I cannot remove anti- virus programme

**spongemom** · #1 11th Jun 2008, 17:50

Hi, I have a couple of problems with viruses but this one is more urgent as it is for my daughter. We just bought her one of those little laptops, Asus Eee pc 900 Xp. We installed Bullgaurd as we all have that, and no viruses detected. However, almost immediately after setting it up this nasty pop- up kept appearing-, it's one of those virus detected notices, from IEEantivirus.com. We do not think we downloaded it, but it is there, and we cannot uninstall it. We have tried everything we could think of but it keeps appearing and it is slowing everything down because you have to go through it before you can open anything else.

I would really appreciate any help you can give me.

I noted you usually ask for specs when helping people, if the above is not enough info can you please tell me what exactly I need to tell you.

Thankyou

**Hybr!d** · #2 11th Jun 2008, 17:53

Please follow these instructions and post the log files so we can see what is going on.

http://www.computer-juice.com/forums...-posting-7476/

**spongemom** · #3 12th Jun 2008, 00:54

<LOG REMOVED>

**spongemom** · #4 12th Jun 2008, 13:25

Sorry, but I do not understand any of these requests. Did i do something wrong?

**evilfantasy** · #5 12th Jun 2008, 13:32

No you haven't done anything wrong.

I will post here what needs to be done. Sorry for the confusion.

Go HERE and scroll down to run the following scans/cleaner.

Step Two - CCleaner
Step Three - SUPERAntiSpyware
Step Four - MalwareBytes

Then run a new Hijackthis scan and post the log.

If needed see this post for a reference of how the process works.

**spongemom** · #6 12th Jun 2008, 16:25

Thanks for your patience. i have done the first step. Is this correct? These pop-ups are breeding. There are now about 10 of them, all the same but it takes several attempts to close them!I do hope this works. I will now try other steps.Thanks again.D:\Program Files\Sun\StarSuite 8\program\soffice.BINC:\WINDOWS\system32\igfxext.e xeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Windows Live Toolbar\msn_sl.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/globalO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO2 - BHO: Sigma plugin - {D3E7C926-6B3C-4F88-8113-AD357C2E208F} - C:\WINDOWS\tasant32.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [AsusTray] C:\Program Files\Asus\EeePC ACPI\AsTray.exeO4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exeO4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exeO4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -bootO4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIRUS.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: StarSuite 8.lnk = D:\Program Files\Sun\StarSuite 8\program\quickstart.exeO4 - Global Startup: AutoRun OSCleaner.lnk = ?O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exeO23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

**evilfantasy** · #7 12th Jun 2008, 16:31

I can hardly read that. Next time uncheck word wrap before posting the log.

Lets do this.

Read through the instructions before running the program so you wil be prepared.

Download Combofix by sUBs from one of the below links.

Important! Combofix.exe MUST be saved to and ran from the Desktop.

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
Double click combofix.exe & follow the prompts.
- Choose Yes to accept the Disclaimers.
When finished, it will produce a log for you.
Post that log in your next reply.

Warning: Do not mouseclick Combofix's window while it is running. That may cause it to stall

If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

If needed, see this Combofix tutorial with screenshots that will detail more thoroughly the downloading and running of Combofix.

----------

Next post add
Combofix log

**spongemom** · #8 12th Jun 2008, 17:36

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-24 08:43 104984]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-24 08:43 121368]
"Persistence"="C:\WINDOWS\system32\igfxpers.ex e" [2007-09-24 08:43 100888]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 22:14 16858112 C:\WINDOWS\RTHDCPL.exe]
"AsusTray"="C:\Program Files\Asus\EeePC ACPI\AsTray.exe" [2008-03-27 22:20 102400]
"AsusACPIServer"="C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe" [2008-03-20 17:52 544768]
"ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe" [2008-04-03 20:21 339968]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-06-11 13:52 308552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-01 04:00 15360]
C:\Documents and Settings\Aktham Akhrass\Start Menu\Programs\Startup\
StarSuite 8.lnk - D:\Program Files\Sun\StarSuite 8\program\quickstart.exe [2006-01-25 23:42:42 122880]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoRun OSCleaner.lnk - C:\Program Files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2008-03-20 05:05:48 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 16:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-13 01:08 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R2 BdFileSpy;BullGuard File Monitor Driver;C:\WINDOWS\system32\drivers\BdFileSpy.sys [2008-03-13 15:27]
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe [2006-03-01 04:00]
R2 BsFire;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe [2006-03-01 04:00]
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2007-11-28 11:42]
R3 AsusACPI;ASUS ACPI Driver;C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2007-07-27 01:00]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-10-19 06:12]
R3 Ktp;Elantech Smart-Pad;C:\WINDOWS\system32\DRIVERS\ETD.sys [2008-04-03 20:27]
R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Ltd\BullGuard\Reconn.sys [2007-10-29 09:08]
S3 BGRaSvc;BGRaSvc;"C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe" [2008-04-21 11:12]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 00:19:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-12 23:57:27 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-12 21:14:49 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 01:23:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-06-13 1:24:07
ComboFix-quarantined-files.txt 2008-06-13 00:24:04
Pre-Run: 1,391,263,744 bytes free
Post-Run: 1,382,711,296 bytes free

**evilfantasy** · #9 12th Jun 2008, 17:45

Thats not a whole log.

Go to Start > Run then type C:\combofix.txt and click OK.

Copy and paste the entire log into the next reply.

**spongemom** · #10 12th Jun 2008, 18:02

ComboFix 08-06-11.1 - Aktham Akhrass 2008-06-13 1:21:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.666 [GMT 1:00]
Running from: C:\Documents and Settings\Aktham Akhrass\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\smp.bat
.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.
2008-06-13 00:34 . 2008-06-13 00:34 <DIR> d-------- C:\Program Files\Uniblue
2008-06-13 00:34 . 2008-06-13 00:34 <DIR> d-------- C:\Documents and Settings\Aktham Akhrass\Application Data\Uniblue
2008-06-13 00:06 . 2008-06-13 00:06 <DIR> d-------- C:\Program Files\CCleaner
2008-06-12 22:14 . 2008-06-12 22:17 <DIR> d-------- C:\Program Files\RegCure
2008-06-12 20:43 . 2008-06-13 00:57 <DIR> d-------- C:\Documents and Settings\Aktham Akhrass\Application Data\StarSuite8
2008-06-12 11:24 . 2008-06-12 11:24 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-12 08:51 . 2008-06-12 08:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-12 02:59 . 2008-06-12 02:59 <DIR> d-------- C:\Program Files\Google
2008-06-12 02:33 . 2008-06-12 02:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-12 02:13 . 2008-06-12 03:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-12 01:33 . 2008-06-12 19:26 <DIR> d-------- C:\Documents and Settings\Aktham Akhrass\Application Data\Skype
2008-06-12 01:33 . 2008-03-26 22:03 <DIR> d-------- C:\Documents and Settings\Aktham Akhrass\Application Data\InterVideo
2008-06-12 01:33 . 2008-03-20 04:35 <DIR> d-------- C:\Documents and Settings\Aktham Akhrass\Application Data\InstallShield
2008-06-12 01:33 . 2008-06-13 00:10 <DIR> d-------- C:\Documents and Settings\Aktham Akhrass
2008-06-11 21:30 . 2008-03-20 08:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-06-11 21:30 . 2008-03-26 22:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo
2008-06-11 21:30 . 2008-03-20 04:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-06-11 21:30 . 2008-06-11 21:30 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-11 20:52 . 2008-06-11 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-11 20:51 . 2008-06-12 02:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-11 20:51 . 2008-06-12 02:50 <DIR> d-------- C:\Documents and Settings\Aktham Akhrass\Application Data\SUPERAntiSpyware.com
2008-06-11 16:07 . 2008-06-11 16:07 <DIR> d-------- C:\Documents and Settings\Aktham Akhrass\Contacts
2008-06-11 16:07 . 2008-06-11 16:07 268 --ah----- C:\sqmdata01.sqm
2008-06-11 16:07 . 2008-06-11 16:07 244 --ah----- C:\sqmnoopt01.sqm
2008-06-11 15:10 . 2008-06-11 15:10 276,480 --a------ C:\WINDOWS\tasant32.dll
2008-06-11 14:24 . 2008-06-11 14:24 <DIR> d-------- C:\Documents and Settings\Aktham Akhrass\Application Data\Template
2008-06-11 14:23 . 2008-06-12 21:41 80 --a------ C:\Documents and Settings\Aktham Akhrass\Application Data\wklnhst.dat
2008-06-11 14:09 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-11 13:48 . 2008-06-13 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BullGuard
2008-06-11 13:48 . 2008-06-11 17:50 <DIR> d-------- C:\Documents and Settings\Aktham Akhrass\Application Data\BullGuard
2008-06-11 13:47 . 2008-06-11 13:47 <DIR> d-------- C:\Program Files\BullGuard Ltd
2008-06-11 13:47 . 2008-03-13 15:27 52,560 --a------ C:\WINDOWS\system32\drivers\BdFileSpy.sys
2008-06-11 13:34 . 2008-06-11 13:34 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-06-11 13:34 . 2008-06-11 13:34 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-06-11 13:30 . 2008-06-11 13:30 <DIR> d---s---- C:\Documents and Settings\Aktham Akhrass\UserData
2008-06-11 13:30 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-11 13:30 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-11 13:30 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-11 13:09 --------- d-----w C:\Program Files\Java
2008-04-21 10:12 19,784 ----a-w C:\WINDOWS\system32\BgOutlookHook.dll
2008-04-21 10:08 14,152 ----a-w C:\WINDOWS\system32\lccl.dll
2008-04-21 10:08 14,152 ----a-w C:\WINDOWS\system32\client_cc.dll
2008-04-03 19:17 192,512 ----a-w C:\WINDOWS\system32\ETDCoinst.dll
2008-03-20 03:29 315,392 ----a-w C:\WINDOWS\HideWin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3E7C926-6B3C-4F88-8113-AD357C2E208F}]
2008-06-11 15:10 276480 --a------ C:\WINDOWS\tasant32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 16:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2008-06-12 02:59 171448]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 12:22 1923352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-24 08:43 104984]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-24 08:43 121368]
"Persistence"="C:\WINDOWS\system32\igfxpers.ex e" [2007-09-24 08:43 100888]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 22:14 16858112 C:\WINDOWS\RTHDCPL.exe]
"AsusTray"="C:\Program Files\Asus\EeePC ACPI\AsTray.exe" [2008-03-27 22:20 102400]
"AsusACPIServer"="C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe" [2008-03-20 17:52 544768]
"ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe" [2008-04-03 20:21 339968]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-06-11 13:52 308552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-01 04:00 15360]
C:\Documents and Settings\Aktham Akhrass\Start Menu\Programs\Startup\
StarSuite 8.lnk - D:\Program Files\Sun\StarSuite 8\program\quickstart.exe [2006-01-25 23:42:42 122880]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoRun OSCleaner.lnk - C:\Program Files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2008-03-20 05:05:48 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 16:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-13 01:08 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R2 BdFileSpy;BullGuard File Monitor Driver;C:\WINDOWS\system32\drivers\BdFileSpy.sys [2008-03-13 15:27]
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe [2006-03-01 04:00]
R2 BsFire;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe [2006-03-01 04:00]
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2007-11-28 11:42]
R3 AsusACPI;ASUS ACPI Driver;C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2007-07-27 01:00]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-10-19 06:12]
R3 Ktp;Elantech Smart-Pad;C:\WINDOWS\system32\DRIVERS\ETD.sys [2008-04-03 20:27]
R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Ltd\BullGuard\Reconn.sys [2007-10-29 09:08]
S3 BGRaSvc;BGRaSvc;"C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe" [2008-04-21 11:12]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 00:19:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-12 23:57:27 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-12 21:14:49 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 01:23:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-06-13 1:24:07
ComboFix-quarantined-files.txt 2008-06-13 00:24:04
Pre-Run: 1,391,263,744 bytes free
Post-Run: 1,382,711,296 bytes free
139 --- E O F --- 2008-06-12 10:25:05