lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Iexplore.exe Virus and Its Been There for a Few Weeks :( ((HELP))

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register


 Default 

Iexplore.exe Virus and Its Been There for a Few Weeks :( ((HELP))




Reply
Page 2 of 3 1 2 3
 
Thread Tools
  #11  
Old 26th Apr 2009, 17:49
New Member Group
  
Default Iexplore.exe Virus and Its Been There for a Few Weeks :( ((HELP))

DDS (Ver_09-03-16.01) - NTFSx86
Run by Noshi at 1:46:51.51 on 27/04/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.703.222 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Process Blocker\Process Blocker.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Prismsta.exe
C:\WINDOWS\system32\Prismsvr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Noshi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Noshi\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\wanadoo\wsbar\WSBar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\noshi\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Proc browse] c:\docume~1\noshi\applic~1\onceex~1\twoglobal.exe
mRun: [PRISMSTA.EXE] Prismsta.exe /START
mRun: [PRISMSVR.EXE] Prismsvr.exe /APPLY
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NWEReboot]
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "c:\program files\mediafour\macdrive 7\MacDrive.exe"
mRun: [MDGetStarted.exe] "c:\program files\mediafour\macdrive 7\MDGetStarted.exe" /auto
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orb it.lnk - c:\program files\orbitdownloader\orbitdm.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: ShHook Class: {a5949e07-8536-4625-a3d0-2dd83f559990} - c:\windows\system32\ShellHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\noshi\applic~1\mozilla\firefox\profile s\5uaulytd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\noshi\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\noshi\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\cambridgesoft\chemoffice2008\chem3d\npChem3D Plugin.dll
FF - plugin: c:\program files\cambridgesoft\chemoffice2008\chemdraw\NPCDP3 2.DLL

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-9-5 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPM GRNT.sys [2007-2-28 19072]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-20 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-20 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-20 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sy s [2008-10-10 93544]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-8-20 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-20 298264]
R2 MacDriveService;MacDriveService;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2007-5-1 143360]
R2 Process Blocker;Process Blocker;c:\program files\process blocker\Process Blocker.exe [2009-3-27 142552]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;c:\windows\system32\drivers\Aldebaran.sys [2004-2-11 21808]
S3 PAC7302;PC VGA Camer@ Plus;c:\windows\system32\drivers\PAC7302.SYS [2007-9-10 457984]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]

=============== Created Last 30 ================

2009-04-27 01:46 <DIR> --d-h--- c:\windows\PIF
2009-04-27 00:49 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-25 22:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-25 22:33 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-25 22:33 <DIR> --d----- c:\docume~1\noshi\applic~1\SUPERAntiSpyware.com
2009-04-25 22:24 <DIR> --d----- c:\program files\CCleaner
2009-04-25 01:28 <DIR> --d----- c:\windows\system32\KB905474
2009-04-25 01:17 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-24 17:53 283,648 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-24 17:53 60,416 -c------ c:\windows\system32\dllcache\colbact.dll
2009-04-24 17:53 399,360 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-24 17:53 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-24 17:53 473,088 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-24 17:53 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-24 17:53 616,960 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-24 17:53 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-24 17:53 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-24 17:43 1,193,414 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-24 17:43 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-24 03:23 <DIR> --d----- c:\documents and settings\noshi\Tracing
2009-04-24 03:18 <DIR> --d----- c:\program files\Microsoft
2009-04-24 03:17 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-24 03:06 <DIR> --d----- c:\program files\common files\Windows Live
2009-04-24 02:32 <DIR> --d----- c:\docume~1\noshi\applic~1\Malwarebytes
2009-04-24 02:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-24 02:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-24 02:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-24 02:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-24 00:23 <DIR> --d----- c:\program files\Process Blocker
2009-04-24 00:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-04-24 00:07 64 a------- c:\windows\wininit.ini
2009-04-23 13:37 <DIR> --d----- c:\program files\Trend Micro
2009-04-23 11:56 337,320 a------- c:\windows\difxapi.dll
2009-04-23 11:56 49,152 a------- c:\windows\InstFunc.exe
2009-04-23 11:56 12,288 a------- c:\windows\InstFunc.dll
2009-04-22 21:23 <DIR> --d----- c:\docume~1\noshi\applic~1\AVGTOOLBAR
2009-04-21 18:17 <DIR> --d----- c:\program files\once extra
2009-04-01 03:32 9,728 a------- c:\windows\system32\SiSPIns2.dll

==================== Find3M ====================

2009-04-22 21:24 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-22 21:23 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-22 21:23 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-21 19:37 921,632 a------- C:\PA7302.DAT
2009-04-01 03:55 19,200 a------- c:\windows\system32\drivers\srvkp.sys
2009-04-01 03:55 1,571,001 a------- c:\windows\system32\sisgl.dll
2009-04-01 03:38 3,467,776 a------- c:\windows\system32\sisgrv.dll
2009-04-01 03:33 324,608 a------- c:\windows\system32\drivers\sisgrp.sys
2009-04-01 03:30 172,032 a------- c:\windows\system32\SiSInst.dll
2009-04-01 03:30 258,048 a------- c:\windows\system32\SiSParse.dll
2009-04-01 03:30 49,152 a------- c:\windows\system32\SiSBase.dll
2009-03-06 15:44 283,648 a------- c:\windows\system32\pdh.dll
2009-02-20 09:30 659,456 a------- c:\windows\system32\wininet.dll
2009-02-20 09:30 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 11:20 723,456 a------- c:\windows\system32\lsasrv.dll
2009-02-09 11:20 399,360 a------- c:\windows\system32\rpcss.dll
2009-02-09 11:20 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 11:20 616,960 a------- c:\windows\system32\advapi32.dll
2009-02-09 11:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 18:24 2,180,480 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 18:14 110,592 a------- c:\windows\system32\services.exe
2009-02-06 17:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 17:49 2,057,728 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 21:08 55,808 a------- c:\windows\system32\secur32.dll
2008-08-20 15:07 278,528 a------- c:\program files\common files\FDEUnInstaller.exe

============= FINISH: 1:47:36.15 ===============

====================


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24/02/2008 12:15:26
System Uptime: 27/04/2009 01:20:42 (0 hours ago)
Processor: Intel(R) Celeron(R) CPU 2.66GHz | Socket 478 | 2680/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 3.237 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_70021631&REV_00\3&61A AA01&0&1B
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_70021631&REV_00\3&61A AA01&0&1B
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Mass Storage Controller
Device ID: PCI\VEN_10B9&DEV_5281&SUBSYS_528110B9&REV_A1\3&61A AA01&0&58
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_10B9&DEV_5281&SUBSYS_528110B9&REV_A1\3&61A AA01&0&58
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Mass Storage Controller
Device ID: PCI\VEN_10B9&DEV_5228&SUBSYS_528110B9&REV_C6\3&61A AA01&0&59
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_10B9&DEV_5228&SUBSYS_528110B9&REV_C6\3&61A AA01&0&59
Service:

==== System Restore Points ===================

RP406: 04/03/2009 10:20:27 - System Checkpoint
RP407: 04/03/2009 17:28:56 - Installed CambridgeSoft ChemOffice Ultra 2008
RP408: 05/03/2009 17:33:30 - System Checkpoint
RP409: 06/03/2009 19:35:39 - System Checkpoint
RP410: 07/03/2009 19:59:30 - System Checkpoint
RP411: 08/03/2009 18:18:37 - Avg8 Update
RP412: 09/03/2009 18:31:22 - System Checkpoint
RP413: 10/03/2009 19:38:11 - System Checkpoint
RP414: 11/03/2009 20:26:41 - System Checkpoint
RP415: 12/03/2009 21:40:21 - System Checkpoint
RP416: 13/03/2009 17:43:44 - Installed VideoImpression
RP417: 13/03/2009 18:06:39 - Installed VideoImpression
RP418: 13/03/2009 18:11:02 - Installed PC VGA Camer@ Plus
RP419: 14/03/2009 18:25:58 - System Checkpoint
RP420: 15/03/2009 19:09:51 - System Checkpoint
RP421: 16/03/2009 20:21:36 - System Checkpoint
RP422: 17/03/2009 20:24:35 - System Checkpoint
RP423: 18/03/2009 11:14:31 - Avg8 Update
RP424: 21/03/2009 13:40:06 - System Checkpoint
RP425: 22/03/2009 14:01:58 - System Checkpoint
RP426: 23/03/2009 16:48:13 - System Checkpoint
RP427: 25/03/2009 23:17:54 - System Checkpoint
RP428: 27/03/2009 22:08:39 - Avg8 Update
RP429: 28/03/2009 23:04:54 - System Checkpoint
RP430: 30/03/2009 11:16:11 - System Checkpoint
RP431: 31/03/2009 12:15:47 - System Checkpoint
RP432: 01/04/2009 12:42:54 - System Checkpoint
RP433: 02/04/2009 13:49:53 - System Checkpoint
RP434: 03/04/2009 13:51:51 - System Checkpoint
RP435: 04/04/2009 14:32:55 - System Checkpoint
RP436: 05/04/2009 16:00:25 - System Checkpoint
RP437: 06/04/2009 16:04:17 - System Checkpoint
RP438: 07/04/2009 22:18:52 - System Checkpoint
RP439: 09/04/2009 17:55:26 - System Checkpoint
RP440: 10/04/2009 18:17:37 - System Checkpoint
RP441: 11/04/2009 20:25:41 - System Checkpoint
RP442: 12/04/2009 21:02:51 - System Checkpoint
RP443: 13/04/2009 21:11:41 - System Checkpoint
RP444: 14/04/2009 22:11:40 - System Checkpoint
RP445: 15/04/2009 22:55:40 - System Checkpoint
RP446: 16/04/2009 13:39:36 - Avg8 Update
RP447: 17/04/2009 13:53:14 - System Checkpoint
RP448: 18/04/2009 14:00:55 - System Checkpoint
RP449: 19/04/2009 15:14:18 - System Checkpoint
RP450: 20/04/2009 15:57:00 - System Checkpoint
RP451: 21/04/2009 21:01:57 - System Checkpoint
RP452: 22/04/2009 21:23:13 - Configured AVG Free 8.5
RP453: 23/04/2009 10:45:50 - Avg8 Update
RP454: 24/04/2009 00:23:48 - Installed Process Blocker
RP455: 24/04/2009 02:04:46 - Configured 802.11g USB 2.0 adapter
RP456: 25/04/2009 01:14:58 - Software Distribution Service 3.0
RP457: 25/04/2009 22:33:16 - Installed SUPERAntiSpyware Free Edition
RP458: 25/04/2009 22:39:55 - Removed SUPERAntiSpyware Free Edition
RP459: 25/04/2009 22:40:34 - Installed SUPERAntiSpyware Free Edition
RP460: 26/04/2009 09:00:23 - Avg8 Update
RP461: 27/04/2009 00:48:14 - Installed Java(TM) 6 Update 13
RP462: 27/04/2009 00:50:08 - Installed Java Runtime Environment

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
802.11g USB 2.0 adapter
Ad-Aware 2007
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
Adobe® Photoshop® Album Starter Edition 3.0
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoImpression 2
AVG 8.5
Bonjour
CambridgeSoft Activation Client
CambridgeSoft ChemOffice Ultra 2008
CCleaner (remove only)
Choice Guard
Driving Test Success 2002-2003
DSA Theory Test
DVD Power Burner
ffdshow (remove only)
FinalBurner PRO v2.5.0.177
Google Talk Plugin
Hazard Perception Training 2002-2003
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
IrfanView (remove only)
iTunes
Java(TM) 6 Update 13
MacDrive 7
Malwarebytes' Anti-Malware
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Script Debugger
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.9)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero - Burning Rom (Web installer)
Orbit Downloader
PC VGA Camer@ Plus
Process Blocker
QuickTime
RegCure 1.5.2.7
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Segoe UI
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Skype™ 4.0
Spybot - Search & Destroy
StarBurn Version 10 (Build 0x20080905)
SUPERAntiSpyware Free Edition
Tansee iPod Transfer Photo v5.0
Tweak UI
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6f
WebFldrs XP
Winamp
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WLAN

==== Event Viewer Messages From Past Week ========

27/04/2009 01:46:55, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
25/04/2009 22:40:43, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
25/04/2009 16:32:19, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MDFSYSNT MDPMGRNT MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
25/04/2009 16:32:19, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
25/04/2009 16:32:19, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/04/2009 16:32:19, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/04/2009 16:32:19, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
25/04/2009 16:32:19, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/04/2009 16:32:19, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/04/2009 16:32:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
25/04/2009 16:31:32, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
24/04/2009 01:41:20, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
24/04/2009 01:41:20, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
24/04/2009 01:41:20, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
24/04/2009 01:41:20, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: All pipe instances are busy.
24/04/2009 01:41:20, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/04/2009 20:10:36, error: PRISM_A02 [5002] - 802.11g USB 2.0 adapter : Has determined that the adapter is not functioning properly.

==== End Of File ===========================
  #12  
Old 26th Apr 2009, 18:56
Moderator Group
  
Default Iexplore.exe Virus and Its Been There for a Few Weeks :( ((HELP))

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

DDS::
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\wanadoo\wsbar\WSBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - 
Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} -
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
__________________
  #13  
Old 27th Apr 2009, 03:08
New Member Group
  
Default Iexplore.exe Virus and Its Been There for a Few Weeks :( ((HELP))

I downloaded combi and didn't run it. made the txt file in notepad and as i dragged it to the combi, it asked me to run combi? i agreed and then its giving me the following to do?



and just before this message i heard a loud unusual beep.
how do I disable AVG Anti-Virus before clicking ok?
  #14  
Old 27th Apr 2009, 05:27
New Member Group
  
Default Iexplore.exe Virus and Its Been There for a Few Weeks :( ((HELP))

This website is Great! I will recommend you to all my friends. I found so much useful things here. Thank you.

_____________________________
computer repair services
  #15  
Old 27th Apr 2009, 09:29
Moderator Group
  
Default Iexplore.exe Virus and Its Been There for a Few Weeks :( ((HELP))

Just ignore that error. That happens with AVG even when you turn it off. It will still run just fine.
__________________
  #16  
Old 27th Apr 2009, 13:35
New Member Group
  
Default Iexplore.exe Virus and Its Been There for a Few Weeks :( ((HELP))

when i try to attach the txt file, it says:

Upload Errors ComboFix.txt:
Invalid File

therefore i'm pasting it:

ComboFix 09-04-27.02 - Noshi 27/04/2009 21:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.703.228 [GMT 1:00]
Running from: c:\documents and settings\Noshi\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Noshi\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mdm.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-27 00:46 . 2009-04-27 00:46 -------- d--h--w c:\windows\PIF
2009-04-26 23:49 . 2009-04-26 23:48 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-25 21:33 . 2009-04-25 21:33 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-25 21:33 . 2009-04-25 21:40 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-25 21:33 . 2009-04-25 21:40 -------- d-----w c:\documents and settings\Noshi\Application Data\SUPERAntiSpyware.com
2009-04-25 21:24 . 2009-04-25 21:24 -------- d-----w c:\program files\CCleaner
2009-04-25 00:28 . 2009-03-10 21:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-25 00:28 . 2009-03-10 21:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner .exe
2009-04-25 00:28 . 2009-04-25 00:28 -------- d-----w c:\windows\system32\KB905474
2009-04-25 00:17 . 2009-04-25 00:17 -------- d-----w c:\program files\MSXML 4.0
2009-04-24 16:53 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-24 16:53 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-24 16:53 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-24 16:53 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-24 16:53 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-24 16:53 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-24 16:53 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-24 16:53 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-24 16:53 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-24 16:43 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-24 02:23 . 2009-04-27 20:24 -------- d-----w c:\documents and settings\Noshi\Tracing
2009-04-24 02:18 . 2009-04-24 02:18 -------- d-----w c:\program files\Microsoft
2009-04-24 02:17 . 2009-04-24 02:17 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-24 02:06 . 2009-04-24 02:06 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-24 01:32 . 2009-04-24 01:32 -------- d-----w c:\documents and settings\Noshi\Application Data\Malwarebytes
2009-04-24 01:32 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-24 01:32 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-24 01:32 . 2009-04-24 01:32 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-24 01:32 . 2009-04-24 07:44 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 23:23 . 2009-04-24 00:35 -------- d-----w c:\program files\Process Blocker
2009-04-23 23:07 . 2009-04-23 23:07 -------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI
2009-04-23 12:37 . 2009-04-23 12:37 -------- d-----w c:\program files\Trend Micro
2009-04-23 10:56 . 2006-03-22 12:53 337320 ----a-w c:\windows\difxapi.dll
2009-04-23 10:56 . 2006-04-28 00:56 49152 ----a-w c:\windows\InstFunc.exe
2009-04-23 10:56 . 2009-04-01 02:31 12288 ----a-w c:\windows\InstFunc.dll
2009-04-22 20:23 . 2009-04-24 22:04 -------- d-----w c:\documents and settings\Noshi\Application Data\AVGTOOLBAR
2009-04-21 17:17 . 2009-04-21 17:17 -------- d-----w c:\program files\once extra
2009-04-01 02:32 . 2009-04-01 02:32 9728 ----a-w c:\windows\system32\SiSPIns2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-27 00:12 . 2008-04-29 12:52 -------- d-----w c:\program files\Java
2009-04-25 21:40 . 2008-04-06 21:04 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-25 00:24 . 2008-08-03 09:09 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-24 02:17 . 2008-03-06 20:47 -------- d-----w c:\program files\Windows Live
2009-04-22 20:37 . 2008-02-25 15:28 -------- d-----w c:\program files\Common Files\Adobe
2009-04-22 20:24 . 2008-08-20 14:47 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-22 20:23 . 2008-08-20 14:47 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-22 20:23 . 2008-08-20 14:47 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-21 18:37 . 2009-03-13 19:33 921632 ----a-w C:\PA7302.DAT
2009-04-21 17:16 . 2009-03-16 21:02 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-18 18:13 . 2009-02-03 22:38 1324 ----a-w c:\documents and settings\Noshi\Local Settings\Application Data\d3d9caps.dat
2009-04-01 02:55 . 2004-04-15 03:33 19200 ----a-w c:\windows\system32\drivers\srvkp.sys
2009-04-01 02:55 . 2004-04-17 15:57 1571001 ----a-w c:\windows\system32\sisgl.dll
2009-04-01 02:38 . 2004-04-15 03:03 3467776 ----a-w c:\windows\system32\sisgrv.dll
2009-04-01 02:33 . 2004-04-15 02:56 324608 ----a-w c:\windows\system32\drivers\sisgrp.sys
2009-04-01 02:30 . 2004-04-16 15:52 172032 ----a-w c:\windows\system32\SiSInst.dll
2009-04-01 02:30 . 2004-04-16 15:51 258048 ----a-w c:\windows\system32\SiSParse.dll
2009-04-01 02:30 . 2004-04-16 15:50 49152 ----a-w c:\windows\system32\SiSBase.dll
2009-03-19 12:41 . 2009-03-19 12:41 -------- d-----w c:\program files\Bonjour
2009-03-16 21:02 . 2009-03-16 21:02 -------- d-----w c:\program files\Circe Developement
2009-03-13 19:27 . 2009-03-13 19:27 -------- d-----r c:\program files\Skype
2009-03-13 18:52 . 2009-03-13 18:52 -------- d-----w c:\program files\RegCure
2009-03-13 18:11 . 2009-03-13 18:11 -------- d-----w c:\program files\Common Files\PAC7302
2009-03-13 18:11 . 2009-03-13 18:11 -------- d-----w c:\program files\PC VGA Camer@ Plus
2009-03-13 17:45 . 2009-03-13 17:45 -------- d-----w c:\program files\Common Files\ArcSoft
2009-03-13 17:43 . 2009-03-13 17:43 -------- d-----w c:\program files\ArcSoft
2009-03-13 17:43 . 2008-03-05 18:24 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 17:42 . 2008-03-05 18:21 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-06 14:44 . 2001-08-23 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-04 17:49 . 2008-02-26 11:14 70920 ----a-w c:\documents and settings\Kashi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-04 17:37 . 2009-03-04 17:37 -------- d-----w c:\program files\Microsoft SQL Server
2009-02-20 08:30 . 2008-02-24 18:38 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2001-08-23 12:00 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-09 10:20 . 2001-08-23 12:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2001-08-23 12:00 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2001-08-23 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2001-08-23 12:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2001-08-23 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 17:24 . 2001-08-23 12:00 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2001-08-23 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-08-23 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2001-08-17 13:48 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2001-08-23 12:00 55808 ----a-w c:\windows\system32\secur32.dll
2008-08-20 14:07 . 2008-02-24 12:57 278528 ----a-w c:\program files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\Noshi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-26 133104]
"Proc browse"="c:\docume~1\Noshi\APPLIC~1\ONCEEX~1\twogl obal.exe" [2009-04-21 626688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-22 1932568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"NeroCheck"="c:\windows\system32\NeroCheck.exe " [2008-10-09 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2008-07-09 201304]
"MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monit or.exe" [2006-11-03 319488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-26 148888]
"PRISMSTA.EXE"="Prismsta.exe" - c:\windows\system32\PRISMSTA.exe [2003-11-08 254044]
"PRISMSVR.EXE"="Prismsvr.exe" - c:\windows\system32\PRISMSVR.exe [2004-03-18 282713]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Kashi\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-5-8 1678536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-22 20:23 10520 ----a-w c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Noshi\\Desktop\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Noshi\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Noshi\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM

R3 Aldebaran;Aldebaran - Storage Filter Drivers;c:\windows\system32\Drivers\Aldebaran.sys [2004-02-11 21808]
R3 PAC7302;PC VGA Camer@ Plus;c:\windows\system32\DRIVERS\PAC7302.SYS [2007-09-10 457984]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MDPMGRNT; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-22 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-22 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sy s [2008-08-20 93544]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-22 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-22 298264]
S2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]
S2 Process Blocker;Process Blocker;c:\program files\Process Blocker\Process Blocker.exe [2009-03-27 142552]

.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2009-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1897051121-2146997909-1004.job
- c:\documents and settings\Noshi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-26 23:20]

2009-04-27 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-04-26 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-04-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-25 21:18]
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-NWEReboot - (no file)
ShellExecuteHooks-{A5949E07-8536-4625-A3D0-2DD83F559990} - c:\windows\system32\ShellHook.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Noshi\Application Data\Mozilla\Firefox\Profiles\5uaulytd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\Noshi\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Noshi\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3D Plugin.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP3 2.DLL

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 21:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3736)
c:\program files\Mediafour\MacDrive 7\MDVolumeIcons.dll
c:\program files\Mediafour\MacDrive 7\MACDRAPI.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\Internet Explorer\iexplore.exe
.
************************************************** ************************
.
Completion time: 2009-04-27 21:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-27 20:29

Pre-Run: 3,366,305,792 bytes free
Post-Run: 3,989,528,576 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptIn

257 --- E O F --- 2009-04-25 00:29
  #17  
Old 27th Apr 2009, 16:17
Moderator Group
  
Default Iexplore.exe Virus and Its Been There for a Few Weeks :( ((HELP))

  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.


  • The above procedure will:
  • Delete the following:
  • ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.


----------

How is the computer running now?
__________________
  #18  
Old 27th Apr 2009, 17:25
New Member Group
  
Default Iexplore.exe Virus and Its Been There for a Few Weeks :( ((HELP))

hey its working much better than before thanks
but I'm still getting pop ups (in IE starting with CID where as I use firefox) and iexplore.exe is still running in the processes and i don't use explorer
  #19  
Old 27th Apr 2009, 17:29
Moderator Group
  
Default Iexplore.exe Virus and Its Been There for a Few Weeks :( ((HELP))

What sort of popups are they? Porn or just ads?

Download Lop S&D by Eric_71 and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.

  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.


A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt
__________________
  #20  
Old 27th Apr 2009, 17:43
New Member Group
  
Default Iexplore.exe Virus and Its Been There for a Few Weeks :( ((HELP))

hey, thanks for the quick reply.
they are just random pop ups. the one am attaching is just an example and i've seen it the first time. usually its them tiny pop ups with adds or games etc




--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : Award Medallion BIOS v6.00PG
USER : Noshi ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:6 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 28/04/2009| 1:35 )

--------------------\\ Listing folders in APPLIC~1

[05/08/2008|23:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[24/02/2008|13:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[24/02/2008|13:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[24/02/2008|14:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[20/08/2008|15:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[24/02/2008|21:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla

[22/04/2009|21:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[03/03/2008|13:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[03/03/2008|13:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[22/04/2009|21:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[11/05/2008|14:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blueberry
[04/03/2009|18:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CambridgeSoft
[22/04/2009|21:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DriverCure
[24/02/2008|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[11/05/2008|14:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[06/04/2008|22:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[21/04/2009|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Loud spam else tool
[11/05/2008|14:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[24/04/2009|02:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[17/11/2008|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mediafour
[16/03/2009|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[24/04/2009|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/04/2009|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[13/03/2009|20:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[22/03/2009|15:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic
[24/04/2009|00:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PrevxCSI
[05/08/2008|23:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prism
[13/03/2009|20:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[08/11/2008|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[25/04/2009|22:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[25/05/2008|18:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[05/05/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[05/08/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[24/02/2008|13:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[13/11/2008|23:39] C:\DOCUME~1\Kashi\APPLIC~1\Adobe
[13/11/2008|23:39] C:\DOCUME~1\Kashi\APPLIC~1\AdobeAUM
[13/11/2008|23:39] C:\DOCUME~1\Kashi\APPLIC~1\AdobeUM
[13/04/2008|22:45] C:\DOCUME~1\Kashi\APPLIC~1\Apple Computer
[13/03/2009|18:49] C:\DOCUME~1\Kashi\APPLIC~1\ArcSoft
[27/04/2009|23:47] C:\DOCUME~1\Kashi\APPLIC~1\AVGTOOLBAR
[11/05/2008|14:37] C:\DOCUME~1\Kashi\APPLIC~1\DAEMON Tools
[04/12/2008|18:51] C:\DOCUME~1\Kashi\APPLIC~1\dvdcss
[10/10/2008|00:43] C:\DOCUME~1\Kashi\APPLIC~1\FinalBurner .ISO
[10/10/2008|00:40] C:\DOCUME~1\Kashi\APPLIC~1\FinalBurner Copy
[10/10/2008|00:42] C:\DOCUME~1\Kashi\APPLIC~1\FinalBurner Video DVD
[11/05/2008|15:03] C:\DOCUME~1\Kashi\APPLIC~1\HP
[26/02/2008|12:14] C:\DOCUME~1\Kashi\APPLIC~1\Identities
[04/12/2008|15:59] C:\DOCUME~1\Kashi\APPLIC~1\Leadertech
[26/02/2008|14:28] C:\DOCUME~1\Kashi\APPLIC~1\Macromedia
[11/05/2008|15:04] C:\DOCUME~1\Kashi\APPLIC~1\Macrovision
[04/09/2008|21:13] C:\DOCUME~1\Kashi\APPLIC~1\Media Player Classic
[16/09/2008|21:04] C:\DOCUME~1\Kashi\APPLIC~1\Microsoft
[28/08/2008|17:21] C:\DOCUME~1\Kashi\APPLIC~1\Mozilla
[13/03/2009|20:56] C:\DOCUME~1\Kashi\APPLIC~1\MSN6
[27/04/2009|23:52] C:\DOCUME~1\Kashi\APPLIC~1\Orbit
[13/03/2009|20:52] C:\DOCUME~1\Kashi\APPLIC~1\Skype
[29/04/2008|13:53] C:\DOCUME~1\Kashi\APPLIC~1\Sun
[05/03/2008|19:31] C:\DOCUME~1\Kashi\APPLIC~1\TSO
[08/05/2008|23:14] C:\DOCUME~1\Kashi\APPLIC~1\vlc
[08/05/2008|22:08] C:\DOCUME~1\Kashi\APPLIC~1\WinRAR

[20/08/2008|15:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[20/08/2008|15:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[09/12/2008|16:53] C:\DOCUME~1\New\APPLIC~1\Adobe
[20/08/2008|16:05] C:\DOCUME~1\New\APPLIC~1\Apple Computer
[20/08/2008|14:59] C:\DOCUME~1\New\APPLIC~1\Identities
[20/08/2008|17:32] C:\DOCUME~1\New\APPLIC~1\IrfanView
[20/08/2008|15:26] C:\DOCUME~1\New\APPLIC~1\Macromedia
[20/08/2008|16:27] C:\DOCUME~1\New\APPLIC~1\Media Player Classic
[06/12/2008|18:10] C:\DOCUME~1\New\APPLIC~1\Microsoft
[20/08/2008|15:42] C:\DOCUME~1\New\APPLIC~1\Mozilla
[27/04/2009|00:08] C:\DOCUME~1\New\APPLIC~1\Orbit
[11/09/2008|23:07] C:\DOCUME~1\New\APPLIC~1\Sun
[20/08/2008|15:34] C:\DOCUME~1\New\APPLIC~1\vlc
[20/08/2008|17:19] C:\DOCUME~1\New\APPLIC~1\Winamp
[20/08/2008|16:25] C:\DOCUME~1\New\APPLIC~1\WinRAR

[14/11/2008|17:11] C:\DOCUME~1\Noshi\APPLIC~1\Adobe
[14/11/2008|17:11] C:\DOCUME~1\Noshi\APPLIC~1\AdobeAUM
[14/11/2008|17:11] C:\DOCUME~1\Noshi\APPLIC~1\AdobeUM
[14/04/2008|18:17] C:\DOCUME~1\Noshi\APPLIC~1\Apple Computer
[13/03/2009|18:55] C:\DOCUME~1\Noshi\APPLIC~1\ArcSoft
[24/04/2009|23:04] C:\DOCUME~1\Noshi\APPLIC~1\AVGTOOLBAR
[22/03/2009|15:29] C:\DOCUME~1\Noshi\APPLIC~1\DriverCure
[23/06/2008|23:06] C:\DOCUME~1\Noshi\APPLIC~1\Google
[25/02/2008|10:51] C:\DOCUME~1\Noshi\APPLIC~1\Identities
[26/02/2008|15:22] C:\DOCUME~1\Noshi\APPLIC~1\Macromedia
[24/04/2009|02:32] C:\DOCUME~1\Noshi\APPLIC~1\Malwarebytes
[23/04/2009|14:22] C:\DOCUME~1\Noshi\APPLIC~1\Microsoft
[07/04/2009|09:28] C:\DOCUME~1\Noshi\APPLIC~1\Mozilla
[21/04/2009|18:19] C:\DOCUME~1\Noshi\APPLIC~1\once extra
[27/04/2009|23:41] C:\DOCUME~1\Noshi\APPLIC~1\Orbit
[06/04/2009|21:16] C:\DOCUME~1\Noshi\APPLIC~1\Skype
[29/04/2008|14:04] C:\DOCUME~1\Noshi\APPLIC~1\Sun
[25/04/2009|22:40] C:\DOCUME~1\Noshi\APPLIC~1\SUPERAntiSpyware.com
[06/03/2008|14:21] C:\DOCUME~1\Noshi\APPLIC~1\TSO
[16/05/2008|09:42] C:\DOCUME~1\Noshi\APPLIC~1\vlc
[31/08/2008|18:54] C:\DOCUME~1\Noshi\APPLIC~1\Winamp
[23/09/2008|01:46] C:\DOCUME~1\Noshi\APPLIC~1\WinRAR

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[27/04/2009 23:40][--a------] C:\WINDOWS\tasks\WGASetup.job
[27/04/2009 23:12][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1897051121-2146997909-1004.job
[27/04/2009 23:40][--a------] C:\WINDOWS\tasks\RegCure Program Check.job
[26/04/2009 03:56][--a------] C:\WINDOWS\tasks\RegCure.job
[24/04/2009 09:00][--a------] C:\WINDOWS\tasks\rpc.job
[24/04/2009 07:52][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[27/04/2009 23:40][--ah-----] C:\WINDOWS\tasks\SA.DAT
[23/08/2001 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[05/08/2008|23:51] C:\Program Files\802.11g USB2.0 Adapter
[22/04/2009|21:36] C:\Program Files\Adobe
[10/10/2008|00:26] C:\Program Files\ahead
[22/08/2008|12:56] C:\Program Files\AMT
[14/10/2008|01:16] C:\Program Files\Apple Software Update
[13/03/2009|18:43] C:\Program Files\ArcSoft
[20/08/2008|15:46] C:\Program Files\AVG
[19/03/2009|13:41] C:\Program Files\Bonjour
[11/12/2008|23:55] C:\Program Files\CambridgeSoft
[25/04/2009|22:24] C:\Program Files\CCleaner
[16/03/2009|22:02] C:\Program Files\Circe Developement
[27/04/2009|21:19] C:\Program Files\Common Files
[11/05/2008|14:40] C:\Program Files\DAEMON Tools Lite
[05/08/2008|23:08] C:\Program Files\DivX
[07/04/2008|12:03] C:\Program Files\Driving Test Success Plus 2003
[05/03/2008|19:23] C:\Program Files\DSA Theory Test
[20/08/2008|16:28] C:\Program Files\ffdshow
[10/10/2008|00:47] C:\Program Files\FinalBurner
[24/02/2008|21:07] C:\Program Files\Firefox
[07/04/2008|12:07] C:\Program Files\Hazard Perception 2003
[11/05/2008|14:54] C:\Program Files\HP
[13/03/2009|18:43] C:\Program Files\InstallShield Installation Information
[25/04/2009|01:17] C:\Program Files\Internet Explorer
[20/08/2008|15:07] C:\Program Files\Inventel
[03/03/2008|13:40] C:\Program Files\iPod
[20/08/2008|15:35] C:\Program Files\IrfanView
[03/03/2008|13:41] C:\Program Files\iTunes
[27/04/2009|01:12] C:\Program Files\Java
[06/04/2008|22:05] C:\Program Files\Lavasoft
[24/04/2009|08:44] C:\Program Files\Malwarebytes' Anti-Malware
[17/11/2008|18:00] C:\Program Files\Mediafour
[28/08/2008|11:24] C:\Program Files\Messenger
[21/04/2009|18:16] C:\Program Files\Messenger Plus! Live
[24/04/2009|03:18] C:\Program Files\Microsoft
[25/04/2009|01:24] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[24/02/2008|13:13] C:\Program Files\microsoft frontpage
[20/05/2008|21:01] C:\Program Files\Microsoft Office
[11/05/2008|15:00] C:\Program Files\Microsoft Script Debugger
[04/03/2009|18:37] C:\Program Files\Microsoft SQL Server
[20/05/2008|21:00] C:\Program Files\Microsoft Visual Studio
[20/08/2008|17:01] C:\Program Files\Microsoft Visual Studio 8
[20/05/2008|21:02] C:\Program Files\Microsoft Works
[20/05/2008|20:59] C:\Program Files\Microsoft.NET
[24/02/2008|19:38] C:\Program Files\Movie Maker
[27/04/2009|23:41] C:\Program Files\Mozilla Firefox
[20/08/2008|16:28] C:\Program Files\Mplayer Classic
[20/05/2008|21:01] C:\Program Files\MSBuild
[24/02/2008|13:09] C:\Program Files\MSN
[24/02/2008|13:08] C:\Program Files\MSN Gaming Zone
[25/04/2009|01:17] C:\Program Files\MSXML 4.0
[24/02/2008|19:36] C:\Program Files\NetMeeting
[21/04/2009|18:17] C:\Program Files\once extra
[24/02/2008|13:11] C:\Program Files\Online Services
[20/05/2008|20:59] C:\Program Files\Orbitdownloader
[25/02/2008|07:07] C:\Program Files\Outlook Express
[13/03/2009|19:11] C:\Program Files\PC VGA Camer@ Plus
[24/04/2009|01:35] C:\Program Files\Process Blocker
[20/05/2008|20:59] C:\Program Files\QuickTime
[01/08/2008|16:59] C:\Program Files\Real
[20/08/2008|16:22] C:\Program Files\RegCleaner
[13/03/2009|19:52] C:\Program Files\RegCure
[10/10/2008|00:50] C:\Program Files\Rocket Division Software
[13/03/2009|20:27] C:\Program Files\Skype
[08/11/2008|00:29] C:\Program Files\Spybot - Search & Destroy
[25/04/2009|22:40] C:\Program Files\SUPERAntiSpyware
[05/08/2008|23:12] C:\Program Files\Tansee iPod Transfer
[20/08/2008|17:01] C:\Program Files\Tansee iPod Transfer Photo
[10/10/2008|00:21] C:\Program Files\TradeTouch
[23/04/2009|13:37] C:\Program Files\Trend Micro
[19/12/2008|19:22] C:\Program Files\Uninstall Information
[08/05/2008|22:20] C:\Program Files\VideoLAN
[24/02/2008|13:57] C:\Program Files\Wanadoo
[01/10/2008|11:11] C:\Program Files\Winamp
[24/04/2009|03:17] C:\Program Files\Windows Live
[24/04/2009|03:17] C:\Program Files\Windows Live SkyDrive
[20/08/2008|17:17] C:\Program Files\Windows Media Player
[24/02/2008|19:35] C:\Program Files\Windows NT
[01/08/2008|16:55] C:\Program Files\Winferno
[08/05/2008|22:08] C:\Program Files\WinRAR
[24/02/2008|13:13] C:\Program Files\xerox
[05/08/2008|23:08] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[22/04/2009|21:37] C:\Program Files\Common Files\Adobe
[03/03/2008|13:24] C:\Program Files\Common Files\Apple
[13/03/2009|18:45] C:\Program Files\Common Files\ArcSoft
[10/08/2008|20:58] C:\Program Files\Common Files\DESIGNER
[13/03/2009|18:42] C:\Program Files\Common Files\InstallShield
[29/04/2008|13:52] C:\Program Files\Common Files\Java
[17/11/2008|18:01] C:\Program Files\Common Files\Mediafour
[11/05/2008|15:01] C:\Program Files\Common Files\Mercury Interactive
[24/04/2009|03:17] C:\Program Files\Common Files\Microsoft Shared
[24/02/2008|13:10] C:\Program Files\Common Files\MSSoap
[28/08/2008|11:09] C:\Program Files\Common Files\ODBC
[13/03/2009|19:11] C:\Program Files\Common Files\PAC7302
[05/08/2008|23:08] C:\Program Files\Common Files\Real
[24/02/2008|13:10] C:\Program Files\Common Files\Services
[24/02/2008|12:56] C:\Program Files\Common Files\SpeechEngines
[20/05/2008|20:50] C:\Program Files\Common Files\System
[24/04/2009|03:06] C:\Program Files\Common Files\Windows Live
[20/05/2008|20:59] C:\Program Files\Common Files\WindowsLiveInstaller
[25/04/2009|22:40] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 53 Processes )

iexplore.exe ~ [PID:1188]
iexplore.exe ~ [PID:3972]
iexplore.exe ~ [PID:2444]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Loud spam else tool
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Loud spam else tool\user cool.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Loud spam else tool\user cool.exe
C:\Program Files\Orbitdownloader
C:\Program Files\Orbitdownloader\addons
C:\Program Files\Orbitdownloader\banurl.ini
C:\Program Files\Orbitdownloader\changelog.txt
C:\Program Files\Orbitdownloader\download.dll
C:\Program Files\Orbitdownloader\Grab.exe
C:\Program Files\Orbitdownloader\GrabDll.dll
C:\Program Files\Orbitdownloader\idht.dll
C:\Program Files\Orbitdownloader\Lang.ini
C:\Program Files\Orbitdownloader\language
C:\Program Files\Orbitdownloader\libeay32.dll
C:\Program Files\Orbitdownloader\magic.mgc
C:\Program Files\Orbitdownloader\orbitcth.dll
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitmxt.dll
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Orbitdownloader\saction.dll
C:\Program Files\Orbitdownloader\siteinfo.ini
C:\Program Files\Orbitdownloader\ssleay32.dll
C:\Program Files\Orbitdownloader\unins000.dat
C:\Program Files\Orbitdownloader\unins000.exe
C:\Program Files\Orbitdownloader\winfile.dll
C:\DOCUME~1\Noshi\Desktop\OrbitDownloaderSetup.exe
C:\DOCUME~1\Noshi\Cookies\noshi@advertising[2].txt

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 01:39:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 381

--------------------\\ Searching for other infections


No other infections found !

[F:25][D:4]-> C:\DOCUME~1\Noshi\LOCALS~1\Temp
[F:68][D:0]-> C:\DOCUME~1\Noshi\Cookies
[F:260][D:4]-> C:\DOCUME~1\Noshi\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 28/04/2009| 1:42 - Option : [1]

--------------------\\ Scan completed at 1:42:22
Reply
Page 2 of 3 1 2 3

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.