.jpg
2008-03-01 04:22 40,088 ----a-w C:\Program Files\New Audreylarger2.jpg
2008-02-12 22:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Comodo
2008-02-12 22:44 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2008-02-12 22:39 --------- d-----w C:\Program Files\Comodo
2008-02-12 22:04 6,193,264 ----a-w C:\Program Files\fwinstall.exe
2008-02-12 00:56 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2008-02-11 16:18 437,392 ----a-w C:\Program Files\msgr8us.exe
2008-02-11 15:21 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-11 14:09 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-11 14:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-11 14:09 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2008-02-11 14:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-09 09:36 --------- d-----w C:\Program Files\Enigma Software Group
2008-02-07 19:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AntiSpyware
2006-07-08 10:09 6,224,944 ----a-w C:\Program Files\pkreader.exe
2006-07-08 06:15 361,544,078 ----a-w C:\Program Files\GTA2INSTALLER.ZIP
2006-07-01 20:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-06-27 18:47 16,706,160 ----a-w C:\Program Files\AdbeRdr60_enu_full.exe
2006-06-15 07:50 762,512 ----a-w C:\Program Files\ytb612_efgsip.exe
2005-12-29 01:39 271 ---h--w C:\Program Files\desktop.ini
2005-12-29 01:39 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 20:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiSpyware"="C:\Program Files\AntiSpyware\AntiSpyware.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [08-03-04 15:33 1481968]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [07-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 C:\WINNT\system32\mobsync.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06-01-25 21:50 180269]
"YBrowser"="C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe" [06-07-21 16:19 129536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-10-23 01:59 286720]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [08-02-12 14:39 1115728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 01:11 132496]
"cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [08-03-24 02:54 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 186640]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 08-03-24 02:54 216576 C:\WINNT\system32\monln.dll

R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [99-10-23 12:22 ]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 11:24:51
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
.
**************************************************************************
.
Completion time: 2008-03-25 11:29:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-25 19:28:42
ComboFix5.txt 2008-03-20 17:48:36
ComboFix4.txt 2008-03-21 17:57:46
ComboFix3.txt 2008-03-21 18:29:24
ComboFix2.txt 2008-03-24 22:30:06
.
2008-03-12 08:39:12 --- E O F ---
 
Shaba...I did RegSearch again and a little box came up saying "no incidents of rdbsss found...but it didn't give me a log this time. I re-ran it and again no log, just no rdbsss found.
 
Hi

That's good news :)

Open HijackThis, click do a system scan only and checkmark these:

O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)

Close all windows including browser and press fix checked.

Reboot.

Please download ATF Cleaner by Atribune and save
it to desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

Re-scan with kaspersky.


Post:

- a fresh HijackThis log
- kaspersky report
 
You must log in or register to reply here.
Back
Top