Internet/malware problem [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

< 1 2

Internet/malware problem [RESOLVED]

Options

Haji View Member Profile	Jul 1 2008, 05:48 PM Post #16
Member Posts: 10 OS: XP	Yeah, my computer is running fine. Just as it used to pretty much. I don't notice any major problems. ComboFix 08-06-20.4 - Ed 2008-07-01 18:07:55.10 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.173 [GMT -4:00] Running from: C:\Documents and Settings\Ed\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Ed\Desktop\CFScript.txt.txt * Created a new restore point FILE :: C:\Program Files\Skype\Phone\Skype .exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Skype\Phone\Skype .exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))) . 2008-07-01 17:31 . 2008-07-01 17:57 23 --a------ C:\Documents and Settings\Ed\jagex_runescape_preferences.dat 2008-07-01 07:54 . 2008-07-01 07:54 <DIR> d-------- C:\Program Files\uTorrent 2008-07-01 07:54 . 2008-07-01 09:36 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\uTorrent 2008-06-27 21:12 . 2008-06-27 21:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-06-27 21:12 . 2008-06-27 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-23 21:36 . 2008-06-23 21:36 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\eMule 2008-06-16 14:41 . 2008-06-16 14:41 <DIR> d-------- C:\Program Files\PowerISO 2008-06-15 20:35 . 2008-06-15 20:43 <DIR> d-------- C:\Program Files\Flv Audio Extractor 2008-06-10 19:31 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 19:31 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 17:38 . 2008-03-21 13:57 14,640 --a------ C:\WINDOWS\system32\spmsgXP_2k3.dll 2008-06-10 17:38 . 2008-06-10 17:38 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2008-06-10 17:38 . 2008-06-10 17:38 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf 2008-06-08 07:57 . 2008-06-08 07:57 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\Move Networks 2008-06-01 18:18 . 2008-06-01 21:33 117 --a------ C:\WINDOWS\CIV.INI 2008-06-01 13:09 . 2008-06-01 13:09 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\InstallShield 2008-06-01 13:06 . 2008-06-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo 2008-06-01 13:04 . 2008-06-01 13:05 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems 2008-06-01 08:08 . 2008-06-01 08:08 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\Ulead Systems . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-01 11:53 --------- d-----w C:\Documents and Settings\George.COMPUTER\Application Data\LimeWire 2008-06-30 23:29 --------- d-----w C:\Program Files\StepMania CVS 2008-06-30 08:26 --------- d-----w C:\Program Files\Anki2 2008-06-30 01:42 --------- d-----w C:\Documents and Settings\Ed\Application Data\Move Networks 2008-06-29 02:22 --------- d-----w C:\Documents and Settings\Ed\Application Data\Skype 2008-06-29 02:11 --------- d-----w C:\Documents and Settings\Ed\Application Data\skypePM 2008-06-28 17:07 --------- d-----w C:\Program Files\DivX 2008-06-28 15:43 --------- d-----w C:\Documents and Settings\George.COMPUTER\Application Data\DivX 2008-06-27 21:06 --------- d-----w C:\Program Files\QuickTime 2008-06-27 21:06 --------- d-----w C:\Program Files\iTunes 2008-06-27 21:06 --------- d-----w C:\Program Files\DAEMON Tools 2008-06-27 21:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-27 21:06 --------- d-----w C:\Program Files\AIM 2008-06-27 21:01 96,256 -c--a-w C:\WINDOWS\system32\drivers\sptddrv1.sys 2008-06-27 20:00 --------- d-----w C:\Program Files\Zune 2008-06-27 19:59 --------- d-----w C:\Program Files\Sound Volume Hotkeys 2008-06-27 19:58 --------- d-----w C:\Program Files\AIM6 2008-06-24 01:36 --------- d-----w C:\Program Files\eMule 2008-06-18 21:37 --------- d-----w C:\Program Files\LimeWire 2008-06-17 05:32 11,836 -c--a-w C:\Documents and Settings\Ed\Application Data\wklnhst.dat 2008-06-16 19:30 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-08 01:26 --------- d-----w C:\Program Files\mIRC 2008-06-01 17:04 --------- d-----w C:\Program Files\Ulead Systems 2008-06-01 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-06-01 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-01 16:23 --------- d-----w C:\Documents and Settings\Ed\Application Data\Ulead Systems 2008-05-31 18:06 --------- d-----w C:\Program Files\Common Files\InterVideo 2008-05-31 18:04 --------- d-----w C:\Program Files\Windows Media Components 2008-05-29 17:10 --------- d-----w C:\Program Files\Lexmark X1100 Series 2008-05-29 08:56 --------- d-----w C:\Program Files\Last.fm 2008-05-20 03:02 --------- d-----w C:\Documents and Settings\Ed\Application Data\vlc 2008-05-18 02:46 --------- d-----w C:\Program Files\AllToAVI 2008-05-12 23:16 --------- d-----w C:\Program Files\Java 2008-05-12 03:26 --------- d-----w C:\Program Files\Trend Micro 2008-05-12 03:12 --------- d-----w C:\Program Files\Lavasoft 2008-05-12 03:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-12 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-04 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7 2008-05-04 20:30 --------- d-----w C:\Program Files\jv16 PowerTools 2008 2008-05-02 20:20 --------- d-----w C:\Program Files\Pcsx2_0.9.4 2008-05-02 20:20 --------- d-----w C:\Documents and Settings\Ed\Application Data\Metacafe 2008-05-02 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe 2008-05-01 20:33 --------- d-----w C:\Program Files\Autodesk 2007-11-16 22:19 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-07-16 21:32 81,920 ----a-w C:\Documents and Settings\Ed\Application Data\ezpinst.exe 2007-07-16 21:32 47,360 ----a-w C:\Documents and Settings\Ed\Application Data\pcouffin.sys 2007-05-21 06:53 534 -c--a-w C:\Documents and Settings\Andy.COMPUTER\Application Data\wklnhst.dat 2007-04-27 02:00 604 -c-ha-w C:\Program Files\STLL Notifier 2007-03-28 23:06 696 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat 2007-01-17 19:48 439,296 -c--a-w C:\Documents and Settings\Compaq_Owner\GoToAssist_phone__317_en.exe 2006-03-14 01:54 840 -c--a-w C:\Documents and Settings\Emma.GEORGEMMA.000\Application Data\wklnhst.dat 2006-03-01 00:56 4,506 -c--a-w C:\Documents and Settings\Ed.GEORGEMMA\Application Data\wklnhst.dat 2006-02-14 23:35 508 -c--a-w C:\Documents and Settings\Andy.GEORGEMMA\Application Data\wklnhst.dat 2005-12-05 22:54 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2006-08-10 00:30 56 --sha-r C:\WINDOWS\system32\957DCF128A.sys 2006-08-10 00:30 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ------- Sigcheck ------- 2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe 2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((( snapshot_2008-06-28_20.59.13.50 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-01 21:54:19 45,056 ----a-w C:\WINDOWS\.file_store_32\runescape\browsercontrol.dll - 2007-02-25 18:58:41 17,836 -c--a-w C:\WINDOWS\.file_store_32\runescape\game_unpacker.dat + 2008-07-01 21:31:22 19,767 -c--a-w C:\WINDOWS\.file_store_32\runescape\game_unpacker.dat + 2008-07-01 21:54:20 315,392 ----a-w C:\WINDOWS\.file_store_32\runescape\jogl.dll + 2008-07-01 21:54:20 20,480 ----a-w C:\WINDOWS\.file_store_32\runescape\jogl_awt.dll - 2008-06-29 00:17:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-01 22:16:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2004-08-04 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0401.dll + 2004-08-04 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040d.dll + 2004-08-04 12:00:00 10,752 ----a-w C:\WINDOWS\system32\c_iscii.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbda1.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbda1.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbda2.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbda2.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbda3.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbda3.dll - 2004-08-04 18:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\kbdarme.dll + 2004-08-04 12:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\kbdarme.dll - 2004-08-04 18:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\kbdarmw.dll + 2004-08-04 12:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\kbdarmw.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbddiv1.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbddiv1.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbddiv2.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbddiv2.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdfa.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdfa.dll - 2004-08-04 18:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\kbdgeo.dll + 2004-08-04 12:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\kbdgeo.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdheb.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdheb.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdindev.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdindev.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdinguj.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinguj.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdinhin.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinhin.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdinkan.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinkan.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdinmar.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinmar.dll - 2004-08-04 18:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbdinpun.dll + 2004-08-04 12:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdinpun.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdintam.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdintam.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdintel.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdintel.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdsyr1.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdsyr1.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdsyr2.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdsyr2.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdth0.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdth0.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdth1.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdth1.dll - 2004-08-04 18:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbdth2.dll + 2004-08-04 12:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdth2.dll - 2004-08-04 18:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbdth3.dll + 2004-08-04 12:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdth3.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdurdu.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdurdu.dll - 2004-08-04 18:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbdvntc.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdvntc.dll - 2008-06-01 00:03:21 1,569,256 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-07-01 20:59:07 1,622,728 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2004-08-04 12:00:00 6,144 ----a-w C:\WINDOWS\system32\ftlx041e.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbda1.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbda2.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbda3.dll + 2004-08-04 12:00:00 5,120 ----a-w C:\WINDOWS\system32\kbdarme.dll + 2004-08-04 12:00:00 5,120 ----a-w C:\WINDOWS\system32\kbdarmw.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbddiv1.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbddiv2.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdfa.dll + 2004-08-04 12:00:00 5,120 ----a-w C:\WINDOWS\system32\kbdgeo.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdheb.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdindev.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdinguj.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdinhin.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdinkan.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdinmar.dll + 2004-08-04 12:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdinpun.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdintam.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdintel.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdsyr1.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdsyr2.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdth0.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdth1.dll + 2004-08-04 12:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdth2.dll + 2004-08-04 12:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdth3.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdurdu.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdusa.dll + 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdvntc.dll + 2004-08-04 12:00:00 185,344 ----a-w C:\WINDOWS\system32\Thawbrkr.dll + 2008-07-01 22:18:55 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_4bc.dat - 2008-06-29 00:22:23 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe + 2008-07-01 22:20:58 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JARFile] @={45A9B2C0-0D04-4AE6-B2F6-544B5C5E1EF3} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-24 19:19 15360] "Aim6"="" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-14 19:15 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57 133016] "tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2008-02-15 16:51 102400] "snp2std"="C:\WINDOWS\vsnp2std.exe" [2008-02-15 16:22 339968] "PS2"="C:\WINDOWS\system32\ps2.exe" [2008-02-15 16:22 98304] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-03-24 19:19 208952] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2008-03-24 19:19 44032] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-03-24 19:19 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-03-24 19:19 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-03-24 19:19 455168] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232] "Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-02-11 16:21 166304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-06-17 14:57 145920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-03-24 23:21 218496] C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-28 17:49:41 106496] RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784] C:\Documents and Settings\Ed.GEORGEMMA\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Emma.GEORGEMMA.000\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\George\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\George.COMPUTER\Start Menu\Programs\Startup\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784] C:\Documents and Settings\Andy\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Andy.COMPUTER\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Andy.GEORGEMMA.000\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Ed\Start Menu\Programs\Startup\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2007-06-14 21:29 9216 C:\WINDOWS\system32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Ed^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Ed\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk] C:\WINDOWS\system32\bpk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a--c--- 2005-03-23 16:34 58992 c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-03-24 19:19 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp] --a--c--- 2005-02-26 01:34 245760 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2006-09-25 14:54 229952 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] --a------ 2003-08-19 06:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] --a--c--- 2004-10-14 16:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower] --a--c--- 2005-01-04 19:54 49152 C:\WINDOWS\system32\SiSPower.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"= "C:\\Program Files\\Google\\Google Earth\\GoogleEarth.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Program Files\\Destiny\\RadioDestiny Broadcaster\\RadioDestiny Broadcaster.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Last.fm\\LastFM.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"= "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25:TCP"= 25:TCP:Outlook Express "9172:TCP"= 9172:TCP:BitComet 9172 TCP "9172:UDP"= 9172:UDP:BitComet 9172 UDP "22405:TCP"= 22405:TCP:BitComet 22405 TCP "22405:UDP"= 22405:UDP:BitComet 22405 UDP "49000:TCP"= 49000:TCP:BitComet 49000 TCP "49000:UDP"= 49000:UDP:BitComet 49000 UDP "19524:TCP"= 19524:TCP:BitComet 19524 TCP "19524:UDP"= 19524:UDP:BitComet 19524 UDP R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38] R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39] R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56] S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-09-21 14:31] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}] C:\Documents and Settings\Ed\Application Data\Microsoft\cfgmgr.vbs . Contents of the 'Scheduled Tasks' folder "2008-06-28 19:16:05 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe - E:\ . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-01 18:16:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\lexpps.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-07-01 19:14:16 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-01 23:14:09 ComboFix2.txt 2008-06-29 01:00:00 ComboFix3.txt 2008-06-28 22:30:56 ComboFix4.txt 2008-06-28 01:03:12 ComboFix5.txt 2008-06-27 21:50:08 Pre-Run: 25,194,795,008 bytes free Post-Run: 25,664,090,112 bytes free 390 --- E O F --- 2008-06-20 10:23:33

Rorschach112 View Member Profile	Jul 1 2008, 05:52 PM Post #17
GeekU Teacher Posts: 35,079 From: Dublin OS: XP	Your logs are clean Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. Make sure you have an Internet Connection. Download OTCleanIt to your desktop and run it Click the CleanUp! button and let the program run You now need to update your Java and remove your older versions. Please follow these steps to remove older version Java components. * Click Start > Control Panel. * Click Add/Remove Programs. * Check any item with Java Runtime Environment (JRE) in the name. * Click the Remove or Change/Remove button. Download the latest version of Java Runtime Environment (JRE), and install it to your computer from here Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here : http://www.adobe.com/products/acrobat/readstep2.html Below I have included a number of recommendations for how to protect your computer against malware infections. * Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. * To reduce re-infection for malware in the future, I strongly recommend installing these free programs: SpywareBlaster protects against bad ActiveX IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all Have a look at this tutorial for IE-Spyad here * SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here * Take a good look at the following suggestions for malware prevention by reading Tony Klein�s article 'How Did I Get Infected In The First Place' Here Thank you for your patience, and performing all of the procedures requested.

Haji View Member Profile	Jul 1 2008, 05:55 PM Post #18
Member Posts: 10 OS: XP	I just uninstalled Combofix as you said, but is it normal to get a lot of "regedit.exe" related errors?

Rorschach112 View Member Profile	Jul 1 2008, 06:09 PM Post #19
GeekU Teacher Posts: 35,079 From: Dublin OS: XP	Nope, but I wouldn't worry Your PC is clean

Rorschach112 View Member Profile	Jul 9 2008, 03:30 PM Post #20
GeekU Teacher Posts: 35,079 From: Dublin OS: XP	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

< 1 2

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal please help with this malware problem [RESOLVED] 12	16 / 910	1st September 2008 - 08:43 AM hatefulmalware started - last by kahdah
Virus, Spyware and Trojan Removal Possible malware problem [RESOLVED] 12	16 / 800	26th September 2008 - 02:19 PM ttsstr5 started - last by andrewuk
Virus, Spyware and Trojan Removal Malware problem... [RESOLVED] 12	21 / 943	1st December 2008 - 09:28 AM HCRX311 started - last by Rorschach112
Virus, Spyware and Trojan Removal Malware problem? [RESOLVED] 12	17 / 699	29th November 2008 - 11:32 PM ~Mix started - last by emeraldnzl