![]() |
| |||||||
| |


|
| | LinkBack | Thread Tools |
|
#16
| ||||
| ||||
| ComboFix 08-02-25.3 - Graham 2008-02-25 21:51:37.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.50 [GMT 0:00] Running from: C:\Documents and Settings\Graham\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))) . 2008-02-24 17:44 . 2008-02-24 19:28 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-02-23 20:57 . 2008-02-23 20:57 <DIR> d-------- C:\WINDOWS\ERUNT 2008-02-23 20:50 . 2008-02-23 21:09 <DIR> d-------- C:\SDFix 2008-02-23 20:28 . 2008-02-23 20:28 <DIR> d-------- C:\VundoFix Backups 2008-02-23 20:14 . 2008-02-23 20:16 <DIR> d-------- C:\NoLopBackups 2008-02-23 19:41 . 2008-02-23 19:41 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-23 19:25 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-23 16:29 . 2008-02-23 16:29 <DIR> d-------- C:\Program Files\CCleaner 2008-02-23 14:15 . 2008-02-23 16:23 <DIR> d-------- C:\Documents and Settings\Graham\.housecall6.6 2008-02-16 22:59 . 2008-02-16 22:59 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\dvdcss 2008-02-16 17:49 . 2008-02-16 17:49 12,302,839 --------- C:\avg7qt.dat 2008-02-14 11:21 . 2008-02-14 11:21 <DIR> d-------- C:\Program Files\Bias Wait Iso 2008-02-05 19:36 . 2008-02-05 19:36 268 --ah----- C:\sqmdata09.sqm 2008-02-05 19:36 . 2008-02-05 19:36 244 --ah----- C:\sqmnoopt09.sqm 2008-01-31 02:02 . 2008-01-31 02:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-01-26 19:25 . 2008-02-23 19:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-01-26 19:25 . 2008-01-26 19:25 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\SUPERAntiSpyware.com 2008-01-26 19:25 . 2008-01-26 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-01-26 19:22 . 2008-01-26 19:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-26 19:18 . 2008-01-26 19:18 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\Grisoft 2008-01-26 19:17 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-02-25 20:43 --------- d-----w C:\Documents and Settings\Graham\Application Data\Xfire 2008-02-23 19:40 --------- d-----w C:\Program Files\Java 2008-02-16 19:01 --------- d-----w C:\Documents and Settings\Graham\Application Data\Bias Wait Iso 2008-02-16 18:54 --------- d-----w C:\Program Files\SpeedFan 2008-02-16 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-02-14 16:57 --------- d-s---w C:\Program Files\Xfire 2008-02-14 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Four Help Seek 1 2008-01-26 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-16 17:55 --------- d-----w C:\Program Files\Circle Developement 2008-01-16 16:20 --------- d-----w C:\Program Files\Image-Line 2008-01-16 16:17 --------- d-----w C:\Program Files\VstPlugins 2008-01-09 15:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe 2008-01-05 13:12 --------- d-----w C:\Program Files\LEGO Company 2008-01-04 23:12 --------- d-----w C:\Program Files\Windows Live 2008-01-04 23:12 --------- d-----w C:\Program Files\MSN Messenger 2008-01-04 23:12 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-04 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2007-12-26 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-26 11:37 --------- d-----w C:\Program Files\Digital Video 2007-12-26 11:36 --------- d-----w C:\Documents and Settings\Graham\Application Data\InstallShield 2007-12-25 17:21 --------- d-----w C:\Program Files\MonkeyJam 2007-04-15 11:18 24,192 ----a-w C:\Documents and Settings\Graham\usbsermptxp.sys 2007-04-15 11:18 22,768 ----a-w C:\Documents and Settings\Graham\usbsermpt.sys 2007-10-15 16:48 56 --sh--r C:\WINDOWS\system32\F64AF6059C.sys 2007-10-15 16:48 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "theowns"="C:\DOCUME~1\Graham\APPLIC~1\BIASWA~1\Sl owLoad.exe" [2008-02-14 11:20 435200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-22 07:26 185632] "RTHDCPL"="RTHDCPL.EXE" [2005-08-18 05:20 14820864 C:\WINDOWS\RTHDCPL.EXE] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 09:50 155648] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 10:50 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 10:51 114688] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 10:47 77824] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 15:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIACE.exe" [2005-02-08 04:00 98304] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 15:07 579072] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 23:22 497240] "AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOL SP Scheduler.exe" [2004-10-18 16:42 79448] "seek 1 skip mfcd"="C:\Documents and Settings\All Users\Application Data\Four Help Seek 1\Long bin.exe" [2008-02-25 19:28 2927104] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 10:19 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-10 19:06:38 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-01-20 19:34:26 156784] Intelligent Wireless Utility.lnk - C:\Program Files\Intelligent\Common\RaUI.exe [2006-11-11 11:18:12 626688] LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-12-02 09:48:19 61440] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\AOL 9.0\\waol.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Xfire\\xfire.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "27950:UDP"= 27950:UDP:Wolfenstein "27951:UDP"= 27951:UDP:Wolfenstein1 "27960:UDP"= 27960:UDP:Wolfenstein2 R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2005-01-13 08:28] S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 12:41] . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-25 21:55:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-02-25 21:59:16 ComboFix2.txt 2008-02-24 21:42:28 . 2008-02-13 12:22:05 --- E O F --- Adobe Flash Player 9 ActiveX Adobe Photoshop Elements 2.0 Adobe Reader 7.0.9 Adobe Shockwave Player Allok MOV Converter 2.0.8 AOL Coach Version 1.0(Build:20040229.1 uk) AOL Connectivity Services AOL Spyware Protection AOL Toolbar AOL UK (Choose which version to remove) AOL You've Got Pictures Screensaver ASIO4ALL AVG 7.5 AVG Anti-Spyware 7.5 CCleaner (remove only) Celtx (0.9.9.5) Collab Digital Video DivX Codec DivX Content Uploader DivX Player DivX Web Player DSA Official Theory Test for Drivers of Large Vehicles EPSON Printer Software EPSON Scan ESDX3800 User's Guide Fraps Free Mp3 Wma Converter V 1.5.3 High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB889527) Hotfix for Windows XP (KB893357) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB903234) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB935448) IL Download Manager Intel(R) Graphics Media Accelerator Driver InterVideo WinDVD Java(TM) 6 Update 3 Learn2 Player (Uninstall Only) LUMIX Simple Viewer Macromedia Flash MX Map Button (Windows Live Toolbar) Messenger Plus! Live & Sponsor (CiD) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Standard Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works MonkeyJam 3_050529 Mozilla Firefox (2.0.0.12) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Nero BurnRights Nero Digital Nero OEM NeroVision Express Content Network Play System (Patching) OneCare Advisor (Windows Live Toolbar) OpenMG Secure Module 4.3.00 Papagayo 1.2 Popup Blocker (Windows Live Toolbar) QuickTime RealPlayer RGSS-RTP Standard RPGXP Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB900930) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB946026) Smart Menus (Windows Live Toolbar) SoftV92 Data Fax Modem with SmartCP SpeedFan (remove only) SUPERAntiSpyware Free Edition System Requirements Lab Tabbed Browsing (Windows Live Toolbar) Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB897663) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) VideoLAN VLC media player 0.8.6c Viewpoint Media Player Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Live Outlook Toolbar (Windows Live Toolbar) Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live Toolbar Feed Detector (Windows Live Toolbar) Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Hotfix - KB895181 Windows Media Player 10 Hotfix - KB888656 Windows Media Player 11 Windows Media Player 11 Windows Messenger 5.1 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883529 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB884018 Windows XP Hotfix - KB884020 Windows XP Hotfix - KB884575 Windows XP Hotfix - KB884868 Windows XP Hotfix - KB884883 Windows XP Hotfix - KB885222 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885295 Windows XP Hotfix - KB885523 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885855 Windows XP Hotfix - KB885887 Windows XP Hotfix - KB885894 Windows XP Hotfix - KB885932 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB886677 Windows XP Hotfix - KB886716 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB887797 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888240 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB888402 Windows XP Hotfix - KB889016 Windows XP Hotfix - KB889673 Windows XP Hotfix - KB890831 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891070 Windows XP Hotfix - KB891220 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB892050 Windows XP Hotfix - KB892627 Windows XP Hotfix - KB893056 Windows XP Hotfix - KB893086 Windows XP Hotfix - KB896626 Wireless LAN USB2.0 Adapter Wolfenstein - Enemy Territory Xfire (remove only) Yahoo! Companion Yahoo! Messenger with BT Communicator |
| |
|
#17
| ||||
| ||||
| Uninstall Viewpoint Media Player ---------- Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad.
Code: File:: C:\Program Files\Bias Wait Iso C:\sqmdata09.sqm C:\sqmnoopt09.sqm 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ![]() ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze ---------- Please download Malwarebytes' Anti-Malware (MBAM) to your desktop from either of these two links.
The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt ---------- Next post Combofix log MBAM log |
|
#18
| ||||
| ||||
| ComboFix 08-02-25.3 - Graham 2008-02-25 22:15:33.3 - NTFSx86 Running from: C:\Documents and Settings\Graham\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Graham\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Program Files\Bias Wait Iso C:\sqmdata09.sqm C:\sqmnoopt09.sqm . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\sqmdata09.sqm C:\sqmnoopt09.sqm . ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))) . 2008-02-24 17:44 . 2008-02-24 19:28 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-02-23 20:57 . 2008-02-23 20:57 <DIR> d-------- C:\WINDOWS\ERUNT 2008-02-23 20:50 . 2008-02-23 21:09 <DIR> d-------- C:\SDFix 2008-02-23 20:28 . 2008-02-23 20:28 <DIR> d-------- C:\VundoFix Backups 2008-02-23 20:14 . 2008-02-23 20:16 <DIR> d-------- C:\NoLopBackups 2008-02-23 19:41 . 2008-02-23 19:41 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-23 19:25 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-23 16:29 . 2008-02-23 16:29 <DIR> d-------- C:\Program Files\CCleaner 2008-02-23 14:15 . 2008-02-23 16:23 <DIR> d-------- C:\Documents and Settings\Graham\.housecall6.6 2008-02-16 22:59 . 2008-02-16 22:59 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\dvdcss 2008-02-16 17:49 . 2008-02-16 17:49 12,302,839 --------- C:\avg7qt.dat 2008-02-14 11:21 . 2008-02-14 11:21 <DIR> d-------- C:\Program Files\Bias Wait Iso 2008-01-31 02:02 . 2008-01-31 02:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-01-26 19:25 . 2008-02-23 19:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-01-26 19:25 . 2008-01-26 19:25 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\SUPERAntiSpyware.com 2008-01-26 19:25 . 2008-01-26 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-01-26 19:22 . 2008-01-26 19:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-26 19:18 . 2008-01-26 19:18 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\Grisoft 2008-01-26 19:17 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-02-25 20:43 --------- d-----w C:\Documents and Settings\Graham\Application Data\Xfire 2008-02-23 19:40 --------- d-----w C:\Program Files\Java 2008-02-16 19:01 --------- d-----w C:\Documents and Settings\Graham\Application Data\Bias Wait Iso 2008-02-16 18:54 --------- d-----w C:\Program Files\SpeedFan 2008-02-16 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-02-14 16:57 --------- d-s---w C:\Program Files\Xfire 2008-02-14 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Four Help Seek 1 2008-01-26 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-16 17:55 --------- d-----w C:\Program Files\Circle Developement 2008-01-16 16:20 --------- d-----w C:\Program Files\Image-Line 2008-01-16 16:17 --------- d-----w C:\Program Files\VstPlugins 2008-01-09 15:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe 2008-01-05 13:12 --------- d-----w C:\Program Files\LEGO Company 2008-01-04 23:12 --------- d-----w C:\Program Files\Windows Live 2008-01-04 23:12 --------- d-----w C:\Program Files\MSN Messenger 2008-01-04 23:12 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-04 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2007-12-26 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-26 11:37 --------- d-----w C:\Program Files\Digital Video 2007-12-26 11:36 --------- d-----w C:\Documents and Settings\Graham\Application Data\InstallShield 2007-12-25 17:21 --------- d-----w C:\Program Files\MonkeyJam 2007-04-15 11:18 24,192 ----a-w C:\Documents and Settings\Graham\usbsermptxp.sys 2007-04-15 11:18 22,768 ----a-w C:\Documents and Settings\Graham\usbsermpt.sys 2007-10-15 16:48 56 --sh--r C:\WINDOWS\system32\F64AF6059C.sys 2007-10-15 16:48 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "theowns"="C:\DOCUME~1\Graham\APPLIC~1\BIASWA~1\Sl owLoad.exe" [2008-02-14 11:20 435200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-22 07:26 185632] "RTHDCPL"="RTHDCPL.EXE" [2005-08-18 05:20 14820864 C:\WINDOWS\RTHDCPL.EXE] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 09:50 155648] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 10:50 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 10:51 114688] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 10:47 77824] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 15:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIACE.exe" [2005-02-08 04:00 98304] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 15:07 579072] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 23:22 497240] "AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOL SP Scheduler.exe" [2004-10-18 16:42 79448] "seek 1 skip mfcd"="C:\Documents and Settings\All Users\Application Data\Four Help Seek 1\Long bin.exe" [2008-02-25 19:28 2927104] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 10:19 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-10 19:06:38 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-01-20 19:34:26 156784] Intelligent Wireless Utility.lnk - C:\Program Files\Intelligent\Common\RaUI.exe [2006-11-11 11:18:12 626688] LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-12-02 09:48:19 61440] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\AOL 9.0\\waol.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Xfire\\xfire.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "27950:UDP"= 27950:UDP:Wolfenstein "27951:UDP"= 27951:UDP:Wolfenstein1 "27960:UDP"= 27960:UDP:Wolfenstein2 R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2005-01-13 08:28] S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 12:41] . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-25 22:21:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-02-25 22:25:38 ComboFix-quarantined-files.txt 2008-02-25 22:25:32 ComboFix2.txt 2008-02-25 21:59:18 ComboFix3.txt 2008-02-24 21:42:28 . 2008-02-13 12:22:05 --- E O F --- Malwarebytes' Anti-Malware 1.05 Database version: 408 Scan type: Full Scan (C:\|E:\|F:\|G:\|H:\|I:\|) Objects scanned: 86235 Time elapsed: 2 hour(s), 3 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
#19
| ||||
| ||||
| Delete this file C:\Program Files\Bias Wait Iso How is the computer now? Last edited by evilfantasy : 26th Feb 2008 at 11:45 AM. |
|
#20
| ||||
| ||||
| Erm.. It seems ok. Why is it I was getting all those popups anyway? (I may still get more, i need to wait) |
|
#21
| ||||
| ||||
Time to do some cleanup and secure the work you have done.
![]() The above procedure will:
Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it) 1. Double click OTMoveIt2.exe to launch it. 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
#22
| ||||
| ||||
| This is just an idea if you want virus scanners and spyware use avg 7.5 and kaspersky virus scanner |
|
#23
| ||||||||||||
| ||||||||||||
| __________________ My System: Krlll
|
![]() |
| Thread Tools | |
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Tonnes of viruses, i think!! | concept | Virus, Spyware & Security | 6 | 15th May 2008 12:12 PM |
| viruses??? | virusinfected | Virus, Spyware & Security | 39 | 31st Jul 2007 11:59 PM |
| How do i get rid of any viruses & spyware? | Ian M | Virus, Spyware & Security | 16 | 31st Jul 2007 03:23 PM |
| How do i remove viruses from my computer? | dastine_marie | Virus, Spyware & Security | 4 | 1st Apr 2007 08:21 AM |
| How do I take spyware or viruses off of a... | freakofnature | General Software Chat | 3 | 17th Mar 2007 07:35 PM |
| Powered by vBulletin® Copyright ©2000 - 2008 Jelsoft Enterprises Ltd. SEO by vBSEO ©2008, Crawlability, Inc. |