lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Viruses

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register


 Default 

Viruses




Closed Thread
Page 2 of 3 1 2 3
 
Thread Tools
  #11  
Old 24th Feb 2008, 12:37
Member Group
  
Default Viruses

I attached it
Attached Files
File Type: txt scanbitdefender1.txt (19.4 KB, 4 views)
  #12  
Old 24th Feb 2008, 13:53
Moderator Group
  
Default Viruses

Please post a new Hijackthis log.

How is the computer now?
__________________
  #13  
Old 24th Feb 2008, 14:26
Member Group
  
Default Viruses

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:01, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intelligent\Common\RaUI.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0. dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0. dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [seek 1 skip mfcd] C:\Documents and Settings\All Users\Application Data\Four Help Seek 1\Long bin.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [theowns] C:\DOCUME~1\Graham\APPLIC~1\BIASWA~1\SlowLoad.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 8630 bytes


It seems to be running a bit faster, and I havent noticed any of them pop ups in a while. The iexplore.exe is running at a slower memory usage right now.
  #14  
Old 25th Feb 2008, 09:24
Member Group
  
Default Viruses

Ok well, the iexplore.exe is running quite high again at around 12k mem usage, there was 2 of them. I also still get these wierd CiD popups from no where...
  #15  
Old 25th Feb 2008, 11:11
Moderator Group
  
Default Viruses

Delete the copy of Combofix you have and download a new one.

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
  • Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
    • Click this link to see a list of security programs that should be disabled and how to disable them.
    • If yours is not listed and you don't know how to disable it, please ask.
  • Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  • Double click combofix.exe & follow the prompts.
    • From the keyboard select 1 and press Enter
  • When finished, it will produce a log for you.
  • Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
  • If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
----------

Create An Uninstall List
  • Start HijackThis
  • Click on the Open the Misc Tools section
  • Click on the Open Uninstall Manager button.
  • Click on the Save list button and specify where you would like to save this file and click Save.
    • When you press Save button a notepad will open with the contents of that file.
  • Copy and paste that list in your reply.

----------

Next post
Combofix log
Uninstall list
__________________
  #16  
Old 25th Feb 2008, 15:02
Member Group
  
Default Viruses

ComboFix 08-02-25.3 - Graham 2008-02-25 21:51:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.50 [GMT 0:00]
Running from: C:\Documents and Settings\Graham\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-24 17:44 . 2008-02-24 19:28 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-23 20:57 . 2008-02-23 20:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-23 20:50 . 2008-02-23 21:09 <DIR> d-------- C:\SDFix
2008-02-23 20:28 . 2008-02-23 20:28 <DIR> d-------- C:\VundoFix Backups
2008-02-23 20:14 . 2008-02-23 20:16 <DIR> d-------- C:\NoLopBackups
2008-02-23 19:41 . 2008-02-23 19:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-23 19:25 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-23 16:29 . 2008-02-23 16:29 <DIR> d-------- C:\Program Files\CCleaner
2008-02-23 14:15 . 2008-02-23 16:23 <DIR> d-------- C:\Documents and Settings\Graham\.housecall6.6
2008-02-16 22:59 . 2008-02-16 22:59 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\dvdcss
2008-02-16 17:49 . 2008-02-16 17:49 12,302,839 --------- C:\avg7qt.dat
2008-02-14 11:21 . 2008-02-14 11:21 <DIR> d-------- C:\Program Files\Bias Wait Iso
2008-02-05 19:36 . 2008-02-05 19:36 268 --ah----- C:\sqmdata09.sqm
2008-02-05 19:36 . 2008-02-05 19:36 244 --ah----- C:\sqmnoopt09.sqm
2008-01-31 02:02 . 2008-01-31 02:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-26 19:25 . 2008-02-23 19:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 19:25 . 2008-01-26 19:25 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\SUPERAntiSpyware.com
2008-01-26 19:25 . 2008-01-26 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 19:22 . 2008-01-26 19:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 19:18 . 2008-01-26 19:18 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\Grisoft
2008-01-26 19:17 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-25 20:43 --------- d-----w C:\Documents and Settings\Graham\Application Data\Xfire
2008-02-23 19:40 --------- d-----w C:\Program Files\Java
2008-02-16 19:01 --------- d-----w C:\Documents and Settings\Graham\Application Data\Bias Wait Iso
2008-02-16 18:54 --------- d-----w C:\Program Files\SpeedFan
2008-02-16 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-14 16:57 --------- d-s---w C:\Program Files\Xfire
2008-02-14 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Four Help Seek 1
2008-01-26 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 17:55 --------- d-----w C:\Program Files\Circle Developement
2008-01-16 16:20 --------- d-----w C:\Program Files\Image-Line
2008-01-16 16:17 --------- d-----w C:\Program Files\VstPlugins
2008-01-09 15:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-05 13:12 --------- d-----w C:\Program Files\LEGO Company
2008-01-04 23:12 --------- d-----w C:\Program Files\Windows Live
2008-01-04 23:12 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 23:12 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-04 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-26 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 11:37 --------- d-----w C:\Program Files\Digital Video
2007-12-26 11:36 --------- d-----w C:\Documents and Settings\Graham\Application Data\InstallShield
2007-12-25 17:21 --------- d-----w C:\Program Files\MonkeyJam
2007-04-15 11:18 24,192 ----a-w C:\Documents and Settings\Graham\usbsermptxp.sys
2007-04-15 11:18 22,768 ----a-w C:\Documents and Settings\Graham\usbsermpt.sys
2007-10-15 16:48 56 --sh--r C:\WINDOWS\system32\F64AF6059C.sys
2007-10-15 16:48 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"theowns"="C:\DOCUME~1\Graham\APPLIC~1\BIASWA~1\Sl owLoad.exe" [2008-02-14 11:20 435200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-22 07:26 185632]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 05:20 14820864 C:\WINDOWS\RTHDCPL.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 09:50 155648]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 10:50 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 10:51 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 10:47 77824]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 15:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIACE.exe" [2005-02-08 04:00 98304]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 15:07 579072]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 23:22 497240]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOL SP Scheduler.exe" [2004-10-18 16:42 79448]
"seek 1 skip mfcd"="C:\Documents and Settings\All Users\Application Data\Four Help Seek 1\Long bin.exe" [2008-02-25 19:28 2927104]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 10:19 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-10 19:06:38 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-01-20 19:34:26 156784]
Intelligent Wireless Utility.lnk - C:\Program Files\Intelligent\Common\RaUI.exe [2006-11-11 11:18:12 626688]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-12-02 09:48:19 61440]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"27950:UDP"= 27950:UDP:Wolfenstein
"27951:UDP"= 27951:UDP:Wolfenstein1
"27960:UDP"= 27960:UDP:Wolfenstein2

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2005-01-13 08:28]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 12:41]

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 21:55:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-25 21:59:16
ComboFix2.txt 2008-02-24 21:42:28
.
2008-02-13 12:22:05 --- E O F ---



Adobe Flash Player 9 ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.9
Adobe Shockwave Player
Allok MOV Converter 2.0.8
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Connectivity Services
AOL Spyware Protection
AOL Toolbar
AOL UK (Choose which version to remove)
AOL You've Got Pictures Screensaver
ASIO4ALL
AVG 7.5
AVG Anti-Spyware 7.5
CCleaner (remove only)
Celtx (0.9.9.5)
Collab
Digital Video
DivX Codec
DivX Content Uploader
DivX Player
DivX Web Player
DSA Official Theory Test for Drivers of Large Vehicles
EPSON Printer Software
EPSON Scan
ESDX3800 User's Guide
Fraps
Free Mp3 Wma Converter V 1.5.3
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB889527)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB903234)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
IL Download Manager
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
Java(TM) 6 Update 3
Learn2 Player (Uninstall Only)
LUMIX Simple Viewer
Macromedia Flash MX
Map Button (Windows Live Toolbar)
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MonkeyJam 3_050529
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero BurnRights
Nero Digital
Nero OEM
NeroVision Express Content
Network Play System (Patching)
OneCare Advisor (Windows Live Toolbar)
OpenMG Secure Module 4.3.00
Papagayo 1.2
Popup Blocker (Windows Live Toolbar)
QuickTime
RealPlayer
RGSS-RTP Standard
RPGXP
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB900930)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Smart Menus (Windows Live Toolbar)
SoftV92 Data Fax Modem with SmartCP
SpeedFan (remove only)
SUPERAntiSpyware Free Edition
System Requirements Lab
Tabbed Browsing (Windows Live Toolbar)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB897663)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Hotfix - KB895181
Windows Media Player 10 Hotfix - KB888656
Windows Media Player 11
Windows Media Player 11
Windows Messenger 5.1
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883529
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB884868
Windows XP Hotfix - KB884883
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885523
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885887
Windows XP Hotfix - KB885894
Windows XP Hotfix - KB885932
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB886716
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889016
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890831
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891070
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB893086
Windows XP Hotfix - KB896626
Wireless LAN USB2.0 Adapter
Wolfenstein - Enemy Territory
Xfire (remove only)
Yahoo! Companion
Yahoo! Messenger with BT Communicator
  #17  
Old 25th Feb 2008, 15:11
Moderator Group
  
Default Viruses

Uninstall Viewpoint Media Player

----------

 Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
File::
C:\Program Files\Bias Wait Iso
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

----------

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop from either of these two links.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location such as the desktop.
  • Copy and Paste that log into your next reply.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

----------

Next post
Combofix log
MBAM log
__________________
  #18  
Old 26th Feb 2008, 12:42
Member Group
  
Default Viruses

ComboFix 08-02-25.3 - Graham 2008-02-25 22:15:33.3 - NTFSx86
Running from: C:\Documents and Settings\Graham\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Graham\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Bias Wait Iso
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata09.sqm
C:\sqmnoopt09.sqm

.
((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-24 17:44 . 2008-02-24 19:28 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-23 20:57 . 2008-02-23 20:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-23 20:50 . 2008-02-23 21:09 <DIR> d-------- C:\SDFix
2008-02-23 20:28 . 2008-02-23 20:28 <DIR> d-------- C:\VundoFix Backups
2008-02-23 20:14 . 2008-02-23 20:16 <DIR> d-------- C:\NoLopBackups
2008-02-23 19:41 . 2008-02-23 19:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-23 19:25 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-23 16:29 . 2008-02-23 16:29 <DIR> d-------- C:\Program Files\CCleaner
2008-02-23 14:15 . 2008-02-23 16:23 <DIR> d-------- C:\Documents and Settings\Graham\.housecall6.6
2008-02-16 22:59 . 2008-02-16 22:59 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\dvdcss
2008-02-16 17:49 . 2008-02-16 17:49 12,302,839 --------- C:\avg7qt.dat
2008-02-14 11:21 . 2008-02-14 11:21 <DIR> d-------- C:\Program Files\Bias Wait Iso
2008-01-31 02:02 . 2008-01-31 02:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-26 19:25 . 2008-02-23 19:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 19:25 . 2008-01-26 19:25 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\SUPERAntiSpyware.com
2008-01-26 19:25 . 2008-01-26 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 19:22 . 2008-01-26 19:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 19:18 . 2008-01-26 19:18 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\Grisoft
2008-01-26 19:17 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-25 20:43 --------- d-----w C:\Documents and Settings\Graham\Application Data\Xfire
2008-02-23 19:40 --------- d-----w C:\Program Files\Java
2008-02-16 19:01 --------- d-----w C:\Documents and Settings\Graham\Application Data\Bias Wait Iso
2008-02-16 18:54 --------- d-----w C:\Program Files\SpeedFan
2008-02-16 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-14 16:57 --------- d-s---w C:\Program Files\Xfire
2008-02-14 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Four Help Seek 1
2008-01-26 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 17:55 --------- d-----w C:\Program Files\Circle Developement
2008-01-16 16:20 --------- d-----w C:\Program Files\Image-Line
2008-01-16 16:17 --------- d-----w C:\Program Files\VstPlugins
2008-01-09 15:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-05 13:12 --------- d-----w C:\Program Files\LEGO Company
2008-01-04 23:12 --------- d-----w C:\Program Files\Windows Live
2008-01-04 23:12 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 23:12 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-04 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-26 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 11:37 --------- d-----w C:\Program Files\Digital Video
2007-12-26 11:36 --------- d-----w C:\Documents and Settings\Graham\Application Data\InstallShield
2007-12-25 17:21 --------- d-----w C:\Program Files\MonkeyJam
2007-04-15 11:18 24,192 ----a-w C:\Documents and Settings\Graham\usbsermptxp.sys
2007-04-15 11:18 22,768 ----a-w C:\Documents and Settings\Graham\usbsermpt.sys
2007-10-15 16:48 56 --sh--r C:\WINDOWS\system32\F64AF6059C.sys
2007-10-15 16:48 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"theowns"="C:\DOCUME~1\Graham\APPLIC~1\BIASWA~1\Sl owLoad.exe" [2008-02-14 11:20 435200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-22 07:26 185632]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 05:20 14820864 C:\WINDOWS\RTHDCPL.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 09:50 155648]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 10:50 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 10:51 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 10:47 77824]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 15:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIACE.exe" [2005-02-08 04:00 98304]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 15:07 579072]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 23:22 497240]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOL SP Scheduler.exe" [2004-10-18 16:42 79448]
"seek 1 skip mfcd"="C:\Documents and Settings\All Users\Application Data\Four Help Seek 1\Long bin.exe" [2008-02-25 19:28 2927104]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 10:19 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-10 19:06:38 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-01-20 19:34:26 156784]
Intelligent Wireless Utility.lnk - C:\Program Files\Intelligent\Common\RaUI.exe [2006-11-11 11:18:12 626688]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-12-02 09:48:19 61440]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"27950:UDP"= 27950:UDP:Wolfenstein
"27951:UDP"= 27951:UDP:Wolfenstein1
"27960:UDP"= 27960:UDP:Wolfenstein2

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2005-01-13 08:28]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 12:41]

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 22:21:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-25 22:25:38
ComboFix-quarantined-files.txt 2008-02-25 22:25:32
ComboFix2.txt 2008-02-25 21:59:18
ComboFix3.txt 2008-02-24 21:42:28
.
2008-02-13 12:22:05 --- E O F ---



Malwarebytes' Anti-Malware 1.05
Database version: 408

Scan type: Full Scan (C:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 86235
Time elapsed: 2 hour(s), 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  #19  
Old 26th Feb 2008, 12:45
Moderator Group
  
Default Viruses

Delete this file C:\Program Files\Bias Wait Iso

How is the computer now?
__________________
  #20  
Old 26th Feb 2008, 12:56
Member Group
  
Default Viruses

Erm.. It seems ok. Why is it I was getting all those popups anyway? (I may still get more, i need to wait)
Closed Thread
Page 2 of 3 1 2 3

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.