Travel Fans
Go Back   Computer Juice Computer Software Virus, Spyware & Security
Reload this Page

Very Slow Computer, Followed Guide, Posting Logs

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register

 Default 

Very Slow Computer, Followed Guide, Posting Logs




Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old 14th Feb 2009, 01:50
Donor VIP
Posts: 20
 
Hello,

I followed the steps in the guide and it seems to have helped, my computer is moving faster.

Please let me know if I need to do anything else, or if I am all clear.
Thanks.

SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/14/2009 at 00:53 AM
Application Version : 4.25.1012
Core Rules Database Version : 3758
Trace Rules Database Version: 1721
Scan type : Complete Scan
Total Scan Time : 00:48:00
Memory items scanned : 473
Memory threats detected : 0
Registry items scanned : 4444
Registry threats detected : 0
File items scanned : 48592
File threats detected : 201
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
Trojan.Spam-SySpools
D:\I386\APPS\APP31066\PFUKKDJE.T
D:\I386\APPS\APP31327\P2GO\JSWBQUBG.T
D:\I386\APPS\APP31327\P2GO\MYVSNYHS.T
D:\I386\APPS\APP31327\PDVD\PFUKKDNF.T
D:\I386\APPS\APP31327\PSTARTER\JSWBQUBS.T
D:\I386\APPS\APP31327\MYVSNYHG.T
D:\I386\APPS\APP31528\AAAAAIID.T
D:\I386\APPS\APP32136\JSWBQUBK.T
D:\I386\APPS\APP32749\MYVSNYHX.T
D:\I386\APPS\APP00023\VRSTELAF.T
D:\I386\APPS\APP01607\COMMON\MSSHARED\EQUATION\GMXJTQYG.T
D:\I386\APPS\APP01607\COMMON\MSSHARED\WKSHARED\MYVSNYLG.T
D:\I386\APPS\APP01607\COMMON\MSSHARED\WKSHARED\VRSTELEQ.T
D:\I386\APPS\APP01607\COMMON\MSSHARED\WKSHARED\JSWBQUJG.T
D:\I386\APPS\APP01607\PFILES\MSWORKS\PFUKKDIJ.T
D:\I386\APPS\APP01607\PFILES\MSWORKS\GMXJTQPP.T
D:\I386\APPS\APP01607\PFILES\MSWORKS\GMXJTQTR.T
D:\I386\APPS\APP01607\PFILES\MSWORKS\AAAAAIHW.T
D:\I386\APPS\APP01607\PFILES\MSWORKS\SLTCHHSR.T
D:\I386\APPS\APP01607\PFILES\MSWORKS\AAAAAIHG.T
D:\I386\APPS\APP01607\PFILES\MSWORKS\SLTCHHWX.T
D:\I386\APPS\APP01607\PFILES\MSWORKS\SLTCHHWP.T
D:\I386\APPS\APP01607\PFILES\MSWORKS\PFUKKDUK.T
D:\I386\APPS\APP01607\PFILES\MSWORKS\PFUKKDUS.T
D:\I386\APPS\APP01607\PFILES\MSWORKS\VRSTELHW.T
D:\I386\APPS\APP01607\PFILES\MSWORKS\JSWBQUMW.T
D:\I386\APPS\APP01607\PFILES\MSWORKS\SLTCHHFL.T
D:\I386\APPS\APP01607\PFILES\OFFICE\PPV\PFUKKDDX.T
D:\I386\APPS\APP01607\PSS\MYVSNYFA.T
D:\I386\APPS\APP01607\PSS\DGYRWMQL.T
D:\I386\APPS\APP01607\PSS\DGYRWMUP.T
D:\I386\APPS\APP01607\PSS\MYVSNYNE.T
D:\I386\APPS\APP01607\PSS\JSWBQYLP.T
D:\I386\APPS\APP01607\PSS\DGYRWQYD.T
D:\I386\APPS\APP01607\PSS\GMXJTUFQ.T
D:\I386\APPS\APP01607\PSS\AAAAAMSL.T
D:\I386\APPS\APP01607\PSS\VRSTEPKJ.T
D:\I386\APPS\APP01607\PSS\SLTCHLEK.T
D:\I386\APPS\APP01607\PSS\MYVSNDRF.T
D:\I386\APPS\APP01607\DGYRWMSW.T
D:\I386\APPS\APP01607\SLTCHHCY.T
D:\I386\APPS\APP01607\MYVSNDRM.T
D:\I386\APPS\APP01741\PFUKKHSX.T
D:\I386\APPS\APP04039\DGYRWQXE.T
D:\I386\APPS\APP04039\GMXJTUIM.T
D:\I386\APPS\APP04039\JSWBQYOR.T
D:\I386\APPS\APP06902\PFUKKHBY.T
D:\I386\APPS\APP10019\GMXJTUML.T
D:\I386\APPS\APP11069\MYVSNDDP.T
D:\I386\APPS\APP11069\DGYRWQKL.T
D:\I386\APPS\APP11069\VRSTEPVR.T
D:\I386\APPS\APP12649\PFUKKHNS.T
D:\I386\APPS\APP12649\MYVSNDHL.T
D:\I386\APPS\APP13338\MYVSNDPD.T
D:\I386\APPS\APP13467\DGYRWQBX.T
D:\I386\APPS\APP17035\VRSTEPYR.T
D:\I386\APPS\APP17981\COMPS\ACS\VRSTEPDD.T
D:\I386\APPS\APP17981\COMPS\ASP\AAAAAMTR.T
D:\I386\APPS\APP17981\COMPS\COACH\DGYRWQAW.T
D:\I386\APPS\APP17981\COMPS\DESKBAR\DGYRWQAS.T
D:\I386\APPS\APP17981\COMPS\FLASH\VRSTEPLY.T
D:\I386\APPS\APP17981\COMPS\FW\GMXJTUKA.T
D:\I386\APPS\APP17981\COMPS\OCP\JSWBQYQW.T
D:\I386\APPS\APP17981\COMPS\PORT\VRSTEPTX.T
D:\I386\APPS\APP17981\COMPS\QT\AAAAAMGS.T
D:\I386\APPS\APP17981\COMPS\RP\PFUKKHTR.T
D:\I386\APPS\APP17981\COMPS\RP\PFUKKHXE.T
D:\I386\APPS\APP17981\COMPS\RP\AAAAAMWX.T
D:\I386\APPS\APP17981\COMPS\SYSINFO\SLTCHLIE.T
D:\I386\APPS\APP17981\COMPS\TB\DGYRWQDQ.T
D:\I386\APPS\APP17981\COMPS\TOOLBAR\PFUKKHGK.T
D:\I386\APPS\APP17981\COMPS\TPSPD\GMXJTUNJ.T
D:\I386\APPS\APP17981\COMPS\VWPT\AAAAAMBW.T
D:\I386\APPS\APP17981\COMPS\VWPT\MYVSNDEG.T
D:\I386\APPS\APP17981\GMXJTUXE.T
D:\I386\APPS\APP18952\GMXJTUVR.T
D:\I386\APPS\APP19824\DGYRWQPK.T
D:\I386\APPS\APP19824\VRSTEPBG.T
D:\I386\APPS\APP19917\JSWBQYKF.T
D:\I386\APPS\APP19917\PFUKKHWL.T
D:\I386\APPS\APP19917\PFUKKHBF.T
D:\I386\APPS\APP19917\GMXJTUMJ.T
D:\I386\APPS\APP19917\DGYRWQKQ.T
D:\I386\APPS\APP19917\AAAAAMIE.T
D:\I386\APPS\APP19917\MYVSNDHF.T
D:\I386\APPS\APP19917\GMXJTUYR.T
D:\I386\APPS\APP19917\AAAAAMQF.T
D:\I386\APPS\APP19917\JSWBQYJW.T
D:\I386\APPS\APP19917\AAAAAMQA.T
D:\I386\APPS\APP19917\GMXJTUDW.T
D:\I386\APPS\APP19917\MYVSNDPX.T
D:\I386\APPS\APP19917\MYVSNDTW.T
D:\I386\APPS\APP19917\VRSTEPQY.T
D:\I386\APPS\APP19917\GMXJTULL.T
D:\I386\APPS\APP20068\VRSTEPUG.T
D:\I386\APPS\APP20068\VRSTEPDY.T
D:\I386\APPS\APP20068\DGYRWQRX.T
D:\I386\APPS\APP22396\PFUKKHUD.T
D:\I386\APPS\APP22396\DGYRWQAM.T
D:\I386\APPS\APP22396\DGYRWQIY.T
D:\I386\APPS\APP22396\GMXJTUSP.T
D:\I386\APPS\APP22396\JSWBQYYQ.T
D:\I386\APPS\APP22396\PFUKKHLJ.T
D:\I386\APPS\APP22396\AAAAAMOJ.T
D:\I386\APPS\APP23742\COMMON\MSSHARED\PI\SLTCHLAF.T
D:\I386\APPS\APP23742\PI\AAAAAMFS.T
D:\I386\APPS\APP23742\PI\VRSTEPWX.T
D:\I386\APPS\APP23742\PI\GMXJTURR.T
D:\I386\APPS\APP23742\PI\GMXJTUAD.T
D:\I386\APPS\APP23742\POD\COMMON\MSSHARED\PI\JSWBQYOY.T
D:\I386\APPS\APP23742\POD\PI\JSWBQYOP.T
D:\I386\APPS\APP23742\POD\PI\PFUKKHFP.T
D:\I386\APPS\APP23742\POD\PI\DGYRWQGF.T
D:\I386\APPS\APP23742\POD\PI\SLTCHLLJ.T
D:\I386\APPS\APP23742\REDIST\DIRECTX\MYVSNDYK.T
D:\I386\APPS\APP23742\REDIST\IE6\GMXJTUQW.T
D:\I386\APPS\APP23742\WINDOWS\PFUKKHJA.T
D:\I386\APPS\APP23742\WINDOWS\JSWBQYWX.T
D:\I386\APPS\APP23742\VRSTEPKY.T
D:\I386\APPS\APP23742\MYVSNDVJ.T
D:\I386\APPS\APP23742\DGYRWQHF.T
D:\I386\APPS\APP23742\PFUKKHGD.T
D:\I386\APPS\APP23742\PFUKKHBP.T
D:\I386\APPS\APP24078\JSWBQYBG.T
D:\I386\APPS\APP25433\DGYRWQWF.T
D:\I386\APPS\APP26163\GMXJTUDA.T
D:\I386\APPS\APP26435\PFUKKHVX.T
D:\I386\APPS\APP26435\DGYRWUFP.T
D:\I386\APPS\APP26435\SLTCHPKM.T
D:\I386\APPS\APP26435\JSWBQDVX.T
D:\I386\APPS\APP26435\VRSTETDP.T
D:\I386\APPS\APP26435\PFUKKLQJ.T
D:\I386\APPS\APP26435\VRSTETDJ.T
D:\I386\APPS\APP26435\AAAAAQPP.T
D:\I386\APPS\APP26435\AAAAAQPK.T
D:\I386\APPS\APP26435\PFUKKLYY.T
D:\I386\APPS\APP26435\MYVSNHSY.T
D:\I386\APPS\APP26435\PFUKKLYL.T
D:\I386\APPS\APP26841\DGYRWUEP.T
D:\I386\APPS\APP27672\GMXJTYOM.T
D:\I386\APPS\APP27672\AAAAAQKK.T
D:\I386\APPS\APP27672\SLTCHPAL.T
D:\I386\APPS\APP27672\JSWBQDPJ.T
D:\I386\APPS\APP27672\MYVSNHAA.T
D:\I386\APPS\APP27672\AAAAAQJP.T
D:\I386\APPS\APP27672\DGYRWUPY.T
D:\I386\APPS\APP27672\VRSTETBF.T
D:\I386\APPS\APP27672\DGYRWUPW.T
D:\I386\APPS\APP27672\GMXJTYAG.T
D:\I386\APPS\APP28844\VRSTETFL.T
D:\I386\APPS\APP28844\DGYRWUCS.T
D:\I386\APPS\APP30227\FILES\OWC10\VRSTETNX.T
D:\I386\APPS\APP30227\FILES\OWC11\MYVSNHUW.T
D:\I386\APPS\APP30227\FILES\PFILES\COMMON\MSSHARED\DW\SLTCHPLE.T
D:\I386\APPS\APP30227\FILES\PFILES\COMMON\MSSHARED\DW\GMXJTYMM.T
D:\I386\APPS\APP30227\FILES\PFILES\MSOFFICE\OFFICE11\SLTCHPLY.T
D:\I386\APPS\APP30227\FILES\SETUP\AAAAAQAJ.T
D:\I386\APPS\APP30227\AAAAAQVE.T
D:\I386\APPS\APP30227\VRSTETNG.T
D:\I386\APPS\APP30227\VRSTETVD.T
D:\I386\APPS\APP30227\SLTCHPPS.T
D:\I386\APPS\APP30560\GMXJTYUR.T
D:\I386\APPS\APP30560\AAAAAQMK.T
D:\I386\APPS\APP30560\GMXJTYYS.T
D:\I386\APPS\APP30560\DGYRWUWM.T
D:\I386\APPS\APP30560\GMXJTYHQ.T
D:\I386\APPS\APP30560\JSWBQDRF.T
D:\I386\APPS\APP30560\AAAAAQDA.T
D:\I386\APPS\APP30560\VRSTETUF.T
D:\I386\APPS\APP30560\PFUKKLIA.T
D:\I386\APPS\APP30921\MPF\SLTCHPOM.T
D:\I386\APPS\APP30921\MPF\GMXJTYTF.T
D:\I386\APPS\APP30921\MSK\DGYRWUNX.T
D:\I386\APPS\APP30921\MSK\AAAAAQHG.T
D:\I386\APPS\APP30921\VS\DGYRWUNW.T
D:\I386\APPS\APP30921\VS\GMXJTYTK.T
D:\I386\APPS\APP30921\VRSTETUL.T
D:\I386\APPS\APP30921\DGYRWUNP.T
D:\I386\APPS\APP31262\JSWBQDAP.T
D:\I386\APPS\APP31262\GMXJTYTQ.T
D:\I386\APPS\APP31262\VRSTETDG.T
D:\I386\APPS\APP31262\DGYRWURJ.T
D:\I386\APPS\APP31262\JSWBQDEK.T
D:\I386\APPS\APP31262\JSWBQDER.T
D:\I386\DRV\MOD\VRSTETDM.T
D:\I386\DRV\MOD\PFUKKLQD.T
D:\UPDGOI\RP\MININT\SYSTEM32\JSWBQDEX.T
D:\UPDGOI\RP\MININT\SYSTEM32\PFUKKLUS.T
D:\UPDGOI\CREATOR\SLTCHPFD.T
D:\UPDGOI\CREATOR\MYVSNHSP.T
D:\UPDGOI\OPTIONS\MYVSNHSW.T
D:\UPDGOI\OPTIONS\GMXJTYGK.T
D:\UPDGOI\OPTIONS\GMXJTYGJ.T
D:\UPDGOI\OPTIONS\PFUKKLYQ.T
D:\UPDGOI\SMINST\JSWBQDQA.T
D:\UPDGOI\TEMP\JSWBQDQR.T


Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.34
Database version: 1761
Windows 5.1.2600 Service Pack 3
2/14/2009 1:13:53 AM
mbam-log-2009-02-14 (01-13-53).txt
Scan type: Quick Scan
Objects scanned: 62179
Time elapsed: 6 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:06 AM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3508
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3508
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3508
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [srclient] C:\Program Files\Multi-screen Remote Desktop\Client\srclient.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=27986
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 9330 bytes

  #2  
Old 14th Feb 2009, 09:41
Malware Fighter
Posts: 348
 
Hi and welcome to CJ.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.
__________________
Iain - Defender of the Haggis
Member of ASAP : : Member of UNITE
__________________

My System: It's all mine...

Processor(s):
C2D E6750 2.66Ghz
Motherboard:
Gigabyte P35C-DS3R
RAM Memory:
2 x 1Gb Corsair DDR2 XMS2 PC26400
Graphics Card(s):
GeForce 8600GT
Sound Card:
Creative X-Fi
Hard Drive(s):
Maxtor 320Gb
Optical Drive(s):
Pioneer DVD-RW
Case / PSU:
Antec 900 / Antec TruPower Trio 650
Cooling:
Various Antec + Zalman 92mm
Network / Internet:
ASUS Router/VirginMedia
Monitor(s):
LGL226WQ 22" Widescreen
Operating System(s):
XP Pro SP3
  #3  
Old 14th Feb 2009, 13:28
Donor VIP
Posts: 20
 
Hi Iain,
Thank you for helping me out.

ComboFix 09-02-12.03 - Owner 2009-02-14 15:07:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.367.118 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090214-0] *On-access scanning disabled* (Updated)
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall Plus *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_004150_.tmp.dll
c:\windows\system32\_004151_.tmp.dll
c:\windows\system32\_004152_.tmp.dll
c:\windows\system32\_004153_.tmp.dll
c:\windows\system32\_004160_.tmp.dll
c:\windows\system32\_004161_.tmp.dll
c:\windows\system32\_004162_.tmp.dll
c:\windows\system32\_004163_.tmp.dll
c:\windows\system32\_004165_.tmp.dll
c:\windows\system32\_004166_.tmp.dll
c:\windows\system32\_004169_.tmp.dll
c:\windows\system32\_004170_.tmp.dll
c:\windows\system32\_004172_.tmp.dll
c:\windows\system32\_004173_.tmp.dll
c:\windows\system32\_004174_.tmp.dll
c:\windows\system32\_004176_.tmp.dll
c:\windows\system32\_004179_.tmp.dll
c:\windows\system32\_004180_.tmp.dll
c:\windows\system32\_004184_.tmp.dll
c:\windows\system32\_004185_.tmp.dll
c:\windows\system32\_004187_.tmp.dll
c:\windows\system32\_004190_.tmp.dll
c:\windows\system32\_004192_.tmp.dll
c:\windows\system32\_004193_.tmp.dll
c:\windows\system32\_004194_.tmp.dll
c:\windows\system32\_004195_.tmp.dll
c:\windows\system32\_004196_.tmp.dll
c:\windows\system32\_004199_.tmp.dll
c:\windows\system32\_004200_.tmp.dll
c:\windows\system32\_004201_.tmp.dll
c:\windows\system32\_004202_.tmp.dll
c:\windows\system32\_004203_.tmp.dll
c:\windows\system32\_004208_.tmp.dll
c:\windows\system32\_004210_.tmp.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.
2009-02-14 03:22 . 2009-02-14 03:22 <DIR> d-------- c:\program files\Trend Micro
2009-02-14 01:21 . 2009-02-14 01:21 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-14 01:21 . 2009-02-14 01:21 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-13 23:58 . 2009-02-13 23:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-13 23:57 . 2009-02-13 23:57 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-13 23:57 . 2009-02-13 23:57 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-13 23:57 . 2009-02-13 23:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-02-13 23:52 . 2009-02-13 23:52 <DIR> d-------- c:\program files\CCleaner
2009-02-13 22:52 . 2009-02-13 22:52 <DIR> d-------- c:\program files\Alwil Software
2009-02-13 16:01 . 2009-02-13 16:01 <DIR> d-------- c:\windows\Sun
2009-02-11 00:55 . 2009-02-11 00:55 244 --ah----- C:\sqmnoopt16.sqm
2009-02-11 00:55 . 2009-02-11 00:55 232 --ah----- C:\sqmdata16.sqm
2009-02-11 00:52 . 2009-02-11 00:52 244 --ah----- C:\sqmnoopt15.sqm
2009-02-11 00:52 . 2009-02-11 00:52 232 --ah----- C:\sqmdata15.sqm
2009-02-10 15:51 . 2009-02-10 15:51 <DIR> d-------- c:\program files\Snapshot Viewer
2009-02-09 12:11 . 2009-02-09 12:11 268 --ah----- C:\sqmdata14.sqm
2009-02-09 12:11 . 2009-02-09 12:11 244 --ah----- C:\sqmnoopt14.sqm
2009-02-08 02:06 . 2009-02-08 02:06 268 --ah----- C:\sqmdata13.sqm
2009-02-08 02:06 . 2009-02-08 02:06 244 --ah----- C:\sqmnoopt13.sqm
2009-02-07 16:38 . 2009-02-07 16:39 <DIR> d-------- c:\windows\system32\Adobe
2009-02-07 00:35 . 2009-02-07 00:35 268 --ah----- C:\sqmdata12.sqm
2009-02-07 00:34 . 2009-02-07 00:34 244 --ah----- C:\sqmnoopt12.sqm
2009-02-05 18:13 . 2009-02-05 18:14 <DIR> d-------- c:\documents and settings\Owner\Application Data\Simon Brown, HB9DRV
2009-02-05 18:12 . 2009-02-05 18:12 <DIR> d-------- c:\program files\Amateur Radio
2009-02-04 22:41 . 2009-02-04 22:41 268 --ah----- C:\sqmdata11.sqm
2009-02-04 22:41 . 2009-02-04 22:41 244 --ah----- C:\sqmnoopt11.sqm
2009-02-04 19:03 . 2009-02-04 19:07 <DIR> d-------- c:\documents and settings\Owner\IGC
2009-02-04 18:59 . 2003-03-18 22:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-02-04 18:59 . 2003-05-28 12:19 245,408 -r------- c:\windows\system32\unicows.dll
2009-02-04 18:58 . 2009-02-04 18:58 <DIR> d-------- c:\program files\IGC
2009-02-02 16:12 . 2009-02-02 16:12 268 --ah----- C:\sqmdata10.sqm
2009-02-02 16:12 . 2009-02-02 16:12 244 --ah----- C:\sqmnoopt10.sqm
2009-02-02 15:31 . 2009-02-02 15:31 <DIR> d-------- c:\documents and settings\Owner\Application Data\CyberLink
2009-02-02 15:31 . 2009-02-02 15:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-27 18:55 . 2009-01-27 18:55 268 --ah----- C:\sqmdata09.sqm
2009-01-27 18:55 . 2009-01-27 18:55 244 --ah----- C:\sqmnoopt09.sqm
2009-01-27 17:44 . 2009-01-27 17:44 268 --ah----- C:\sqmdata08.sqm
2009-01-27 17:44 . 2009-01-27 17:44 244 --ah----- C:\sqmnoopt08.sqm
2009-01-22 15:41 . 2009-01-22 15:41 268 --ah----- C:\sqmdata07.sqm
2009-01-22 15:41 . 2009-01-22 15:41 244 --ah----- C:\sqmnoopt07.sqm
2009-01-19 16:09 . 2009-01-19 16:09 268 --ah----- C:\sqmdata06.sqm
2009-01-19 16:09 . 2009-01-19 16:09 244 --ah----- C:\sqmnoopt06.sqm
2009-01-18 00:43 . 2009-01-18 00:43 268 --ah----- C:\sqmdata05.sqm
2009-01-18 00:43 . 2009-01-18 00:43 244 --ah----- C:\sqmnoopt05.sqm
2009-01-17 16:23 . 2009-01-17 16:23 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-01-17 16:20 . 2009-01-17 16:20 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-01-17 16:19 . 2009-01-17 16:19 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-17 16:19 . 2009-01-17 16:19 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-01-17 16:19 . 2009-01-17 16:19 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-01-14 23:21 . 2009-01-14 23:21 268 --ah----- C:\sqmdata04.sqm
2009-01-14 23:21 . 2009-01-14 23:21 244 --ah----- C:\sqmnoopt04.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 06:25 --------- d-----w c:\program files\Java
2009-02-14 06:02 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-14 05:54 --------- d-----w c:\program files\LogMeIn
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-08 18:05 --------- d-----w c:\program files\Google
2009-02-05 23:12 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-19 21:02 956 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-01-19 04:54 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-01-19 04:54 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-01-12 06:53 --------- d-----w c:\documents and settings\Owner\Application Data\Tyre
2009-01-11 22:42 --------- d-----w c:\program files\Tyre
2009-01-11 22:42 --------- d-----w c:\documents and settings\All Users\Application Data\Tyre
2009-01-08 00:49 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-01-08 00:37 --------- d-----w c:\program files\Common Files\LogiShrd
2009-01-08 00:29 --------- d-----w c:\program files\Logitech
2009-01-08 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-01-03 06:17 --------- d-----w c:\documents and settings\Owner\Application Data\InfraRecorder
2009-01-03 06:07 --------- d-----w c:\program files\InfraRecorder
2009-01-02 00:43 --------- d-----w c:\program files\Microsoft Works
2008-12-31 18:20 --------- d-----w c:\program files\TightVNC
2008-12-31 06:30 --------- d-----w c:\program files\RealVNC
2008-12-31 05:34 --------- d-----w c:\program files\DemoForge
2008-12-31 05:12 --------- d-----w c:\documents and settings\Owner\Application Data\McAfee.com Personal Firewall
2008-12-31 05:09 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2008-12-28 05:03 --------- d-----w c:\program files\Windows Live
2008-12-28 05:02 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-28 05:02 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-26 03:55 --------- d-----w c:\documents and settings\All Users\Application Data\LogMeIn
2008-12-25 03:41 --------- d-----w c:\documents and settings\Owner\Application Data\FastStone
2008-12-25 03:40 --------- d-----w c:\program files\FastStone Photo Resizer
2008-12-25 02:20 --------- d-----w c:\documents and settings\All Users\Application Data\scar5
2008-12-24 22:24 --------- d-----w c:\program files\TomTom HOME 2
2008-12-24 22:24 --------- d-----w c:\documents and settings\Owner\Application Data\TomTom
2008-12-24 22:23 --------- d-----w c:\program files\TomTom HOME
2008-12-24 22:06 --------- d-----w c:\program files\TomTom DesktopSuite
2008-12-24 21:26 --------- d-----w c:\documents and settings\All Users\Application Data\TomTom
2008-12-24 20:43 --------- d-----w c:\program files\Freeze.com
2008-12-24 15:52 --------- d-----w c:\program files\Common Files\AOL
2008-12-24 09:17 --------- d--h--w c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2008-12-24 09:17 --------- d-----w c:\program files\Eraser
2008-12-24 06:28 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-24 05:30 --------- d-----w c:\program files\Gravity
2008-12-24 01:24 --------- d-----w c:\program files\Another Matrix Screen Saver
2008-12-24 00:39 --------- d-----w c:\program files\scar5
2008-12-24 00:39 --------- d-----w c:\documents and settings\Owner\Application Data\scar5
2008-12-24 00:26 --------- d-----w c:\program files\Microsoft Digital Image 2006
2008-12-23 21:52 --------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-23 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 00:02 --------- d-----w c:\program files\Pandora Recovery
2008-12-22 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-22 20:41 --------- d-----w c:\documents and settings\All Users\Application Data\Pure Networks
2008-12-21 20:20 --------- d-----w c:\documents and settings\Owner\Application Data\PandoraRecovery
2008-12-21 01:06 --------- d-----w c:\program files\Realtek
2008-11-28 19:55 3,778,560 ----a-w c:\windows\ss3dfish.scr
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-07-01 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2005-08-26 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-09-27 999424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-02 98304]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-14 148888]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-09-02 2168360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-13 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-13 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-25 47640]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-08-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-08-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-06-18 23680]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - ALG
*Deregistered* - aswUpdSv
*Deregistered* - Ati HotKey Poller
*Deregistered* - ATI Smart
*Deregistered* - AudioSrv
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - ImapiService
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - LMIMaint
*Deregistered* - LogMeIn
*Deregistered* - LVCOMSer
*Deregistered* - LVPrcSrv
*Deregistered* - LVSrvLauncher
*Deregistered* - McDetect.exe
*Deregistered* - McShield
*Deregistered* - McTskshd.exe
*Deregistered* - MpfService
*Deregistered* - MskService
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - PrismXL
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder
2008-09-03 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-srclient - c:\program files\Multi-screen Remote Desktop\Client\srclient.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 15:14:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(484)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(2284)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\McAfee.com\VSO\oasclnt.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\McAfee.com\VSO\mcvsshld.exe
c:\program files\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-02-14 15:21:39 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-02-14 20:21:29
Pre-Run: 138,367,938,560 bytes free
Post-Run: 138,298,912,768 bytes free
358 --- E O F --- 2009-01-19 21:10:57
  #4  
Old 14th Feb 2009, 15:20
Malware Fighter
Posts: 348
 
Hi again

How is your system running now?

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.



Combofix
  • Close any open browsers.
  • Open notepad and copy/paste the text in the box below into it:
Code:
  File::
  c:\windows\system32\drivers\lvuvc.hs
  c:\windows\system32\drivers\logiflt.iad
Looking at the image below as an example



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript onto ComboFix.exe.

When finished, it will produce a log for you at "C:\ComboFix.txt"

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


Please post the log C:\ComboFix.txt for further review.



Online Scan
Perform an online scan with Panda ActiveScan
  • Click on Scan Your PC Now
  • A "pop up" window will appear, or a new tab will open.
  • Click on Register
  • Choose the option you like most, but we recommend the Free Registration.
  • Click on Register
  • Enter your e-mail address, and create a password.
  • Select "I do not want to receive any type of information". (unless you want to receive such information)
  • Click on Send
  • Confirm registration, and continue by entering your user name and password, then click on Enter
  • Select Full Scan, then Click on Scan Now
  • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  • If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
  • Please ignore the offer to buy the program. Click on Export To
  • Export the log and save it to your desktop.
  • Please attach the contents of that log to your reply.
* Turn off the real time scanner of any existing antivirus program while performing the online scan.

Avast users note:

Please do continue with the online scan at Panda if you receive an alert. It is a false positive from Avast because Panda Antivirus does not encrypt its virus database.
__________________
Iain - Defender of the Haggis
Member of ASAP : : Member of UNITE
  #5  
Old 14th Feb 2009, 19:10
Donor VIP
Posts: 20
 
HI,
Seems to be better.

ComboFix 09-02-12.03 - Owner 2009-02-14 17:40:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.367.116 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090214-0] *On-access scanning disabled* (Updated)
AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall Plus *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
.
((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.
2009-02-14 03:22 . 2009-02-14 03:22 <DIR> d-------- c:\program files\Trend Micro
2009-02-14 01:21 . 2009-02-14 01:21 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-14 01:21 . 2009-02-14 01:21 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-13 23:58 . 2009-02-13 23:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-13 23:57 . 2009-02-13 23:57 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-13 23:57 . 2009-02-13 23:57 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-13 23:57 . 2009-02-13 23:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-02-13 23:52 . 2009-02-13 23:52 <DIR> d-------- c:\program files\CCleaner
2009-02-13 22:52 . 2009-02-13 22:52 <DIR> d-------- c:\program files\Alwil Software
2009-02-13 16:01 . 2009-02-13 16:01 <DIR> d-------- c:\windows\Sun
2009-02-11 00:55 . 2009-02-11 00:55 244 --ah----- C:\sqmnoopt16.sqm
2009-02-11 00:55 . 2009-02-11 00:55 232 --ah----- C:\sqmdata16.sqm
2009-02-11 00:52 . 2009-02-11 00:52 244 --ah----- C:\sqmnoopt15.sqm
2009-02-11 00:52 . 2009-02-11 00:52 232 --ah----- C:\sqmdata15.sqm
2009-02-10 15:51 . 2009-02-10 15:51 <DIR> d-------- c:\program files\Snapshot Viewer
2009-02-09 12:11 . 2009-02-09 12:11 268 --ah----- C:\sqmdata14.sqm
2009-02-09 12:11 . 2009-02-09 12:11 244 --ah----- C:\sqmnoopt14.sqm
2009-02-08 02:06 . 2009-02-08 02:06 268 --ah----- C:\sqmdata13.sqm
2009-02-08 02:06 . 2009-02-08 02:06 244 --ah----- C:\sqmnoopt13.sqm
2009-02-07 16:38 . 2009-02-07 16:39 <DIR> d-------- c:\windows\system32\Adobe
2009-02-07 00:35 . 2009-02-07 00:35 268 --ah----- C:\sqmdata12.sqm
2009-02-07 00:34 . 2009-02-07 00:34 244 --ah----- C:\sqmnoopt12.sqm
2009-02-05 18:13 . 2009-02-05 18:14 <DIR> d-------- c:\documents and settings\Owner\Application Data\Simon Brown, HB9DRV
2009-02-05 18:12 . 2009-02-05 18:12 <DIR> d-------- c:\program files\Amateur Radio
2009-02-04 22:41 . 2009-02-04 22:41 268 --ah----- C:\sqmdata11.sqm
2009-02-04 22:41 . 2009-02-04 22:41 244 --ah----- C:\sqmnoopt11.sqm
2009-02-04 19:03 . 2009-02-04 19:07 <DIR> d-------- c:\documents and settings\Owner\IGC
2009-02-04 18:59 . 2003-03-18 22:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-02-04 18:59 . 2003-05-28 12:19 245,408 -r------- c:\windows\system32\unicows.dll
2009-02-04 18:58 . 2009-02-04 18:58 <DIR> d-------- c:\program files\IGC
2009-02-02 16:12 . 2009-02-02 16:12 268 --ah----- C:\sqmdata10.sqm
2009-02-02 16:12 . 2009-02-02 16:12 244 --ah----- C:\sqmnoopt10.sqm
2009-02-02 15:31 . 2009-02-02 15:31 <DIR> d-------- c:\documents and settings\Owner\Application Data\CyberLink
2009-02-02 15:31 . 2009-02-02 15:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-27 18:55 . 2009-01-27 18:55 268 --ah----- C:\sqmdata09.sqm
2009-01-27 18:55 . 2009-01-27 18:55 244 --ah----- C:\sqmnoopt09.sqm
2009-01-27 17:44 . 2009-01-27 17:44 268 --ah----- C:\sqmdata08.sqm
2009-01-27 17:44 . 2009-01-27 17:44 244 --ah----- C:\sqmnoopt08.sqm
2009-01-22 15:41 . 2009-01-22 15:41 268 --ah----- C:\sqmdata07.sqm
2009-01-22 15:41 . 2009-01-22 15:41 244 --ah----- C:\sqmnoopt07.sqm
2009-01-19 16:09 . 2009-01-19 16:09 268 --ah----- C:\sqmdata06.sqm
2009-01-19 16:09 . 2009-01-19 16:09 244 --ah----- C:\sqmnoopt06.sqm
2009-01-18 00:43 . 2009-01-18 00:43 268 --ah----- C:\sqmdata05.sqm
2009-01-18 00:43 . 2009-01-18 00:43 244 --ah----- C:\sqmnoopt05.sqm
2009-01-17 16:23 . 2009-01-17 16:23 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-01-17 16:20 . 2009-01-17 16:20 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-01-17 16:19 . 2009-01-17 16:19 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-17 16:19 . 2009-01-17 16:19 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-01-17 16:19 . 2009-01-17 16:19 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-01-14 23:21 . 2009-01-14 23:21 268 --ah----- C:\sqmdata04.sqm
2009-01-14 23:21 . 2009-01-14 23:21 244 --ah----- C:\sqmnoopt04.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 06:25 --------- d-----w c:\program files\Java
2009-02-14 06:02 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-14 05:54 --------- d-----w c:\program files\LogMeIn
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-08 18:05 --------- d-----w c:\program files\Google
2009-02-05 23:12 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-19 21:02 956 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-01-12 06:53 --------- d-----w c:\documents and settings\Owner\Application Data\Tyre
2009-01-11 22:42 --------- d-----w c:\program files\Tyre
2009-01-11 22:42 --------- d-----w c:\documents and settings\All Users\Application Data\Tyre
2009-01-08 00:49 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-01-08 00:37 --------- d-----w c:\program files\Common Files\LogiShrd
2009-01-08 00:29 --------- d-----w c:\program files\Logitech
2009-01-08 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-01-03 06:17 --------- d-----w c:\documents and settings\Owner\Application Data\InfraRecorder
2009-01-03 06:07 --------- d-----w c:\program files\InfraRecorder
2009-01-02 00:43 --------- d-----w c:\program files\Microsoft Works
2008-12-31 18:20 --------- d-----w c:\program files\TightVNC
2008-12-31 06:30 --------- d-----w c:\program files\RealVNC
2008-12-31 05:34 --------- d-----w c:\program files\DemoForge
2008-12-31 05:12 --------- d-----w c:\documents and settings\Owner\Application Data\McAfee.com Personal Firewall
2008-12-31 05:09 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2008-12-28 05:03 --------- d-----w c:\program files\Windows Live
2008-12-28 05:02 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-28 05:02 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-26 03:55 --------- d-----w c:\documents and settings\All Users\Application Data\LogMeIn
2008-12-25 03:41 --------- d-----w c:\documents and settings\Owner\Application Data\FastStone
2008-12-25 03:40 --------- d-----w c:\program files\FastStone Photo Resizer
2008-12-25 02:20 --------- d-----w c:\documents and settings\All Users\Application Data\scar5
2008-12-24 22:24 --------- d-----w c:\program files\TomTom HOME 2
2008-12-24 22:24 --------- d-----w c:\documents and settings\Owner\Application Data\TomTom
2008-12-24 22:23 --------- d-----w c:\program files\TomTom HOME
2008-12-24 22:06 --------- d-----w c:\program files\TomTom DesktopSuite
2008-12-24 21:26 --------- d-----w c:\documents and settings\All Users\Application Data\TomTom
2008-12-24 20:43 --------- d-----w c:\program files\Freeze.com
2008-12-24 15:52 --------- d-----w c:\program files\Common Files\AOL
2008-12-24 09:17 --------- d--h--w c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2008-12-24 09:17 --------- d-----w c:\program files\Eraser
2008-12-24 06:28 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-24 05:30 --------- d-----w c:\program files\Gravity
2008-12-24 01:24 --------- d-----w c:\program files\Another Matrix Screen Saver
2008-12-24 00:39 --------- d-----w c:\program files\scar5
2008-12-24 00:39 --------- d-----w c:\documents and settings\Owner\Application Data\scar5
2008-12-24 00:26 --------- d-----w c:\program files\Microsoft Digital Image 2006
2008-12-23 21:52 --------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-23 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 00:02 --------- d-----w c:\program files\Pandora Recovery
2008-12-22 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-22 20:41 --------- d-----w c:\documents and settings\All Users\Application Data\Pure Networks
2008-12-21 20:20 --------- d-----w c:\documents and settings\Owner\Application Data\PandoraRecovery
2008-12-21 01:06 --------- d-----w c:\program files\Realtek
2008-11-28 19:55 3,778,560 ----a-w c:\windows\ss3dfish.scr
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-07-01 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2005-08-26 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-09-27 999424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-02 98304]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-14 148888]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-09-02 2168360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-13 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-13 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-25 47640]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-08-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-08-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-06-18 23680]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder
2008-09-03 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-13 19:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 17:42:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(484)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-02-14 17:44:22
ComboFix-quarantined-files.txt 2009-02-14 22:43:58
ComboFix2.txt 2009-02-14 20:21:44
Pre-Run: 138,309,439,488 bytes free
Post-Run: 138,297,380,864 bytes free
231 --- E O F --- 2009-01-19 21:10:57
  #6  
Old 14th Feb 2009, 19:44
Donor VIP
Posts: 20
 
Did the Active Scan attachment go? I cant tell.
  #7  
Old 15th Feb 2009, 06:53
Malware Fighter
Posts: 348
 
Hi

Nope - I don't see it - can you try again?
__________________
Iain - Defender of the Haggis
Member of ASAP : : Member of UNITE
  #8  
Old 15th Feb 2009, 12:21
Donor VIP
Posts: 20
 
I see, when I try to attach it says invalid file.
Will a copy paste work?
Thanks again for sticking with this.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-02-14 21:06:44
PROTECTIONS: 2
MALWARE: 11
SUSPECTS: 8
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1335 [VPS 090214-0] 4.8.1335 No Yes
McAfee VirusScan No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00046761 adware/xupiter Adware No 0 Yes No c:\documents and settings\owner\favorites\free stuff
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
00593436 W32/Autorun.AQG.worm Virus/Worm No 1 No No C:\Documents and Settings\Owner\Desktop\ComboFix.exe[32788R22FWJFW\List.bat]
00593436 W32/Autorun.AQG.worm Virus/Worm No 1 No No C:\Documents and Settings\Owner\Desktop\ComboFix.exe[32788R22FWJFW\List.bat]
00593436 W32/Autorun.AQG.worm Virus/Worm No 1 No No C:\Documents and Settings\Owner\Desktop\ComboFix.exe[32788R22FWJFW\List.bat]
00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP106\A0032058.bat
00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP107\A0032073.bat
00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP107\A0032356.bat
00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP107\A0032300.bat
00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP107\A0032245.bat
00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP108\A0032385.bat
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP107\A0032144.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP107\A0032117.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location 4
;===================================================================================================================================================================================
No C:\Documents and Settings\Owner\Desktop\ComboFix.exe 4
No C:\Documents and Settings\Owner\Desktop\personal computer tools\remote control (local)\MSRD_Setup.exe 4
No C:\Documents and Settings\Owner\Desktop\personal computer tools\secure file delete\sfs_setup.exe[simplefleshrd.exe]
No C:\Documents and Settings\Owner\Desktop\personal computer tools\secure file delete\sfs_setup.exe[secdel.dll]
No C:\Program Files\scar5\Simple File Shredder\simplefleshrd.exe 4
No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP62\A0011076.exe[secdel.dll]
No C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP62\A0011076.exe[simplefleshrd.exe]
No C:\WINDOWS\system32\secdel.dll 4
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 4
;===================================================================================================================================================================================
;===================================================================================================================================================================================
  #9  
Old 16th Feb 2009, 08:30
Malware Fighter
Posts: 348
 
Hi again

All looks good - are you having any problems? System running OK?
__________________
Iain - Defender of the Haggis
Member of ASAP : : Member of UNITE
  #10  
Old 16th Feb 2009, 12:41
Donor VIP
Posts: 20
 
Hi Iain,
Computer seems to be running fine now. Thank you very much, I was just about to take the box out in the yard and drive over it with the truck! (had to do it before)
A couple quick questions,
I now have Avast! home edition. From using the guide here.
Should I uninstall the McAfee virus scan/firewall package that came with the computer? A couple years old now.
If I uninstall the McAfee, is the windows firewall good enough, or should I get a third party? Which one is the easiest to use?
Thanks again for all the help. You guys here are a valuable resource for those of us who are a little computer …behind the curve… so to speak.
Reply
Page 1 of 2 1 2

Register

Similar Threads
Thread Thread Starter Forum Replies Last Post
Recommended Computer Parts Guide #5 - Read Before Posting Carbon General Hardware Chat 39 30th Nov 2009 13:44
Recommended Computer Parts Guide #4 - Read Before Posting Carbon General Hardware Chat 18 18th Sep 2009 23:28
Recommended Computer Parts Guide 3 - Read Before Posting Carbon General Hardware Chat 10 24th May 2009 05:51
Slow computer - Malware suspected - Logs inside confused10 Virus, Spyware & Security 12 17th Feb 2009 10:28
Malware Removal Guide - Please Read Before Posting evilfantasy Virus, Spyware & Security 6 4th Mar 2008 11:35
Thread Tools



Translations Powered by Powered by Google
Arabic Bulgarian Chinese Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Taiwanese Thai Turkish Ukrainian

Copyright ©2006 - 2010 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2010 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.