Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Viruses

Register Points Site Spy New Posts Donate Unanswered Posts Search Forum Rules


Closed Thread
< 1 2
 
LinkBack Thread Tools
  #16  
Old 25th Feb 2008, 02:02 PM
rsteenoven's Avatar
Member Group
 
rsteenoven is offline
 
Join Date: 5th Sep 2007
Last Online: 30th Sep 2008 10:15 AM
Posts: 57
iTrader: (0)
rsteenoven is on a distinguished road
Default Viruses
ComboFix 08-02-25.3 - Graham 2008-02-25 21:51:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.50 [GMT 0:00]
Running from: C:\Documents and Settings\Graham\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-24 17:44 . 2008-02-24 19:28 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-23 20:57 . 2008-02-23 20:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-23 20:50 . 2008-02-23 21:09 <DIR> d-------- C:\SDFix
2008-02-23 20:28 . 2008-02-23 20:28 <DIR> d-------- C:\VundoFix Backups
2008-02-23 20:14 . 2008-02-23 20:16 <DIR> d-------- C:\NoLopBackups
2008-02-23 19:41 . 2008-02-23 19:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-23 19:25 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-23 16:29 . 2008-02-23 16:29 <DIR> d-------- C:\Program Files\CCleaner
2008-02-23 14:15 . 2008-02-23 16:23 <DIR> d-------- C:\Documents and Settings\Graham\.housecall6.6
2008-02-16 22:59 . 2008-02-16 22:59 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\dvdcss
2008-02-16 17:49 . 2008-02-16 17:49 12,302,839 --------- C:\avg7qt.dat
2008-02-14 11:21 . 2008-02-14 11:21 <DIR> d-------- C:\Program Files\Bias Wait Iso
2008-02-05 19:36 . 2008-02-05 19:36 268 --ah----- C:\sqmdata09.sqm
2008-02-05 19:36 . 2008-02-05 19:36 244 --ah----- C:\sqmnoopt09.sqm
2008-01-31 02:02 . 2008-01-31 02:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-26 19:25 . 2008-02-23 19:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 19:25 . 2008-01-26 19:25 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\SUPERAntiSpyware.com
2008-01-26 19:25 . 2008-01-26 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 19:22 . 2008-01-26 19:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 19:18 . 2008-01-26 19:18 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\Grisoft
2008-01-26 19:17 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-25 20:43 --------- d-----w C:\Documents and Settings\Graham\Application Data\Xfire
2008-02-23 19:40 --------- d-----w C:\Program Files\Java
2008-02-16 19:01 --------- d-----w C:\Documents and Settings\Graham\Application Data\Bias Wait Iso
2008-02-16 18:54 --------- d-----w C:\Program Files\SpeedFan
2008-02-16 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-14 16:57 --------- d-s---w C:\Program Files\Xfire
2008-02-14 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Four Help Seek 1
2008-01-26 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 17:55 --------- d-----w C:\Program Files\Circle Developement
2008-01-16 16:20 --------- d-----w C:\Program Files\Image-Line
2008-01-16 16:17 --------- d-----w C:\Program Files\VstPlugins
2008-01-09 15:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-05 13:12 --------- d-----w C:\Program Files\LEGO Company
2008-01-04 23:12 --------- d-----w C:\Program Files\Windows Live
2008-01-04 23:12 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 23:12 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-04 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-26 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 11:37 --------- d-----w C:\Program Files\Digital Video
2007-12-26 11:36 --------- d-----w C:\Documents and Settings\Graham\Application Data\InstallShield
2007-12-25 17:21 --------- d-----w C:\Program Files\MonkeyJam
2007-04-15 11:18 24,192 ----a-w C:\Documents and Settings\Graham\usbsermptxp.sys
2007-04-15 11:18 22,768 ----a-w C:\Documents and Settings\Graham\usbsermpt.sys
2007-10-15 16:48 56 --sh--r C:\WINDOWS\system32\F64AF6059C.sys
2007-10-15 16:48 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"theowns"="C:\DOCUME~1\Graham\APPLIC~1\BIASWA~1\Sl owLoad.exe" [2008-02-14 11:20 435200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-22 07:26 185632]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 05:20 14820864 C:\WINDOWS\RTHDCPL.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 09:50 155648]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 10:50 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 10:51 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 10:47 77824]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 15:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIACE.exe" [2005-02-08 04:00 98304]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 15:07 579072]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 23:22 497240]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOL SP Scheduler.exe" [2004-10-18 16:42 79448]
"seek 1 skip mfcd"="C:\Documents and Settings\All Users\Application Data\Four Help Seek 1\Long bin.exe" [2008-02-25 19:28 2927104]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 10:19 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-10 19:06:38 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-01-20 19:34:26 156784]
Intelligent Wireless Utility.lnk - C:\Program Files\Intelligent\Common\RaUI.exe [2006-11-11 11:18:12 626688]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-12-02 09:48:19 61440]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"27950:UDP"= 27950:UDP:Wolfenstein
"27951:UDP"= 27951:UDP:Wolfenstein1
"27960:UDP"= 27960:UDP:Wolfenstein2

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2005-01-13 08:28]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 12:41]

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 21:55:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-25 21:59:16
ComboFix2.txt 2008-02-24 21:42:28
.
2008-02-13 12:22:05 --- E O F ---



Adobe Flash Player 9 ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.9
Adobe Shockwave Player
Allok MOV Converter 2.0.8
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Connectivity Services
AOL Spyware Protection
AOL Toolbar
AOL UK (Choose which version to remove)
AOL You've Got Pictures Screensaver
ASIO4ALL
AVG 7.5
AVG Anti-Spyware 7.5
CCleaner (remove only)
Celtx (0.9.9.5)
Collab
Digital Video
DivX Codec
DivX Content Uploader
DivX Player
DivX Web Player
DSA Official Theory Test for Drivers of Large Vehicles
EPSON Printer Software
EPSON Scan
ESDX3800 User's Guide
Fraps
Free Mp3 Wma Converter V 1.5.3
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB889527)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB903234)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
IL Download Manager
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
Java(TM) 6 Update 3
Learn2 Player (Uninstall Only)
LUMIX Simple Viewer
Macromedia Flash MX
Map Button (Windows Live Toolbar)
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MonkeyJam 3_050529
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero BurnRights
Nero Digital
Nero OEM
NeroVision Express Content
Network Play System (Patching)
OneCare Advisor (Windows Live Toolbar)
OpenMG Secure Module 4.3.00
Papagayo 1.2
Popup Blocker (Windows Live Toolbar)
QuickTime
RealPlayer
RGSS-RTP Standard
RPGXP
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB900930)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Smart Menus (Windows Live Toolbar)
SoftV92 Data Fax Modem with SmartCP
SpeedFan (remove only)
SUPERAntiSpyware Free Edition
System Requirements Lab
Tabbed Browsing (Windows Live Toolbar)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB897663)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Hotfix - KB895181
Windows Media Player 10 Hotfix - KB888656
Windows Media Player 11
Windows Media Player 11
Windows Messenger 5.1
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883529
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB884868
Windows XP Hotfix - KB884883
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885523
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885887
Windows XP Hotfix - KB885894
Windows XP Hotfix - KB885932
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB886716
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889016
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890831
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891070
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB893086
Windows XP Hotfix - KB896626
Wireless LAN USB2.0 Adapter
Wolfenstein - Enemy Territory
Xfire (remove only)
Yahoo! Companion
Yahoo! Messenger with BT Communicator
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
  #17  
Old 25th Feb 2008, 02:11 PM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 06:46 PM
Posts: 5,338
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Viruses
Uninstall Viewpoint Media Player

----------

 Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
File::
C:\Program Files\Bias Wait Iso
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

----------

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop from either of these two links.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location such as the desktop.
  • Copy and Paste that log into your next reply.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

----------

Next post
Combofix log
MBAM log
__________________
.
.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
  #18  
Old 26th Feb 2008, 11:42 AM
rsteenoven's Avatar
Member Group
 
rsteenoven is offline
 
Join Date: 5th Sep 2007
Last Online: 30th Sep 2008 10:15 AM
Posts: 57
iTrader: (0)
rsteenoven is on a distinguished road
Default Viruses
ComboFix 08-02-25.3 - Graham 2008-02-25 22:15:33.3 - NTFSx86
Running from: C:\Documents and Settings\Graham\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Graham\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Bias Wait Iso
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata09.sqm
C:\sqmnoopt09.sqm

.
((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-24 17:44 . 2008-02-24 19:28 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-23 20:57 . 2008-02-23 20:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-23 20:50 . 2008-02-23 21:09 <DIR> d-------- C:\SDFix
2008-02-23 20:28 . 2008-02-23 20:28 <DIR> d-------- C:\VundoFix Backups
2008-02-23 20:14 . 2008-02-23 20:16 <DIR> d-------- C:\NoLopBackups
2008-02-23 19:41 . 2008-02-23 19:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-23 19:25 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-23 16:29 . 2008-02-23 16:29 <DIR> d-------- C:\Program Files\CCleaner
2008-02-23 14:15 . 2008-02-23 16:23 <DIR> d-------- C:\Documents and Settings\Graham\.housecall6.6
2008-02-16 22:59 . 2008-02-16 22:59 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\dvdcss
2008-02-16 17:49 . 2008-02-16 17:49 12,302,839 --------- C:\avg7qt.dat
2008-02-14 11:21 . 2008-02-14 11:21 <DIR> d-------- C:\Program Files\Bias Wait Iso
2008-01-31 02:02 . 2008-01-31 02:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-26 19:25 . 2008-02-23 19:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 19:25 . 2008-01-26 19:25 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\SUPERAntiSpyware.com
2008-01-26 19:25 . 2008-01-26 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 19:22 . 2008-01-26 19:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 19:18 . 2008-01-26 19:18 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\Grisoft
2008-01-26 19:17 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-25 20:43 --------- d-----w C:\Documents and Settings\Graham\Application Data\Xfire
2008-02-23 19:40 --------- d-----w C:\Program Files\Java
2008-02-16 19:01 --------- d-----w C:\Documents and Settings\Graham\Application Data\Bias Wait Iso
2008-02-16 18:54 --------- d-----w C:\Program Files\SpeedFan
2008-02-16 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-14 16:57 --------- d-s---w C:\Program Files\Xfire
2008-02-14 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Four Help Seek 1
2008-01-26 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 17:55 --------- d-----w C:\Program Files\Circle Developement
2008-01-16 16:20 --------- d-----w C:\Program Files\Image-Line
2008-01-16 16:17 --------- d-----w C:\Program Files\VstPlugins
2008-01-09 15:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-05 13:12 --------- d-----w C:\Program Files\LEGO Company
2008-01-04 23:12 --------- d-----w C:\Program Files\Windows Live
2008-01-04 23:12 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 23:12 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-04 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-26 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 11:37 --------- d-----w C:\Program Files\Digital Video
2007-12-26 11:36 --------- d-----w C:\Documents and Settings\Graham\Application Data\InstallShield
2007-12-25 17:21 --------- d-----w C:\Program Files\MonkeyJam
2007-04-15 11:18 24,192 ----a-w C:\Documents and Settings\Graham\usbsermptxp.sys
2007-04-15 11:18 22,768 ----a-w C:\Documents and Settings\Graham\usbsermpt.sys
2007-10-15 16:48 56 --sh--r C:\WINDOWS\system32\F64AF6059C.sys
2007-10-15 16:48 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"theowns"="C:\DOCUME~1\Graham\APPLIC~1\BIASWA~1\Sl owLoad.exe" [2008-02-14 11:20 435200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-22 07:26 185632]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 05:20 14820864 C:\WINDOWS\RTHDCPL.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 09:50 155648]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 10:50 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 10:51 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 10:47 77824]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 15:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIACE.exe" [2005-02-08 04:00 98304]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 15:07 579072]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 23:22 497240]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOL SP Scheduler.exe" [2004-10-18 16:42 79448]
"seek 1 skip mfcd"="C:\Documents and Settings\All Users\Application Data\Four Help Seek 1\Long bin.exe" [2008-02-25 19:28 2927104]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 10:19 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-10 19:06:38 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-01-20 19:34:26 156784]
Intelligent Wireless Utility.lnk - C:\Program Files\Intelligent\Common\RaUI.exe [2006-11-11 11:18:12 626688]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-12-02 09:48:19 61440]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"27950:UDP"= 27950:UDP:Wolfenstein
"27951:UDP"= 27951:UDP:Wolfenstein1
"27960:UDP"= 27960:UDP:Wolfenstein2

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2005-01-13 08:28]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 12:41]

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 22:21:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-25 22:25:38
ComboFix-quarantined-files.txt 2008-02-25 22:25:32
ComboFix2.txt 2008-02-25 21:59:18
ComboFix3.txt 2008-02-24 21:42:28
.
2008-02-13 12:22:05 --- E O F ---



Malwarebytes' Anti-Malware 1.05
Database version: 408

Scan type: Full Scan (C:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 86235
Time elapsed: 2 hour(s), 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
  #19  
Old 26th Feb 2008, 11:45 AM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 06:46 PM
Posts: 5,338
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Viruses
Delete this file C:\Program Files\Bias Wait Iso

How is the computer now?
__________________
.
.
Last edited by evilfantasy : 26th Feb 2008 at 11:45 AM.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
  #20  
Old 26th Feb 2008, 11:56 AM
rsteenoven's Avatar
Member Group
 
rsteenoven is offline
 
Join Date: 5th Sep 2007
Last Online: 30th Sep 2008 10:15 AM
Posts: 57
iTrader: (0)
rsteenoven is on a distinguished road
Default Viruses
Erm.. It seems ok. Why is it I was getting all those popups anyway? (I may still get more, i need to wait)
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
  #21  
Old 26th Feb 2008, 12:10 PM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 06:46 PM
Posts: 5,338
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Viruses
Why is it I was getting all those popups anyway?
Really not sure to be honest. If they come back we can run some new scans and track them down though.


Time to do some cleanup and secure the work you have done.
  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.


The above procedure will:
  • Delete:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it)

1. Double click OTMoveIt2.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • When finished exit out of OTMoveIt2

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
.
.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
  #22  
Old 22nd Mar 2008, 02:25 PM
computer lover786's Avatar
Member Group
 
computer lover786 is offline
 
Join Date: 22nd Mar 2008
Last Online: 18th May 2008 01:18 AM
Posts: 57
iTrader: (0)
computer lover786 is on a distinguished road
Default Viruses
This is just an idea if you want virus scanners and spyware use avg 7.5 and kaspersky virus scanner
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
  #23  
Old 22nd Mar 2008, 06:59 PM
Krlll's Avatar
Krlll  Ireland
Donor Group
 
Krlll is offline
 
Join Date: 20th Jul 2007
Last Online: 16th Sep 2008 05:51 PM
Posts: 682
iTrader: (0)
Krlll will become famous soon enoughKrlll will become famous soon enoughKrlll will become famous soon enoughKrlll will become famous soon enough
Default Viruses
Originally Posted by computer lover786 View Post
This is just an idea if you want virus scanners and spyware use avg 7.5 and kaspersky virus scanner
Use 2 virus scanners?
Ignore this advice people.
__________________
__________________

My System: Krlll

CPU(s):
Intel E6600@3.45Ghz
Motherboard:
EVGA 680i SLi
RAM:
2x1GB Crucial Ballistix Tracer+2x1GB OCZ
Graphics Card(s):
EVGA 8800GTX
Sound Card:
Onboard HDA
Hard Drive(s):
1xSB 400GB,1xMaxtor 300GB,1xWD 180GB
Optical Drive(s):
1xDVD PHILIPS DVD+-RW
Case / PSU:
CM Wavemaster/Enermax Infiniti 720W
Cooling:
Tuniq Tower 120+4x80mm+1x120mm
Network / Internet:
Dual Gigabit Ethernet
Monitor(s):
Acer 22" widescreen
Operating System(s):
WinXP64 + VistaX64

Want your system info in your signature?
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
  #24  
Old 22nd Mar 2008, 07:05 PM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 06:46 PM
Posts: 5,338
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Viruses
Good one krIII.

This is also an old topic.

* Closed.
__________________
.
.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post

Please support this forum, donate towards our running costs.
Closed Thread
< 1 2

Thread Tools
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Tonnes of viruses, i think!! concept Virus, Spyware & Security 6 15th May 2008 12:12 PM
viruses??? virusinfected Virus, Spyware & Security 39 31st Jul 2007 11:59 PM
How do i get rid of any viruses & spyware? Ian M Virus, Spyware & Security 16 31st Jul 2007 03:23 PM
How do i remove viruses from my computer? dastine_marie Virus, Spyware & Security 4 1st Apr 2007 08:21 AM
How do I take spyware or viruses off of a... freakofnature General Software Chat 3 17th Mar 2007 07:35 PM


Copyright ©2006 - 2008 Computer Juice.
Contact Us - Privacy Statement - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2008 Jelsoft Enterprises Ltd. SEO by vBSEO ©2008, Crawlability, Inc.