Wimad-E virus????

jonofisher · #1 21st Sep 2008, 16:43

HI Evil Fantasy - i am having a similar problem to the other user here. I have downloaded and run combofix, the output of which is below. I would greatly appreciate any assistance you might be able to provide. I know the file that the trojan came in - i have tried to delete it but windows will not let me - says it is in use. Any thoughts would be most welcome.

Thanks

ComboFix 08-09-20.05 - Administrator 2008-09-22 0:29:51.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yi eldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adver tising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-baa.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-discoverynetwork.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-mastercard.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-tfl.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@foxto ns.co[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hits. gureport.co[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@news. uk.msn[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsc i[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rtm[6].txt
C:\Documents and Settings\Administrator\Cookies\administrator@servi ng-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@speci ficclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statc ounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ths.n ews.com[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trade doubler[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tsw0[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ww0.t imeout[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.r eed.co[2].txt
C:\WINDOWS\system32\lsprst7.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.
2008-09-22 00:28 . 2008-09-16 01:03 <DIR> d-------- C:\32788R22FWJFW
2008-09-22 00:00 . 2008-09-22 00:00 <DIR> d-------- C:\Program Files\Exterminate It!
2008-09-14 21:22 . 2008-04-14 01:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-14 20:54 . 2008-09-14 20:54 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-14 20:54 . 2008-09-14 20:54 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-14 20:54 . 2008-09-14 20:54 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-14 20:27 . 2008-04-13 18:28 2,940,928 --------- C:\WINDOWS\system32\dllcache\wmploc.dll
2008-09-14 20:26 . 2008-04-14 01:10 844,314 --------- C:\WINDOWS\system32\dllcache\msdxm.ocx
2008-09-13 18:04 . 2008-09-13 18:04 <DIR> d-------- C:\Program Files\Java
2008-09-13 18:04 . 2008-09-13 18:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-09-13 18:04 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-13 18:03 . 2008-09-13 18:03 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-13 18:00 . 2008-09-13 18:00 <DIR> d-------- C:\Program Files\LimeWire
2008-09-13 12:43 . 2008-09-13 12:43 <DIR> d-------- C:\Program Files\iDump
2008-09-13 12:08 . 2008-09-13 12:08 <DIR> d-------- C:\Program Files\iTunes
2008-09-13 12:08 . 2008-09-13 12:08 <DIR> d-------- C:\Program Files\iPod
2008-09-13 12:08 . 2008-09-13 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-13 12:08 . 2008-09-13 12:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-09-13 12:08 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-13 12:08 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-13 12:07 . 2008-09-13 12:07 <DIR> d-------- C:\Program Files\QuickTime
2008-09-13 12:07 . 2008-09-13 12:07 <DIR> d-------- C:\Program Files\Bonjour
2008-09-13 12:07 . 2008-09-13 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-13 12:06 . 2008-09-13 12:06 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-09-13 12:06 . 2008-09-13 12:06 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-13 12:06 . 2008-09-13 12:06 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-13 12:06 . 2008-09-13 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-03 07:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-08-03 07:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-08-03 07:32 --------- d-----w C:\Program Files\Skype
2008-08-03 07:31 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-03 07:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-26 08:15 619,520 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-26 08:15 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 15:09 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 15:09 3,067,392 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-04-21 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 580096]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"bgsmsnd.exe"="C:\WINDOWS\system32\bgsmsnd.exe " [2007-11-19 160136]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"S3TRAY2"="S3Tray2.exe" [2001-10-11 C:\WINDOWS\system32\S3Tray2.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 C:\WINDOWS\AGRSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-19 219136]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2003-05-15 13904]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f1882860-129d-11dd-89b6-000d60cb61ce}]
\Shell\AutoRun\command - E:\LaunchU3.exe
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 -: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
C:\WINDOWS\Downloaded Program Files\acpir.inf
C:\WINDOWS\System32\capicom.dll
C:\WINDOWS\Downloaded Program Files\acpir2.dll
O16 -: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.eu/cabs/QOLCheck.ocx
C:\WINDOWS\Downloaded Program Files\QOLCheck.ocx
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 00:32:33
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-09-22 0:33:07
ComboFix-quarantined-files.txt 2008-09-21 23:33:06
Pre-Run: 9,484,075,008 bytes free
Post-Run: 9,686,056,960 bytes free
167 --- E O F --- 2008-09-16 07:01:45

**evilfantasy** · #2 21st Sep 2008, 17:37

Download TrendMicro HijackThis.exe (HJT) to the Desktop.

Double-click on HJTInstall.
Click on the Install button.
It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
Upon install, HijackThis should open for you.
Click on the Do a system scan and save a log file button
HijackThis will scan and then a log will open in notepad.
Copy and then paste the entire contents of the log in your post.
Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

jonofisher · #3 21st Sep 2008, 23:43

Thanks for the help. output of file below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:40:46, on 22/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\bgsmsnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\system32\bgsmsnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.eu/cabs/QOLCheck.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 6502 bytes

**evilfantasy** · #4 22nd Sep 2008, 07:42

I don't see any malware, what problems are you having?

You can run the scans here http://www.computer-juice.com/forums...-posting-7476/ and post the logs when complete. Look at the AVG information. You need to update yours.

jonofisher · #5 22nd Sep 2008, 10:38

Hi Evilfantasy - thanks. The problem is this: A suspect mp3 was downloaded from limewire. i think it has been double clicked on, and certainly was attempted to load into itunes. (However it won't have been run with media player - don't use that - does that matter as i read somewhere that wimad uses windows mediaplayer vulnerability). I then scanned the file with AVG which picked up Wimad E. But it wont seem to let me delete it or quarantine it Further, if i just try and delete the file, windows says the file is in use and therefore can't be deleted.

I will go through the steps you suggest on that other page.

Thanks

**evilfantasy** · #6 22nd Sep 2008, 10:41

Post the log from MalwareBytes. If that doesn't find it we will use another scanner to find it.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Virus Question - Can anyone tell me if i may have a virus	billozz	Virus, Spyware & Security	1	2nd Apr 2009 13:58
My friends MAC has a virus...umm...yeah...a Virus...	cheesepuff	Virus, Spyware & Security	3	29th Oct 2008 12:58
Just got a virus	mpenney	Virus, Spyware & Security	9	25th Oct 2008 19:48
Please Please Pleeease Help, Wimad-E virus????	LiamRepiso	Virus, Spyware & Security	16	10th Sep 2008 04:39
Ive got one bad Virus	Demtschuk	Virus, Spyware & Security	9	2nd Mar 2008 12:10