Reply to guy who needs help - Free Antivirus Forum

Reply to guy who needs help

BullGuard Antivirus Forum > Virus Removal > Removal Tools > Reply to guy who needs help

Forum Quick Jump

30 posts in this thread.
Viewing Page : 1 2

[ << Previous Thread | Next Thread >> ]

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 7-10-2008 9:39 (GMT +1)

We´ll deal with the sound problem later. After installing and run new antivirus, yes- run combofix

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

efekt101
New Member

Date Joined Feb 2008
Total Posts : 37

Posted 7-10-2008 2:32 (GMT +1)

heres new combo logg

ComboFix 08-07-09.5 - Owner 2008-07-10 5:10:42.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.232 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\rhc36oj0eedv
C:\Program Files\rhc36oj0eedv
C:\WINDOWS\system32\blphc76oj0eedv.scr
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\phc76oj0eedv.bmp

.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-10 01:39 . 2008-07-10 04:22 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-10 01:30 . 2008-07-10 01:34 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d-------- C:\Program Files\AVG
2008-07-10 01:30 . 2008-07-10 05:04 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-10 01:30 . 2008-07-10 01:30 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-10 01:30 . 2008-07-10 01:30 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-10 01:30 . 2008-07-10 01:30 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-10 00:54 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-07-10 00:38 . 2008-07-10 00:38 <DIR> d-------- C:\Program Files\Realtek
2008-07-10 00:36 . 2008-03-05 18:07 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2008-07-10 00:36 . 2008-07-10 00:36 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-07-09 04:34 . 2008-07-10 03:25 <DIR> d-------- C:\Program Files\vtkhqef
2008-07-09 04:21 . 2008-07-09 04:29 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-07-09 04:21 . 2008-07-09 04:38 77,027 --a------ C:\WINDOWS\War3Unin.dat
2008-07-09 04:21 . 2008-07-09 04:29 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-07-09 00:00 . 2008-04-22 21:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-09 00:00 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-09 00:00 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-09 00:00 . 2008-04-22 21:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-09 00:00 . 2008-04-22 21:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-09 00:00 . 2008-04-22 21:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-09 00:00 . 2008-04-22 21:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-09 00:00 . 2008-04-22 21:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-09 00:00 . 2008-04-22 00:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-08 14:27 . 2008-07-09 15:59 2,104 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-08 14:25 . 2004-01-27 07:18 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-08 14:25 . 2004-01-28 01:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-08 14:25 . 2004-01-27 06:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-08 14:25 . 2004-01-27 07:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-08 14:25 . 2004-01-28 01:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2008-07-08 14:25 . 2008-07-10 01:31 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-08 14:22 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-08 14:22 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-08 14:22 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-08 14:22 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-08 14:22 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-08 14:22 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-08 14:22 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-08 14:22 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-08 14:22 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-07 04:02 . 2008-07-08 23:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 04:02 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-07 04:02 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-05 22:35 . 2008-07-05 22:35 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-05 21:00 . 2008-07-05 22:25 <DIR> d-------- C:\WINDOWS\system32\2210
2008-07-05 20:50 . 2008-07-05 20:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Aim
2008-07-05 20:04 . 2006-08-21 02:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-07-05 20:04 . 2006-08-21 02:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-07-05 20:04 . 2006-08-21 05:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-07-05 19:32 . 2008-07-10 03:13 <DIR> d-------- C:\WINDOWS\system32\olixds06
2008-07-05 19:32 . 2008-07-05 19:32 <DIR> d-------- C:\temp\stmpv4
2008-07-05 19:31 . 2008-07-06 01:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-07-05 19:31 . 2008-07-10 03:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fmdilwru
2008-07-05 19:30 . 2008-07-10 02:34 <DIR> d-------- C:\Program Files\uTorrent
2008-07-05 17:15 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-05 17:14 . 2007-07-09 06:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-07-05 17:04 . 2006-06-14 01:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-07-05 17:04 . 2006-06-14 02:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-07-05 17:04 . 2006-06-14 01:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-07-03 10:07 . 2008-07-03 10:07 <DIR> d-------- C:\Program Files\MagicISO
2008-07-02 21:04 . 2008-07-02 21:04 <DIR> d-------- C:\Program Files\D-Tools
2008-07-02 21:04 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-07-02 21:04 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-07-01 22:09 . 2008-07-01 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-01 22:08 . 2008-07-07 02:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2008-07-01 22:04 . 2008-07-01 22:05 <DIR> d-------- C:\Program Files\Vuze
2008-07-01 21:55 . 2008-07-02 05:16 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-26 01:36 . 2004-08-20 15:50 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2008-06-26 00:06 . 2004-08-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-06-26 00:06 . 2004-08-03 23:07 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-06-24 16:43 . 2008-06-24 16:43 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-06-24 16:43 . 2003-07-17 02:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-06-24 16:43 . 2004-12-31 17:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-06-24 15:22 . 2008-06-24 15:22 <DIR> d-------- C:\Program Files\NHN USA
2008-06-24 15:22 . 2008-06-24 15:22 <DIR> d-------- C:\ijji
2008-06-24 15:22 . 2008-06-24 16:41 <DIR> d--h----- C:\Documents and Settings\Owner\Application Data\ijjigame
2008-06-24 15:22 . 2008-06-17 19:28 710,064 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2008-06-24 15:22 . 2008-06-11 23:01 58,800 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2008-06-22 20:24 . 2004-08-04 00:56 148,480 --------- C:\WINDOWS\system32\wscui.cpl
2008-06-22 20:24 . 2004-08-04 00:56 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2008-06-22 20:24 . 2004-08-04 00:56 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2008-06-22 20:24 . 2004-08-04 00:56 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2008-06-22 20:24 . 2004-08-04 00:56 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2008-06-22 20:24 . 2004-08-04 00:56 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2008-06-22 20:22 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-06-22 20:21 . 2004-08-04 00:56 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-06-22 20:20 . 2004-08-04 00:56 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2008-06-22 20:19 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-06-22 20:18 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-22 20:17 . 2004-08-04 00:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-06-22 16:58 . 2005-10-20 15:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-06-22 16:04 . 2008-06-22 16:04 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-22 16:03 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-22 15:33 . 2004-08-04 00:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-06-22 15:33 . 2004-08-04 00:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-06-22 15:33 . 2004-08-04 00:56 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-06-22 15:33 . 2004-08-04 00:56 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-06-22 15:24 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-06-22 15:24 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-06-22 15:24 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-06-22 15:24 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-06-22 15:24 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-06-22 15:24 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-06-22 15:24 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-06-22 12:22 . 2008-06-22 12:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-22 12:22 . 2008-06-22 12:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-20 10:41 . 2008-06-20 10:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 03:44 . 2008-06-20 03:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-18 18:06 . 2002-08-29 03:41 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-18 18:06 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-18 18:06 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-16 16:47 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-16 16:45 . 2008-06-16 16:45 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-06-16 16:45 . 2008-06-22 12:22 9,533 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-06-16 13:46 . 2008-06-16 13:46 3,762 -rahs---- C:\WINDOWS\system32\drivers\HP_DW255A-ABA SR1020N NA510_YC_Pres_QMXK410_E42NAheREG3_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.08_T040225_WXH1_L409_M504_J80_7Intel_8Celeron_92.8_1_N10EC8139_P_Z11C1044C_K_A808624C5.MRK
2008-06-16 13:43 . 2004-01-27 07:18 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-16 13:39 . 2004-08-03 23:14 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-06-16 13:39 . 2004-08-03 22:58 24,576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-06-16 13:37 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-16 13:37 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-16 12:12 . 2008-07-09 04:24 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 07:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 05:58 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-06 05:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-06 05:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 00:03 4,745,216 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-07-03 23:51 16,876,032 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-06-24 18:56 --------- d-----w C:\Program Files\DivX
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 23:42 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
2008-06-19 23:27 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
2008-06-19 23:20 57,344 ----a-w C:\WINDOWS\Alcmtr.exe
2008-06-19 01:01 77,824 ----a-w C:\WINDOWS\SoundMan.exe
2008-06-17 06:46 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-06-16 23:45 --------- d-----w C:\Program Files\QuickTime
2008-06-16 23:11 --------- d-----w C:\Program Files\Google
2008-06-16 21:40 3,888 ----a-w C:\WINDOWS\viassary-hp.reg
2008-06-16 21:39 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-15 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-11 16:53 --------- d-----w C:\Program Files\AIM
2008-06-10 02:25 --------- d-----w C:\Program Files\Apple Software Update
2008-05-27 16:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-26 19:29 --------- d-----w C:\Program Files\The KMPlayer
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-16 18:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-14 01:49 --------- d-----w C:\Program Files\Sun
2008-05-14 01:43 --------- d-----w C:\Program Files\LimeWire
2008-05-14 01:26 --------- d-----w C:\Program Files\iTunes
2008-05-14 01:26 --------- d-----w C:\Program Files\iPod
2008-05-14 01:25 --------- d-----w C:\Program Files\Bonjour
2008-05-14 01:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-14 01:21 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-14 01:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-16 16:11 171448]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-06 13:50 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 15:51 118784]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:15 483328]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 17:50 221184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-16 16:45 98304]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 15:55 155648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-10 01:30 1232152]
"LTMSG"="LTMSG.exe" [2003-07-14 18:52 40960 C:\WINDOWS\ltmsg.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 05:49:48 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-10 01:30]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-10 01:30]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-10 01:30]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-10 01:30]
S4 PlugPlayRPC;Plug and Play (RPC);C:\WINDOWS\portsv.exe service []

.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 03:41:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-16 21:39:57 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-07-07 09:00:00 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Explorer_Run-04yAYIz21U - C:\Documents and Settings\All Users\Application Data\fmdilwru\xwdgbmrq.exe
SSODL-actsys-{00AA6614-95EF-F4F3-CFC5-09E0B0344BF5} - C:\Program Files\vtkhqef\actsys.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 05:14:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-07-10 5:18:06
ComboFix-quarantined-files.txt 2008-07-10 12:17:01
ComboFix2.txt 2008-07-10 07:04:40

Pre-Run: 60,618,563,584 bytes free
Post-Run: 60,636,057,600 bytes free

249 --- E O F --- 2008-07-09 11:24:52

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 7-10-2008 4:35 (GMT +1)

Looks clean.

How are things running ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

efekt101
New Member

Date Joined Feb 2008
Total Posts : 37

Posted 7-10-2008 10:16 (GMT +1)

yah thanks a lot ur a lot of help.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 7-11-2008 8:22 (GMT +1)

My pleasure smile

To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore. To do so, follow these steps:
System Restore

Please download OTMoveIt by OldTimer: http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

1. Save it to your desktop.

2. Please double-click OTMoveIt.exe to run it.

3. Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.

4. This step removes the files, folders, and shortcuts created by the tools I had you download and run.

Please read Tony Klein's excellent article about how to prevent against spyware/hijackers in the future

http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

30 posts in this thread.
Viewing Page : 1 2

Forum Information

Currently it is Saturday, November 22, 2008 12:24 PM (GMT +1)
There are a total of 64.045 posts in 15.836 threads.
In the last 3 days there were 26 new threads and 155 reply posts. View Active Threads