Welcome to GeekPolice!
HomeWin32/Cryptor + Generic13 + many others
Page 1 of 2
Page 1 of 2 • 1, 2 
- laika284
Novice
-
OS : Windows XP
Posts : 29
Rubies : 3266
Likes : 0 
laika284 on 16th June 2009, 6:50 am
Hello,
I found this site through google and saw that you've been helping two others with very similar problems, so I hope that you can help me. I've tried to do all I can, with multiple scans of AVG8.5, Spybot S&D, Malwarebytes Anti-Malware and Superantispyware, to no avail and I'm at my wit's end.
I visited a site last night that seemed fine and was scanned by my AVG, but it must've somehow infected my PC with numerous things. I immediately tried a scan with AVG, but it stopped 10 minutes in (usually takes an hour) and said that the scan was not completed nor canceled, but 'repaired' so I've been doing nothing but scanning in safe mode since.
Offline scans in safe mode with AVG confirmed the Win32/Cryptor and the Generic13.ATPH, but upon a reboot and another scan, they're still exactly where they were. Numerous scans with these other programs have turned up Backdoor.Generic11, Trojan.Agent, Win32/Alureon, Rootkit.Agent/GenUACFake, Clicker.ZOW/Clicker.ZOT and others. My last scans have been almost clean, but Spybot keeps picking up Microsoft.WindowsSecurityCenter_disabled, which is troubling. Plus, some of these infections seem to disappear or not get picked up by any scans, then suddenly pop back up. After a bunch of scans, I've been able to download and install Malwarebytes and superantispyware, which many people with this infection haven't been able to do, so that gives me a bit of hope.
Anyway, sorry for all the text, but I wanted to be as thorough as I can because this is really, really driving me crazy. Any help you experts can offer would be greatly appreciated. Here's my Hijackthis log (Which is still open, with a list of all the stuff it's found, with options to fix things, analyze things..I suppose I should shut it down now?):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:48 AM, on 6/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\David\Desktop\hijackgpthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9920 bytes
I found this site through google and saw that you've been helping two others with very similar problems, so I hope that you can help me. I've tried to do all I can, with multiple scans of AVG8.5, Spybot S&D, Malwarebytes Anti-Malware and Superantispyware, to no avail and I'm at my wit's end.
I visited a site last night that seemed fine and was scanned by my AVG, but it must've somehow infected my PC with numerous things. I immediately tried a scan with AVG, but it stopped 10 minutes in (usually takes an hour) and said that the scan was not completed nor canceled, but 'repaired' so I've been doing nothing but scanning in safe mode since.
Offline scans in safe mode with AVG confirmed the Win32/Cryptor and the Generic13.ATPH, but upon a reboot and another scan, they're still exactly where they were. Numerous scans with these other programs have turned up Backdoor.Generic11, Trojan.Agent, Win32/Alureon, Rootkit.Agent/GenUACFake, Clicker.ZOW/Clicker.ZOT and others. My last scans have been almost clean, but Spybot keeps picking up Microsoft.WindowsSecurityCenter_disabled, which is troubling. Plus, some of these infections seem to disappear or not get picked up by any scans, then suddenly pop back up. After a bunch of scans, I've been able to download and install Malwarebytes and superantispyware, which many people with this infection haven't been able to do, so that gives me a bit of hope.
Anyway, sorry for all the text, but I wanted to be as thorough as I can because this is really, really driving me crazy. Any help you experts can offer would be greatly appreciated. Here's my Hijackthis log (Which is still open, with a list of all the stuff it's found, with options to fix things, analyze things..I suppose I should shut it down now?):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:48 AM, on 6/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\David\Desktop\hijackgpthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9920 bytes
- Belahzur
Site Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218221
Likes : 18 -
Belahzur on 16th June 2009, 8:44 am
Hello.
We need to remove a few things before removing the malware, the items I want to remove will only get in our way.
We need to remove a few things before removing the malware, the items I want to remove will only get in our way.
- Open HijackThis.
- When Hijack This opens, click "Open the Misc Tools section"
- Then select "Open Uninstall Manager"
- Click on "Save List..." (generates uninstall_list.txt)
- Click Save, copy and paste the results in your next post.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- laika284Novice
-
OS : Windows XP
Posts : 29
Rubies : 3266
Likes : 0 -
laika284 on 16th June 2009, 8:52 am
Thank you, Belahzur. A lot of mess here, I know.
7 Wonders - The Treasures of Seven
7 Wonders 2
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AIM 6
Alien Shooter 2 - Reloaded
Apple Mobile Device Support
Apple Software Update
Aquaria
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
AVG Free 8.5
Battlefield Heroes
Blueberry Garden Demo
Bonjour
Bookworm Adventures Deluxe
Broadcom Advanced Control Suite 2
Cogs Demo
Company of Heroes
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Dangerous High School Girls in Trouble
Defense Grid: The Awakening
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support
Emote-Launcher (remove only)
Geometry Wars
Ghost Master
Heavy Weapon Deluxe
Heroes Of Hellas
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.0.11)
Mozilla Thunderbird (2.0.0.21)
MSXML 6 Service Pack 2 (KB954459)
Musaic Box
Music Rescue
Musicmatch for Windows Media Player
MUSICMATCH® Jukebox
NetZeroInstallers
OpenAL
Penumbra Overture
Penumbra: Black Plague
Penumbra: Requiem
Plants Vs Zombies
PowerDVD 5.3
Qualxserve Service Agreement
QuickTime
Raycatcher Demo
RealPlayer Basic
Reaxxion
Ricochet Infinity
S.T.A.L.K.E.R. - Shadow of Chernobyl
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sid Meier's Railroads Demo
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Speedball 2 - Tournament
Spybot - Search & Destroy
Steam
SUPERAntiSpyware Free Edition
Team Fortress 2
The Path
Trials 2: Second Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Venice
Viewpoint Media Player
WeatherBug
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WordPerfect Office 12
World of Goo
X-COM: Apocalypse
X-COM: Enforcer
X-COM: Interceptor
X-COM: Terror from the Deep
X-COM: UFO Defense
Yahoo! Messenger
Yahoo! Toolbar
Zeno Clash Demo
Zuma Deluxe 1.0
Zylom Games Player Plugin
7 Wonders - The Treasures of Seven
7 Wonders 2
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AIM 6
Alien Shooter 2 - Reloaded
Apple Mobile Device Support
Apple Software Update
Aquaria
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
AVG Free 8.5
Battlefield Heroes
Blueberry Garden Demo
Bonjour
Bookworm Adventures Deluxe
Broadcom Advanced Control Suite 2
Cogs Demo
Company of Heroes
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Dangerous High School Girls in Trouble
Defense Grid: The Awakening
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support
Emote-Launcher (remove only)
Geometry Wars
Ghost Master
Heavy Weapon Deluxe
Heroes Of Hellas
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.0.11)
Mozilla Thunderbird (2.0.0.21)
MSXML 6 Service Pack 2 (KB954459)
Musaic Box
Music Rescue
Musicmatch for Windows Media Player
MUSICMATCH® Jukebox
NetZeroInstallers
OpenAL
Penumbra Overture
Penumbra: Black Plague
Penumbra: Requiem
Plants Vs Zombies
PowerDVD 5.3
Qualxserve Service Agreement
QuickTime
Raycatcher Demo
RealPlayer Basic
Reaxxion
Ricochet Infinity
S.T.A.L.K.E.R. - Shadow of Chernobyl
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sid Meier's Railroads Demo
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Speedball 2 - Tournament
Spybot - Search & Destroy
Steam
SUPERAntiSpyware Free Edition
Team Fortress 2
The Path
Trials 2: Second Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Venice
Viewpoint Media Player
WeatherBug
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WordPerfect Office 12
World of Goo
X-COM: Apocalypse
X-COM: Enforcer
X-COM: Interceptor
X-COM: Terror from the Deep
X-COM: UFO Defense
Yahoo! Messenger
Yahoo! Toolbar
Zeno Clash Demo
Zuma Deluxe 1.0
Zylom Games Player Plugin
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218221
Likes : 18 -
Belahzur on 16th June 2009, 9:04 am
Hello.
You are running two antivirus', I see from the uninstall list you have Mcafee installed, along with AVG. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Mcafee to avoid conflict and other future problems.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs.
Next,
You are running two antivirus', I see from the uninstall list you have Mcafee installed, along with AVG. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Mcafee to avoid conflict and other future problems.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs.
Java(TM) 6 Update 13
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee VirusScan
Viewpoint Media Player
Next,
- Download combofix from here
Link 1
Link 2 - We need to disable your local AV (Anti-virus) before running Combofix.
- See HERE for how to disable your AV. (AVG8)
- Double click on ComboFix.exe.
- Follow the prompts. NOTE:
- ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan. - The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
- Allow ComboFix to download the Recovery Console.
- Accept the End-User License Agreement.
- The Recovery Console will be installed.
- You will then get this next prompt that asks if you want to continue the malware scan, select yes
- Allow combofix to run
- Post C:\combofix.txt back here.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- laika284Novice
-
OS : Windows XP
Posts : 29
Rubies : 3266
Likes : 0 -
laika284 on 16th June 2009, 9:12 am
Okay, I'm about to do so, but should I disable only AVG's Resident Shield before using ComboFix, or should I do the same with Superantispyware and Spybot SD-Resident? (Which are also running, according to my system tray)
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218221
Likes : 18 -
Belahzur on 16th June 2009, 9:20 am
SAS can be exited by right clicking the system tray icon > Exit.
Please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.
Now disable AVG too, then run Combofix.
Please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.
Now disable AVG too, then run Combofix.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- laika284Novice
-
OS : Windows XP
Posts : 29
Rubies : 3266
Likes : 0 -
laika284 on 16th June 2009, 9:46 am
ComboFix 09-06-15.06 - David 06/16/2009 5:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.532 [GMT -4:00]
Running from: c:\documents and settings\David\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\uactmp.db
.
((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.
2009-06-16 05:39 . 2009-06-16 05:39 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-16 05:38 . 2009-06-16 05:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-06-15 14:57 . 2009-06-16 09:23 117760 ----a-w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-15 14:57 . 2009-06-15 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-15 14:56 . 2009-06-15 14:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-15 14:56 . 2009-06-15 14:56 -------- d-----w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com
2009-06-15 14:53 . 2009-06-15 14:53 -------- d-----w- c:\documents and settings\David\Application Data\Malwarebytes
2009-06-15 14:53 . 2009-06-15 14:53 -------- d-----w- c:\documents and settings\David\Application Data\Yahoo!
2009-06-15 12:37 . 2009-06-15 12:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-15 12:36 . 2009-06-15 12:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2009-06-15 12:27 . 2009-06-15 12:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-15 12:24 . 2009-06-15 12:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-15 12:15 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 12:15 . 2009-06-15 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 12:15 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 12:15 . 2009-06-15 12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-14 14:17 . 2006-10-12 16:29 83504 ----a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\TEMP\ProgUpd.dll
2009-06-11 22:42 . 2009-05-19 13:34 3288856 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-11 22:29 . 2009-05-19 13:32 1439488 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-10 22:33 . 2009-06-10 22:33 -------- d-----w- c:\windows\system32\LogFiles
2009-06-10 12:39 . 2009-06-10 12:39 -------- d-----w- c:\documents and settings\Mom\Application Data\Yahoo!
2009-06-10 12:39 . 2009-06-10 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-03 11:32 . 2009-06-03 11:32 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Apple Computer
2009-06-03 05:07 . 2009-06-03 05:07 -------- d-----w- c:\program files\iPod
2009-06-03 05:07 . 2009-06-03 05:07 -------- d-----w- c:\program files\iTunes
2009-06-03 05:05 . 2009-06-03 05:06 -------- d-----w- c:\program files\QuickTime
2009-06-03 05:01 . 2009-06-03 05:01 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 17:24 . 2009-06-01 17:56 -------- d-----w- c:\documents and settings\David\Application Data\Move Networks
2009-06-01 17:24 . 2008-12-29 18:08 970752 ----a-w- c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\eszsuv8z.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll
2009-05-20 11:34 . 2009-05-23 16:34 -------- d-----w- c:\program files\Ricochet Infinity
2009-05-20 10:58 . 2009-03-24 15:10 114688 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-05-20 10:58 . 2009-05-21 11:31 -------- d-----w- c:\program files\Zylom Games
2009-05-20 10:58 . 2009-05-20 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-05-20 10:58 . 2006-12-12 21:07 161976 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-05-19 18:09 . 2009-05-19 18:09 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\Redlynx
2009-05-19 18:09 . 2009-06-06 02:26 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-19 18:09 . 2009-06-06 02:26 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-19 18:09 . 2009-05-19 18:09 -------- d-----w- c:\program files\OpenAL
2009-05-19 18:09 . 2007-10-12 19:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-05-18 23:54 . 2008-03-21 17:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-05-17 21:38 . 2009-05-19 11:15 -------- d-----w- c:\documents and settings\Mom\Application Data\AdobeUM
2009-05-17 21:38 . 2009-05-17 21:38 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 09:26 . 2009-04-16 20:41 -------- d-----w- c:\program files\Steam
2009-06-16 09:22 . 2004-10-27 17:42 -------- d-----w- c:\program files\McAfee.com
2009-06-16 09:20 . 2004-10-27 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-14 18:55 . 2009-05-07 14:26 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-14 14:19 . 2009-04-11 08:40 -------- d-----w- c:\program files\AIM6
2009-05-18 23:54 . 2009-05-18 23:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-05-18 23:54 . 2009-05-18 23:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-15 08:11 . 2009-05-15 08:11 -------- d-----w- c:\program files\uTorrent
2009-05-10 05:19 . 2009-04-15 16:40 -------- d-----w- c:\documents and settings\David\Application Data\Apple Computer
2009-05-07 15:44 . 2004-08-04 10:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 14:27 . 2009-05-07 14:26 -------- d-----w- c:\documents and settings\David\Application Data\Thunderbird
2009-05-05 11:39 . 2009-04-22 13:02 -------- d-----w- c:\program files\PopCap Games
2009-05-05 11:28 . 2004-10-27 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-05 10:36 . 2009-05-05 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-05-01 13:18 . 2009-04-15 15:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-01 13:18 . 2009-04-15 15:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-01 13:18 . 2009-04-15 15:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-29 04:56 . 2004-08-04 10:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 20:32 . 2009-04-28 20:32 -------- d-----w- c:\program files\EA Games
2009-04-27 05:37 . 2009-04-27 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Hot Lava Games
2009-04-24 20:05 . 2009-04-23 00:21 -------- d-----w- c:\program files\THQ
2009-04-24 06:55 . 2009-04-24 06:54 -------- d-----w- c:\documents and settings\David\Application Data\CyberLink
2009-04-22 15:26 . 2009-04-22 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-04-22 13:17 . 2009-04-22 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-04-22 00:35 . 2009-04-22 00:35 -------- d-----w- c:\program files\ReflexiveArcade
2009-04-19 13:33 . 2009-04-19 13:33 -------- d-----w- c:\program files\Microsoft Silverlight
2009-04-18 14:04 . 2009-04-18 14:04 -------- d-----w- c:\program files\AWS
2009-04-18 14:04 . 2009-04-18 14:04 -------- d-----w- c:\documents and settings\Mom\Application Data\WeatherBug
2009-04-18 13:19 . 2009-04-14 14:10 45056 ----a-w- c:\windows\NCUNINST.EXE
2009-04-18 13:15 . 2009-04-11 15:09 40880 ----a-w- c:\documents and settings\Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 02:56 . 2009-04-18 02:56 -------- d-----w- c:\program files\Audacity
2009-04-17 17:39 . 2009-04-17 17:39 -------- d-----w- c:\documents and settings\David\Application Data\AdobeUM
2009-04-17 14:11 . 2009-04-17 14:11 0 ----a-w- c:\windows\ativpsrm.bin
2009-04-17 09:58 . 2004-08-04 10:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 14:37 . 2009-04-16 14:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-15 19:31 . 2009-04-28 20:31 1099128 ----a-w- c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\eszsuv8z.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-04-15 19:31 . 2009-04-28 20:31 729088 ----a-w- c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\eszsuv8z.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-04-15 15:30 . 2009-04-10 20:39 40880 ----a-w- c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 15:11 . 2004-08-04 10:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-08 18:29 . 2009-04-08 18:29 56448 ----a-w- c:\windows\system32\drivers\xusb21.sys
2009-03-19 20:32 . 2009-04-15 16:40 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-18 21:55 . 2009-04-11 11:10 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2008-09-25 01:33 . 2008-09-25 01:33 559104 ----a-w- c:\program files\lame.exe
2008-09-14 16:51 . 2008-09-14 16:51 90705 ----a-w- c:\program files\history.html
2008-09-14 16:51 . 2008-09-14 16:51 7983 ----a-w- c:\program files\id3.html
2008-08-06 20:24 . 2008-08-06 20:24 41494 ----a-w- c:\program files\switchs.html
2008-06-27 14:29 . 2008-06-27 14:29 2167 ----a-w- c:\program files\index.html
2008-06-24 13:41 . 2008-06-24 13:41 4093 ----a-w- c:\program files\contributors.html
2008-03-13 02:15 . 2008-03-13 02:15 178 ----a-w- c:\program files\Free-Codecs.txt
2005-07-28 18:05 . 2005-07-28 18:05 4922 ----a-w- c:\program files\basic.html
2005-07-28 18:05 . 2005-07-28 18:05 1705 ----a-w- c:\program files\examples.html
2004-08-20 00:36 . 2004-08-20 00:36 2288 ----a-w- c:\program files\modes.html
2001-10-24 17:44 . 2001-10-24 17:44 6967 ----a-w- c:\program files\node6.html
2000-12-04 04:00 . 2000-12-04 04:00 732 ----a-w- c:\program files\lame.css
.
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.532 [GMT -4:00]
Running from: c:\documents and settings\David\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\uactmp.db
.
((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.
2009-06-16 05:39 . 2009-06-16 05:39 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-16 05:38 . 2009-06-16 05:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-06-15 14:57 . 2009-06-16 09:23 117760 ----a-w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-15 14:57 . 2009-06-15 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-15 14:56 . 2009-06-15 14:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-15 14:56 . 2009-06-15 14:56 -------- d-----w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com
2009-06-15 14:53 . 2009-06-15 14:53 -------- d-----w- c:\documents and settings\David\Application Data\Malwarebytes
2009-06-15 14:53 . 2009-06-15 14:53 -------- d-----w- c:\documents and settings\David\Application Data\Yahoo!
2009-06-15 12:37 . 2009-06-15 12:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-15 12:36 . 2009-06-15 12:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2009-06-15 12:27 . 2009-06-15 12:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-15 12:24 . 2009-06-15 12:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-15 12:15 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 12:15 . 2009-06-15 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 12:15 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 12:15 . 2009-06-15 12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-14 14:17 . 2006-10-12 16:29 83504 ----a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\TEMP\ProgUpd.dll
2009-06-11 22:42 . 2009-05-19 13:34 3288856 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-11 22:29 . 2009-05-19 13:32 1439488 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-10 22:33 . 2009-06-10 22:33 -------- d-----w- c:\windows\system32\LogFiles
2009-06-10 12:39 . 2009-06-10 12:39 -------- d-----w- c:\documents and settings\Mom\Application Data\Yahoo!
2009-06-10 12:39 . 2009-06-10 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-03 11:32 . 2009-06-03 11:32 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Apple Computer
2009-06-03 05:07 . 2009-06-03 05:07 -------- d-----w- c:\program files\iPod
2009-06-03 05:07 . 2009-06-03 05:07 -------- d-----w- c:\program files\iTunes
2009-06-03 05:05 . 2009-06-03 05:06 -------- d-----w- c:\program files\QuickTime
2009-06-03 05:01 . 2009-06-03 05:01 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 17:24 . 2009-06-01 17:56 -------- d-----w- c:\documents and settings\David\Application Data\Move Networks
2009-06-01 17:24 . 2008-12-29 18:08 970752 ----a-w- c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\eszsuv8z.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll
2009-05-20 11:34 . 2009-05-23 16:34 -------- d-----w- c:\program files\Ricochet Infinity
2009-05-20 10:58 . 2009-03-24 15:10 114688 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-05-20 10:58 . 2009-05-21 11:31 -------- d-----w- c:\program files\Zylom Games
2009-05-20 10:58 . 2009-05-20 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-05-20 10:58 . 2006-12-12 21:07 161976 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-05-19 18:09 . 2009-05-19 18:09 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\Redlynx
2009-05-19 18:09 . 2009-06-06 02:26 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-19 18:09 . 2009-06-06 02:26 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-19 18:09 . 2009-05-19 18:09 -------- d-----w- c:\program files\OpenAL
2009-05-19 18:09 . 2007-10-12 19:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-05-18 23:54 . 2008-03-21 17:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-05-17 21:38 . 2009-05-19 11:15 -------- d-----w- c:\documents and settings\Mom\Application Data\AdobeUM
2009-05-17 21:38 . 2009-05-17 21:38 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 09:26 . 2009-04-16 20:41 -------- d-----w- c:\program files\Steam
2009-06-16 09:22 . 2004-10-27 17:42 -------- d-----w- c:\program files\McAfee.com
2009-06-16 09:20 . 2004-10-27 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-14 18:55 . 2009-05-07 14:26 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-14 14:19 . 2009-04-11 08:40 -------- d-----w- c:\program files\AIM6
2009-05-18 23:54 . 2009-05-18 23:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-05-18 23:54 . 2009-05-18 23:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-15 08:11 . 2009-05-15 08:11 -------- d-----w- c:\program files\uTorrent
2009-05-10 05:19 . 2009-04-15 16:40 -------- d-----w- c:\documents and settings\David\Application Data\Apple Computer
2009-05-07 15:44 . 2004-08-04 10:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 14:27 . 2009-05-07 14:26 -------- d-----w- c:\documents and settings\David\Application Data\Thunderbird
2009-05-05 11:39 . 2009-04-22 13:02 -------- d-----w- c:\program files\PopCap Games
2009-05-05 11:28 . 2004-10-27 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-05 10:36 . 2009-05-05 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-05-01 13:18 . 2009-04-15 15:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-01 13:18 . 2009-04-15 15:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-01 13:18 . 2009-04-15 15:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-29 04:56 . 2004-08-04 10:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 20:32 . 2009-04-28 20:32 -------- d-----w- c:\program files\EA Games
2009-04-27 05:37 . 2009-04-27 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Hot Lava Games
2009-04-24 20:05 . 2009-04-23 00:21 -------- d-----w- c:\program files\THQ
2009-04-24 06:55 . 2009-04-24 06:54 -------- d-----w- c:\documents and settings\David\Application Data\CyberLink
2009-04-22 15:26 . 2009-04-22 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-04-22 13:17 . 2009-04-22 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-04-22 00:35 . 2009-04-22 00:35 -------- d-----w- c:\program files\ReflexiveArcade
2009-04-19 13:33 . 2009-04-19 13:33 -------- d-----w- c:\program files\Microsoft Silverlight
2009-04-18 14:04 . 2009-04-18 14:04 -------- d-----w- c:\program files\AWS
2009-04-18 14:04 . 2009-04-18 14:04 -------- d-----w- c:\documents and settings\Mom\Application Data\WeatherBug
2009-04-18 13:19 . 2009-04-14 14:10 45056 ----a-w- c:\windows\NCUNINST.EXE
2009-04-18 13:15 . 2009-04-11 15:09 40880 ----a-w- c:\documents and settings\Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 02:56 . 2009-04-18 02:56 -------- d-----w- c:\program files\Audacity
2009-04-17 17:39 . 2009-04-17 17:39 -------- d-----w- c:\documents and settings\David\Application Data\AdobeUM
2009-04-17 14:11 . 2009-04-17 14:11 0 ----a-w- c:\windows\ativpsrm.bin
2009-04-17 09:58 . 2004-08-04 10:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 14:37 . 2009-04-16 14:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-15 19:31 . 2009-04-28 20:31 1099128 ----a-w- c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\eszsuv8z.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-04-15 19:31 . 2009-04-28 20:31 729088 ----a-w- c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\eszsuv8z.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-04-15 15:30 . 2009-04-10 20:39 40880 ----a-w- c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 15:11 . 2004-08-04 10:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-08 18:29 . 2009-04-08 18:29 56448 ----a-w- c:\windows\system32\drivers\xusb21.sys
2009-03-19 20:32 . 2009-04-15 16:40 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-18 21:55 . 2009-04-11 11:10 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2008-09-25 01:33 . 2008-09-25 01:33 559104 ----a-w- c:\program files\lame.exe
2008-09-14 16:51 . 2008-09-14 16:51 90705 ----a-w- c:\program files\history.html
2008-09-14 16:51 . 2008-09-14 16:51 7983 ----a-w- c:\program files\id3.html
2008-08-06 20:24 . 2008-08-06 20:24 41494 ----a-w- c:\program files\switchs.html
2008-06-27 14:29 . 2008-06-27 14:29 2167 ----a-w- c:\program files\index.html
2008-06-24 13:41 . 2008-06-24 13:41 4093 ----a-w- c:\program files\contributors.html
2008-03-13 02:15 . 2008-03-13 02:15 178 ----a-w- c:\program files\Free-Codecs.txt
2005-07-28 18:05 . 2005-07-28 18:05 4922 ----a-w- c:\program files\basic.html
2005-07-28 18:05 . 2005-07-28 18:05 1705 ----a-w- c:\program files\examples.html
2004-08-20 00:36 . 2004-08-20 00:36 2288 ----a-w- c:\program files\modes.html
2001-10-24 17:44 . 2001-10-24 17:44 6967 ----a-w- c:\program files\node6.html
2000-12-04 04:00 . 2000-12-04 04:00 732 ----a-w- c:\program files\lame.css
.
- laika284Novice
-
OS : Windows XP
Posts : 29
Rubies : 3266
Likes : 0 -
laika284 on 16th June 2009, 9:47 am
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-11 1217784]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-28 335872]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 57344]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-10-27 26112]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-01 13:18 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dangerous high school girls in trouble\\prog\\brigiton.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aquaria\\Aquaria.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\7 wonders 2\\Wonders2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\bookworm adventures deluxe\\BookwormAdventures.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\raycatcher demo\\Raycatcher.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\reaxxion\\Reaxxion.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\musaic box\\bin\\musaic_Release.exe"=
"c:\\WINDOWS\\SYSTEM32\\dldtcoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldttime.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldtjswx.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom interceptor\\Interceptor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\ghost master\\ghost.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom enforcer\\System\\XCom.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\geometry wars\\GeometryWars.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trials 2 second edition\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\x-com terror from the deep\\runme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom apocalypse\\dosbox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\speedball 2\\Speedball2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\venice\\Venice.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's railroads demo\\RailRoadsDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien shooter 2 - reloaded\\AlienShooter.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\penumbra black plague\\redist\\Penumbra.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\penumbra black plague\\redist\\Requiem.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blueberry garden demo\\BlueberryGarden.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [4/15/2009 11:38 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [4/15/2009 11:38 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/15/2009 11:38 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/15/2009 11:38 AM 298776]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 05:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????p???????????????X:??????????????????x????????:??x???????0???????????x???? ??x???x???h???x??????|????????x???????????????4???????x???????????x??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-16 5:40
ComboFix-quarantined-files.txt 2009-06-16 09:40
Pre-Run: 78,859,689,984 bytes free
Post-Run: 78,904,799,232 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
245 --- E O F --- 2009-06-16 06:26
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-11 1217784]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-28 335872]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 57344]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-10-27 26112]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-01 13:18 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dangerous high school girls in trouble\\prog\\brigiton.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aquaria\\Aquaria.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\7 wonders 2\\Wonders2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\bookworm adventures deluxe\\BookwormAdventures.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\raycatcher demo\\Raycatcher.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\reaxxion\\Reaxxion.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\musaic box\\bin\\musaic_Release.exe"=
"c:\\WINDOWS\\SYSTEM32\\dldtcoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldttime.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dldtjswx.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom interceptor\\Interceptor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\ghost master\\ghost.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom enforcer\\System\\XCom.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\geometry wars\\GeometryWars.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trials 2 second edition\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\x-com terror from the deep\\runme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom apocalypse\\dosbox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\speedball 2\\Speedball2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\venice\\Venice.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's railroads demo\\RailRoadsDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\cogs\\cogs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien shooter 2 - reloaded\\AlienShooter.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\penumbra black plague\\redist\\Penumbra.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\penumbra black plague\\redist\\Requiem.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blueberry garden demo\\BlueberryGarden.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [4/15/2009 11:38 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [4/15/2009 11:38 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/15/2009 11:38 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/15/2009 11:38 AM 298776]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 05:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????p???????????????X:??????????????????x????????:??x???????0???????????x???? ??x???x???h???x??????|????????x???????????????4???????x???????????x??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-16 5:40
ComboFix-quarantined-files.txt 2009-06-16 09:40
Pre-Run: 78,859,689,984 bytes free
Post-Run: 78,904,799,232 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
245 --- E O F --- 2009-06-16 06:26
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218221
Likes : 18 -
Belahzur on 16th June 2009, 9:49 am
Hello.
Still having problems now? the one malicious file related to the cryptor rootkit is gone now.
Still having problems now? the one malicious file related to the cryptor rootkit is gone now.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- laika284Novice
-
OS : Windows XP
Posts : 29
Rubies : 3266
Likes : 0 -
laika284 on 16th June 2009, 10:15 am
It seems okay now, but like I said, it's appeared to be gone before but came right back. However, with your word, I'm much more confident that it's gone now. Everything else seemed fine according to the logs? I know a little, but I can't even make sense of a lot of it. 
I have to ask the requisite questions about future safety. I know you've posted general tips in other threads, so I assume those would suffice for me? Windows Security Center tells me I'm currently running the windows XP firewall, would this conflict with another firewall like, say, Kiero free? Would you recommend other programs to supplement the AVG/Spybot/Superantispyware/Malwarebytes that I have now, or should I use other programs in place of some of those I have now? Would you recommend Windows Service Pack 3? I have a techie friend who said that some of her friends had problems with it, so I've held off since it seems inessential.
And above all, many many many thanks to you and to everybody who helps keep this site running. I really can't express my gratitude enough, but I'll be telling everyone I know and I'll be making a bit of a donation once I get everything sorted out.
I have to ask the requisite questions about future safety. I know you've posted general tips in other threads, so I assume those would suffice for me? Windows Security Center tells me I'm currently running the windows XP firewall, would this conflict with another firewall like, say, Kiero free? Would you recommend other programs to supplement the AVG/Spybot/Superantispyware/Malwarebytes that I have now, or should I use other programs in place of some of those I have now? Would you recommend Windows Service Pack 3? I have a techie friend who said that some of her friends had problems with it, so I've held off since it seems inessential.
And above all, many many many thanks to you and to everybody who helps keep this site running. I really can't express my gratitude enough, but I'll be telling everyone I know and I'll be making a bit of a donation once I get everything sorted out.
Page 1 of 2 • 1, 2
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 2
Permissions in this forum:
You cannot reply to topics in this forum
