Troj/Virtum-Gen virus detected by sophos [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

< 1 2

Troj/Virtum-Gen virus detected by sophos [RESOLVED], the details say its in C:\windows\system32\rqrjdwtq.dll

Options

Egwene View Member Profile	Sep 27 2008, 05:29 AM Post #16
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hello amanda732, We are nearly finished 1) Uninstall some programs : Please go Start > Control Panel > Add/Remove Programs and remove the following (if present): Adobe Reader 7.0 Azureus J2SE Runtime Environment 5.0 Update 8 Java 2 Runtime Environment, SE v1.4.2_03 LimeWire 4.12.6 Viewpoint Manager (Remove Only) Viewpoint Media Player Optional Removals : You have at least one peer-to-peer softwares on your computer. If you wish to find out whether the one you're using does, click Here. Even if you are using a so called "safe" program,it's only the program that's safe. You will be sharing files from uncertified sources,and these are often infected. Optional Removals : Viewpoint Manager is considered as softtware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 2) Run Kaspersky Online : Please do an online scan with Kaspersky WebScanner Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Regards, Egwene.

amanda732 View Member Profile	Sep 27 2008, 05:17 PM Post #17
Member Posts: 14 OS: XP	i removed all the programs except for the limewire from my computer and i ran the kaspersky scan. here is the report: Saturday, September 27, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, September 27, 2008 15:11:32 Records in database: 1265981 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ Scan statistics Files scanned 104909 Threat name 14 Infected objects 58 Suspicious objects 0 Duration of the scan 02:30:02 File name Threat name Threats count C:\Documents and Settings\Manda\Shared\Saving Abel - She Got Over Me.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\i386\amltjecv.dll Infected: Trojan.Win32.Monder.psh 1 C:\i386\axqcgpqb.dll Infected: Trojan.Win32.Monder.psh 1 C:\i386\bcrpstwb.dll Infected: Trojan.Win32.Monder.pse 1 C:\i386\byXOghIy.dll Infected: Trojan.Win32.Monder.psi 1 C:\i386\chkheibj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.efd 1 C:\i386\dmhvrslh.dll Infected: Trojan.Win32.Monder.psh 1 C:\i386\fcccbCst.dll Infected: Trojan.Win32.Monder.psh 1 C:\i386\geBqRhIx.dll Infected: Trojan.Win32.Monder.psh 1 C:\i386\ivbespuc.dll Infected: Trojan.Win32.Monder.psh 1 C:\i386\ixp6453.exe Infected: not-a-virus:AdWare.Win32.WebHancer.f 1 C:\i386\ixp6453.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 1 C:\i386\jkkJyASI.dll Infected: Trojan.Win32.Monder.pph 1 C:\i386\jlmuti.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.efd 1 C:\i386\mbwxpf.dll Infected: Trojan.Win32.Monder.pse 1 C:\i386\mC022328.exe Infected: Trojan-Downloader.Win32.VB.hpv 1 C:\i386\ngwrggcj.dll Infected: Trojan.Win32.Monder.psh 1 C:\i386\nnnkLfcD.dll Infected: Trojan.Win32.Monder.psf 1 C:\i386\opnkllMg.dll Infected: Trojan.Win32.Monder.psf 1 C:\i386\opnMGyyW.dll Infected: Trojan.Win32.Monder.psh 1 C:\i386\pmnkhFuR.dll Infected: Trojan.Win32.Monder.psf 1 C:\i386\smhsmkvn.dll Infected: Trojan.Win32.Monder.pse 1 C:\i386\TDSSgddn.dll Infected: Rootkit.Win32.Clbd.kf 1 C:\i386\tuvSljgD.dll Infected: Trojan.Win32.Monder.psh 1 C:\i386\tuvVPfeC.dll Infected: Trojan.Win32.Monder.psf 1 C:\i386\vcrwyz.dll Infected: Trojan.Win32.Monder.pse 1 C:\i386\yayvWPfF.dll.vir Infected: Trojan.Win32.Monder.pph 1 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1 C:\QooBox\Quarantine\C\smss.exe.vir Infected: Trojan-Downloader.Win32.VB.hpv 1 C:\QooBox\Quarantine\C\WINDOWS\system32\amltjecv.dll.vir Infected: Trojan.Win32.Monder.psh 1 C:\QooBox\Quarantine\C\WINDOWS\system32\axqcgpqb.dll.vir Infected: Trojan.Win32.Monder.psh 1 C:\QooBox\Quarantine\C\WINDOWS\system32\bcrpstwb.dll.vir Infected: Trojan.Win32.Monder.pse 1 C:\QooBox\Quarantine\C\WINDOWS\system32\byXOghIy.dll.vir Infected: Trojan.Win32.Monder.psi 1 C:\QooBox\Quarantine\C\WINDOWS\system32\chkheibj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.efd 1 C:\QooBox\Quarantine\C\WINDOWS\system32\dmhvrslh.dll.vir Infected: Trojan.Win32.Monder.psh 1 C:\QooBox\Quarantine\C\WINDOWS\system32\ES\ixp6453.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.f 1 C:\QooBox\Quarantine\C\WINDOWS\system32\ES\ixp6453.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 1 C:\QooBox\Quarantine\C\WINDOWS\system32\fcccbCst.dll.vir Infected: Trojan.Win32.Monder.psh 1 C:\QooBox\Quarantine\C\WINDOWS\system32\geBqRhIx.dll.vir Infected: Trojan.Win32.Monder.psh 1 C:\QooBox\Quarantine\C\WINDOWS\system32\ivbespuc.dll.vir Infected: Trojan.Win32.Monder.psh 1 C:\QooBox\Quarantine\C\WINDOWS\system32\jkkJyASI.dll.vir Infected: Trojan.Win32.Monder.pph 1 C:\QooBox\Quarantine\C\WINDOWS\system32\jlmuti.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.efd 1 C:\QooBox\Quarantine\C\WINDOWS\system32\mbwxpf.dll.vir Infected: Trojan.Win32.Monder.pse 1 C:\QooBox\Quarantine\C\WINDOWS\system32\mC02\mC022328.exe.vir Infected: Trojan-Downloader.Win32.VB.hpv 1 C:\QooBox\Quarantine\C\WINDOWS\system32\ngwrggcj.dll.vir Infected: Trojan.Win32.Monder.psh 1 C:\QooBox\Quarantine\C\WINDOWS\system32\nnnkLfcD.dll.vir Infected: Trojan.Win32.Monder.psf 1 C:\QooBox\Quarantine\C\WINDOWS\system32\opnkllMg.dll.vir Infected: Trojan.Win32.Monder.psf 1 C:\QooBox\Quarantine\C\WINDOWS\system32\opnMGyyW.dll.vir Infected: Trojan.Win32.Monder.psh 1 C:\QooBox\Quarantine\C\WINDOWS\system32\pmnkhFuR.dll.vir Infected: Trojan.Win32.Monder.psf 1 C:\QooBox\Quarantine\C\WINDOWS\system32\qvmlqniy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.alqc 1 C:\QooBox\Quarantine\C\WINDOWS\system32\smhsmkvn.dll.vir Infected: Trojan.Win32.Monder.pse 1 C:\QooBox\Quarantine\C\WINDOWS\system32\snnltsyy.dll.vir Infected: Trojan.Win32.Monder.qgq 1 C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSgddn.dll.vir Infected: Rootkit.Win32.Clbd.kf 1 C:\QooBox\Quarantine\C\WINDOWS\system32\tuvSljgD.dll.vir Infected: Trojan.Win32.Monder.psh 1 C:\QooBox\Quarantine\C\WINDOWS\system32\tuvVPfeC.dll.vir Infected: Trojan.Win32.Monder.psf 1 C:\QooBox\Quarantine\C\WINDOWS\system32\vcrwyz.dll.vir Infected: Trojan.Win32.Monder.pse 1 C:\QooBox\Quarantine\C\WINDOWS\system32\vswcnqal.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.alqc 1 C:\QooBox\Quarantine\C\WINDOWS\system32\yayvWPfF.dll.vir.vir Infected: Trojan.Win32.Monder.pph 1 The selected area was scanned.

Egwene View Member Profile	Sep 28 2008, 11:06 AM Post #18
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hello amanda732, Let's go on Open notepad and copy/paste the text in the quotebox below into it: http://www.geekstogo.com/forum/Troj-Virtum-Gen-virus-detected-sophos-t212603.html&st=15 Collect:: C:\i386\mC022328.exe File:: C:\Documents and Settings\Manda\Shared\Saving Abel - She Got Over Me.mp3 C:\i386\amltjecv.dll C:\i386\axqcgpqb.dll C:\i386\bcrpstwb.dll C:\i386\byXOghIy.dll C:\i386\chkheibj.dll C:\i386\dmhvrslh.dll C:\i386\fcccbCst.dll C:\i386\geBqRhIx.dll C:\i386\ivbespuc.dll C:\i386\ixp6453.exe C:\i386\ixp6453.exe C:\i386\jkkJyASI.dll C:\i386\jlmuti.dll C:\i386\mbwxpf.dll C:\i386\ngwrggcj.dll C:\i386\nnnkLfcD.dll C:\i386\opnkllMg.dll C:\i386\opnMGyyW.dll C:\i386\pmnkhFuR.dll C:\i386\smhsmkvn.dll C:\i386\TDSSgddn.dll C:\i386\tuvSljgD.dll C:\i386\tuvVPfeC.dll C:\i386\vcrwyz.dll C:\i386\yayvWPfF.dll.vir C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Save this as CFScript.txt Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you. Post that log in your next reply. Note When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file. Regards, Egwene.

amanda732 View Member Profile	Sep 28 2008, 05:36 PM Post #19
Member Posts: 14 OS: XP	Here is the combofix log: ComboFix 08-09-27.05 - Manda 2008-09-28 17:05:38.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.484 [GMT -5:00] Running from: C:\Documents and Settings\Manda\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Manda\Desktop\CFScript.txt * Created a new restore point * Resident AV is active FILE :: C:\Documents and Settings\Manda\Shared\Saving Abel - She Got Over Me.mp3 C:\i386\amltjecv.dll C:\i386\axqcgpqb.dll C:\i386\bcrpstwb.dll C:\i386\byXOghIy.dll C:\i386\chkheibj.dll C:\i386\dmhvrslh.dll C:\i386\fcccbCst.dll C:\i386\geBqRhIx.dll C:\i386\ivbespuc.dll C:\i386\ixp6453.exe C:\i386\jkkJyASI.dll C:\i386\jlmuti.dll C:\i386\mbwxpf.dll C:\i386\ngwrggcj.dll C:\i386\nnnkLfcD.dll C:\i386\opnkllMg.dll C:\i386\opnMGyyW.dll C:\i386\pmnkhFuR.dll C:\i386\smhsmkvn.dll C:\i386\TDSSgddn.dll C:\i386\tuvSljgD.dll C:\i386\tuvVPfeC.dll C:\i386\vcrwyz.dll C:\i386\yayvWPfF.dll.vir C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 ))))))))))))))))))))))))))))))) . 2008-09-26 19:06 . 2008-09-26 19:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-26 19:06 . 2008-09-26 19:06 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Malwarebytes 2008-09-26 19:06 . 2008-09-26 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-26 19:06 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-26 19:06 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-25 16:11 . 2008-09-25 16:11 711 --a------ C:\Settings.ini 2008-09-25 12:15 . 2008-09-25 12:17 <DIR> d-------- C:\Combo-Fix 2008-09-24 17:40 . 2008-09-24 17:40 <DIR> d-------- C:\_OTMoveIt 2008-09-23 07:34 . 2008-09-23 07:53 <DIR> d-------- C:\Lop SD 2008-09-22 20:59 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-09-22 20:49 . 2008-09-22 20:49 <DIR> d-------- C:\Documents and Settings\Manda\JavaRa 2008-09-22 16:12 . 2008-09-22 16:12 0 --a------ C:\WINDOWS\BS.INI 2008-09-22 15:00 . 2008-09-22 15:00 <DIR> d-------- C:\Program Files\DellSupport 2008-09-22 14:33 . 2008-09-22 14:33 <DIR> d-------- C:\Program Files\ERUNT 2008-09-21 20:06 . 2008-09-21 20:06 <DIR> d-------- C:\VundoFix Backups 2008-09-16 22:38 . 2008-09-16 22:38 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\InstallShield 2008-09-16 22:37 . 2008-09-16 22:37 65 --a------ C:\WINDOWS\minitab.ini 2008-09-16 22:36 . 2008-09-16 22:37 <DIR> d-------- C:\Program Files\Minitab 15 2008-09-11 16:00 . 2008-09-11 16:00 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ITTNord 2008-09-08 16:21 . 2008-09-21 00:55 <DIR> d-------- C:\Program Files\iWin.com 2008-09-08 16:18 . 2008-09-08 16:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\iWinArcade 2008-09-08 16:18 . 2008-09-19 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games 2008-09-07 15:58 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Venture Arctic 2008-09-07 15:37 . 2008-09-14 22:01 <DIR> d-------- C:\Program Files\Red Cross ERU 2008-09-06 20:11 . 2008-09-06 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo 2008-09-06 16:19 . 2008-09-06 16:19 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Big Fish Games 2008-09-06 14:46 . 2008-09-07 11:28 <DIR> d-------- C:\Program Files\The Game Of LIFE PTS 2008-09-06 14:44 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Paparazzi 2008-09-06 14:41 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Peggle Deluxe 2008-09-06 13:23 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Azada 2008-09-06 13:20 . 2008-09-07 11:25 <DIR> d-------- C:\Program Files\Hawaiian Explorer The Lost Island 2008-09-06 13:20 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Games 2008-09-06 13:14 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Kudos 2008-09-06 13:12 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Cooking Academy 2008-09-06 13:09 . 2008-09-21 17:02 <DIR> d-------- C:\Program Files\Fenomen Games Downloader 2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Valusoft 2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft 2008-09-05 16:54 . 2008-09-05 16:55 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\BeachPartyCraze 2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm 2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settings.sfm 2008-09-04 10:18 . 2008-09-04 10:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Jane s Hotel Family Hero 2008-09-03 19:05 . 2008-09-07 11:30 <DIR> d-------- C:\Program Files\Tropix 2 - The Quest for the Golden Banana 2008-09-02 16:59 . 2008-09-02 16:59 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ViquaSoft 2008-09-02 14:57 . 2008-09-02 14:57 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\GamesCafe 2008-08-30 10:24 . 2008-08-30 11:17 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Righteous Kill . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-28 01:15 --------- d-----w C:\Documents and Settings\Manda\Application Data\Move Networks 2008-09-27 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-09-27 16:30 --------- d-----w C:\Program Files\Java 2008-09-27 16:28 --------- d-----w C:\Program Files\Azureus 2008-09-22 20:09 --------- d--h--w C:\Documents and Settings\Manda\Application Data\Gtek 2008-09-22 20:01 --------- d-----w C:\Documents and Settings\Visitor\Application Data\Gtek 2008-09-22 19:56 --------- d-----w C:\Program Files\Trend Micro 2008-09-21 22:04 --------- d-----w C:\Program Files\Yahoo! Games 2008-09-21 22:04 --------- d-----w C:\Documents and Settings\Manda\Application Data\iWin 2008-09-21 16:58 --------- d-----w C:\Program Files\Google 2008-09-20 02:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-20 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-20 01:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-15 03:00 --------- d-----w C:\Program Files\GameHouse 2008-09-09 12:39 --------- d-----w C:\Documents and Settings\Manda\Application Data\AdobeUM 2008-09-06 18:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-05 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-09-03 02:28 --------- d-----w C:\Documents and Settings\Manda\Application Data\PlayFirst 2008-09-03 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-08-30 15:13 --------- d-----w C:\Documents and Settings\Manda\Application Data\Gamelab 2008-08-30 01:21 --------- d-----w C:\Program Files\Shockwave.com 2008-08-27 02:31 --------- d--h--w C:\Documents and Settings\All Users\Application Data\esClient 2008-08-27 02:21 15,172 ----a-w C:\WINDOWS\system32\drivers\PzWDM.sys 2008-08-27 02:21 --------- d-----w C:\Program Files\echospin 2008-08-27 00:47 --------- d-----w C:\Program Files\Western Digital 2008-08-27 00:47 --------- d-----w C:\Program Files\Memeo 2008-08-27 00:47 --------- d-----w C:\Program Files\Common Files\eSellerate 2008-08-27 00:46 --------- d-s---w C:\Documents and Settings\All Users\Application Data\Memeo 2008-08-27 00:45 --------- d-----w C:\Program Files\Western Digital Technologies 2008-08-25 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeoEdge Networks 2006-09-21 05:05 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2007-07-26 21:01 114,688 ----a-w C:\Program Files\internet explorer\plugins\ChimeShim.dll 2007-06-14 19:52 56 -csh--r C:\WINDOWS\system32\54CC8C8FB6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 50528] "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 C:\WINDOWS\MIDIDEF.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-16 98304] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe] "MBMon"="CTMBHA.DLL" [2006-03-03 C:\WINDOWS\system32\CTMBHA.DLL] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-16 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk backup=C:\WINDOWS\pss\AutoUpdate Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk] path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk backup=C:\WINDOWS\pss\Memeo AutoBackup Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk] path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "C:\\Program Files\\America Online 9.0\\waol.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Documents and Settings\\Manda\\Desktop\\VundoFix.exe"= R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-08-26 15172] R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-10-25 101120] R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-10-25 33408] R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832] R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664] . Contents of the 'Scheduled Tasks' folder . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-28 19:10:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Zune\ZuneNss.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001 C:\WINDOWS\ehome\ehmsas.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\AIM6\aolsoftware.exe C:\ComboFix\pv.cfexe . ************************************************************************ . Completion time: 2008-09-28 19:20:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-29 00:20:54 ComboFix2.txt 2008-09-28 21:48:48 ComboFix3.txt 2008-09-26 20:14:53 ComboFix4.txt 2008-09-26 03:44:39 ComboFix5.txt 2008-09-28 22:04:57 Pre-Run: 58,357,551,104 bytes free Post-Run: 58,382,614,528 bytes free 246 --- E O F --- 2008-04-10 08:02:06

Egwene View Member Profile	Sep 29 2008, 02:20 PM Post #20
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hello amanda732, Something appears very strange to me, i would like to check it Disable resident protections (Antivirus...); you'll re-enable them after the scan Download Lop S&D < here Double-click Lop S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt) And please tell me how your computer is running now. Regards, Egwene.

amanda732 View Member Profile	Sep 29 2008, 04:35 PM Post #21
Member Posts: 14 OS: XP	here is the Lop S&D log: --------------------\\ Lop S&D 4.2.4-4 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2250 @ 1.73GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02 USER : Manda ( Administrator ) BOOT : Normal boot Antivirus : Sophos Anti-Virus (Activated) C:\ (Local Disk) - NTFS - Total : 105 Go Free : 54 Go D:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-09-2008\|22:20 ) Option : [1] ( Mon 09/29/2008\|18:28 ) --------------------\\ Listing folders in APPLIC~1 [08/16/2006\|07:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> ATI [08/16/2005\|04:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities [08/16/2006\|07:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intel [08/16/2005\|04:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft [08/16/2006\|07:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun [09/25/2007\|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Advanced Chemistry Development [08/31/2006\|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL [11/05/2007\|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads [03/09/2007\|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP [01/15/2007\|03:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Brother [08/16/2006\|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative Labs [10/26/2007\|05:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Escape From Paradise [08/26/2008\|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> esClient [04/22/2007\|05:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FloodLightGames [09/06/2008\|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fugazo [12/16/2007\|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gogii [04/22/2007\|05:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google [08/16/2006\|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek [05/03/2008\|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HipSoft [08/16/2006\|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield [08/16/2006\|07:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intel [09/03/2007\|02:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin [09/19/2008\|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin Games [11/20/2007\|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JollyBear [09/26/2008\|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes [08/26/2008\|07:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Memeo [03/23/2008\|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [03/09/2008\|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MumboJumbo [04/24/2007\|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> n7-89-o9-3r-4t-r9 [09/04/2007\|03:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NannyMania [08/25/2008\|03:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NeoEdge Networks [09/08/2007\|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Oberon Games [10/22/2006\|02:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Oberon Media [09/02/2008\|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayFirst [03/07/2007\|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap [10/08/2006\|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime [09/04/2008\|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games [01/15/2007\|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft [01/31/2007\|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sophos [09/19/2008\|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy [09/19/2008\|08:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP [09/17/2006\|01:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia [09/05/2008\|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Valusoft [09/27/2008\|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint [08/31/2006\|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage [04/22/2007\|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo! [09/07/2007\|08:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Zylom [08/16/2006\|07:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> ATI [08/16/2005\|04:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities [08/16/2006\|07:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intel [08/16/2005\|04:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [08/16/2006\|07:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun [03/23/2007\|03:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Intel [03/19/2008\|11:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [09/01/2006\|06:43] C:\DOCUME~1\Manda\APPLIC~1\<DIR> 7100Series [10/20/2007\|10:02] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Abra Academy2 [09/09/2006\|06:28] C:\DOCUME~1\Manda\APPLIC~1\<DIR> acccore [12/09/2007\|07:45] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Adobe [09/09/2008\|07:39] C:\DOCUME~1\Manda\APPLIC~1\<DIR> AdobeUM [08/16/2006\|07:44] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ATI [07/27/2008\|12:03] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Azureus [09/05/2008\|04:55] C:\DOCUME~1\Manda\APPLIC~1\<DIR> BeachPartyCraze [09/06/2008\|04:19] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Big Fish Games [03/02/2008\|11:36] C:\DOCUME~1\Manda\APPLIC~1\<DIR> BloodTies [01/16/2007\|02:22] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Brother [09/03/2006\|10:25] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Corel [10/02/2006\|11:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Corel Photo Album [08/22/2006\|08:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Creative [01/12/2007\|06:10] C:\DOCUME~1\Manda\APPLIC~1\<DIR> CyberLink [10/15/2006\|03:14] C:\DOCUME~1\Manda\APPLIC~1\<DIR> DivX [09/17/2006\|06:53] C:\DOCUME~1\Manda\APPLIC~1\<DIR> EA [09/03/2007\|10:42] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Eyeblaster [04/22/2007\|05:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> FloodLightGames [09/03/2007\|10:35] C:\DOCUME~1\Manda\APPLIC~1\<DIR> GameHouse [08/30/2008\|10:13] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Gamelab [09/02/2008\|02:57] C:\DOCUME~1\Manda\APPLIC~1\<DIR> GamesCafe [10/23/2006\|09:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Google [09/22/2008\|03:09] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Gtek [06/10/2008\|12:36] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Help [12/15/2007\|02:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Home Sweet Home [08/16/2005\|04:50] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Identities [10/16/2006\|10:10] C:\DOCUME~1\Manda\APPLIC~1\<DIR> IMVU [09/16/2008\|10:38] C:\DOCUME~1\Manda\APPLIC~1\<DIR> InstallShield [08/16/2006\|07:35] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Intel [09/11/2008\|04:00] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ITTNord [09/21/2008\|05:04] C:\DOCUME~1\Manda\APPLIC~1\<DIR> iWin [09/08/2008\|04:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> iWinArcade [10/20/2007\|01:17] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Jane s Hotel [09/04/2008\|10:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Jane s Hotel Family Hero [11/06/2007\|06:42] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Legends of pirates [09/06/2006\|10:49] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Macromedia [04/18/2007\|01:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Magic Academy [09/17/2006\|11:37] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Magic Match [09/26/2008\|07:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Malwarebytes [08/25/2008\|03:51] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Microsoft [08/27/2006\|05:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Microsoft Web Folders [09/27/2008\|08:15] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Move Networks [09/06/2008\|11:25] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Mozilla [05/02/2008\|10:01] C:\DOCUME~1\Manda\APPLIC~1\<DIR> My Games [03/09/2008\|02:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> MysteryStudio [09/02/2008\|09:28] C:\DOCUME~1\Manda\APPLIC~1\<DIR> PlayFirst [08/30/2008\|11:17] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Righteous Kill [09/09/2007\|09:03] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Sandlot Games [10/08/2007\|08:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> SecuROM [12/09/2006\|05:13] C:\DOCUME~1\Manda\APPLIC~1\<DIR> SmartDraw [08/16/2006\|07:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Sun [03/09/2008\|03:15] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Total Eclipse [05/01/2008\|11:01] C:\DOCUME~1\Manda\APPLIC~1\<DIR> U3 [09/05/2008\|11:48] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Valusoft [09/29/2007\|05:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> VeniceMysteryData [09/02/2008\|04:59] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ViquaSoft [04/22/2007\|05:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> yahoo! [03/07/2007\|03:15] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft [08/16/2006\|07:44] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> ATI [09/22/2008\|03:01] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Gtek [08/16/2005\|04:50] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Identities [08/16/2006\|07:35] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Intel [03/23/2007\|03:11] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Microsoft [08/16/2006\|07:31] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Sun --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [09/28/2008 09:00 PM][--a------] C:\WINDOWS\tasks\Daily.job [09/29/2008 01:38 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/10/2004 05:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [02/07/2007\|12:22] C:\Program Files\<DIR> Activision Value [09/09/2008\|07:36] C:\Program Files\<DIR> Adobe [11/05/2007\|09:36] C:\Program Files\<DIR> AIM6 [12/17/2006\|10:20] C:\Program Files\<DIR> Alawar [12/16/2007\|08:52] C:\Program Files\<DIR> America Online 9.0 [11/12/2006\|04:10] C:\Program Files\<DIR> Ant War [09/09/2006\|06:28] C:\Program Files\<DIR> AOD [09/09/2006\|06:20] C:\Program Files\<DIR> AOL [08/16/2006\|07:49] C:\Program Files\<DIR> AOL Companion [08/16/2006\|07:40] C:\Program Files\<DIR> ATI Technologies [09/07/2008\|11:24] C:\Program Files\<DIR> Azada [09/27/2008\|11:28] C:\Program Files\<DIR> Azureus [08/16/2006\|07:57] C:\Program Files\<DIR> BAE [04/22/2007\|05:13] C:\Program Files\<DIR> BFG [08/16/2006\|07:34] C:\Program Files\<DIR> Broadcom [01/15/2007\|03:22] C:\Program Files\<DIR> Brother [11/12/2006\|04:10] C:\Program Files\<DIR> CakeMania_at [03/22/2008\|08:51] C:\Program Files\<DIR> Cate West The Vanishing Files [03/19/2008\|10:42] C:\Program Files\<DIR> Cathys Caribbean Club [02/07/2007\|04:39] C:\Program Files\<DIR> CoffeeTycoon_at [09/28/2008\|05:07] C:\Program Files\<DIR> Common Files [08/16/2005\|04:38] C:\Program Files\<DIR> ComPlus Applications [01/12/2007\|05:47] C:\Program Files\<DIR> Compton's Home Library [08/16/2006\|07:37] C:\Program Files\<DIR> CONEXANT [09/07/2008\|11:24] C:\Program Files\<DIR> Cooking Academy [08/16/2006\|07:54] C:\Program Files\<DIR> Corel [08/16/2006\|07:55] C:\Program Files\<DIR> Corel Corporation [08/16/2006\|07:43] C:\Program Files\<DIR> Creative [02/07/2007\|04:39] C:\Program Files\<DIR> Crime Puzzle [08/16/2006\|07:44] C:\Program Files\<DIR> CyberLink [02/07/2007\|04:39] C:\Program Files\<DIR> Deep Sea Tycoon 2_at [10/13/2007\|09:41] C:\Program Files\<DIR> DeliveryKing_at [08/16/2006\|08:00] C:\Program Files\<DIR> Dell [09/22/2008\|03:00] C:\Program Files\<DIR> DellSupport [03/19/2008\|11:16] C:\Program Files\<DIR> DIFX [08/16/2006\|07:41] C:\Program Files\<DIR> Digital Line Detect [03/01/2007\|07:42] C:\Program Files\<DIR> DivX [10/20/2007\|04:47] C:\Program Files\<DIR> DreamChronicles_at [10/08/2007\|07:08] C:\Program Files\<DIR> EA GAMES [08/16/2006\|07:49] C:\Program Files\<DIR> EarthLink Setup [08/26/2008\|09:21] C:\Program Files\<DIR> echospin [08/16/2005\|08:51] C:\Program Files\<DIR> EnglishOtto [09/22/2008\|02:33] C:\Program Files\<DIR> ERUNT [09/21/2008\|05:02] C:\Program Files\<DIR> Fenomen Games Downloader [03/19/2008\|10:42] C:\Program Files\<DIR> Feyruna Fairy Forest [08/23/2006\|02:27] C:\Program Files\<DIR> Game On [09/14/2008\|10:00] C:\Program Files\<DIR> GameHouse [09/14/2008\|10:00] C:\Program Files\<DIR> Games [09/30/2007\|02:29] C:\Program Files\<DIR> GamesBar [12/16/2007\|10:28] C:\Program Files\<DIR> GemMaster [12/01/2006\|05:30] C:\Program Files\<DIR> GlobalStar Software [09/21/2008\|11:58] C:\Program Files\<DIR> Google [03/19/2008\|10:43] C:\Program Files\<DIR> Grimms Hatchery [10/15/2006\|03:25] C:\Program Files\<DIR> GustoSoft [09/07/2008\|11:25] C:\Program Files\<DIR> Hawaiian Explorer The Lost Island [12/18/2006\|01:05] C:\Program Files\<DIR> Infogrames [06/22/2007\|03:05] C:\Program Files\<DIR> Infogrames Interactive [09/06/2008\|01:29] C:\Program Files\<DIR> InstallShield Installation Information [08/16/2006\|07:35] C:\Program Files\<DIR> Intel [08/16/2006\|07:35] C:\Program Files\<DIR> Intel, Inc [04/10/2008\|03:01] C:\Program Files\<DIR> Internet Explorer [09/21/2008\|12:55] C:\Program Files\<DIR> iWin.com [08/27/2006\|05:43] C:\Program Files\<DIR> Jasc Software Inc [09/27/2008\|11:30] C:\Program Files\<DIR> Java [09/07/2008\|11:27] C:\Program Files\<DIR> Kudos [12/16/2007\|10:28] C:\Program Files\<DIR> LawandOrderDarkObsession_at [11/12/2006\|04:12] C:\Program Files\<DIR> LawOrderVengefulHeart_at [08/16/2006\|07:49] C:\Program Files\<DIR> Learn2.com [10/09/2007\|10:20] C:\Program Files\<DIR> LimeWire [12/12/2006\|06:23] C:\Program Files\<DIR> Lx_cats [09/26/2008\|07:09] C:\Program Files\<DIR> Malwarebytes' Anti-Malware [08/26/2008\|07:47] C:\Program Files\<DIR> Memeo [08/16/2006\|07:32] C:\Program Files\<DIR> Messenger [08/27/2006\|05:31] C:\Program Files\<DIR> microsoft frontpage [08/27/2006\|05:31] C:\Program Files\<DIR> Microsoft Office [08/16/2006\|07:47] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition [08/16/2006\|07:47] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE [09/09/2007\|08:51] C:\Program Files\<DIR> Microsoft Works [09/16/2008\|10:37] C:\Program Files\<DIR> Minitab 15 [08/16/2006\|07:41] C:\Program Files\<DIR> Modem Helper [10/11/2007\|07:09] C:\Program Files\<DIR> ModTheSims2.com [08/16/2005\|04:37] C:\Program Files\<DIR> Movie Maker [09/29/2008\|06:24] C:\Program Files\<DIR> Mozilla Firefox [08/16/2005\|04:37] C:\Program Files\<DIR> MSN [08/16/2005\|04:37] C:\Program Files\<DIR> MSN Gaming Zone [11/29/2006\|12:34] C:\Program Files\<DIR> MSXML 4.0 [08/16/2006\|07:52] C:\Program Files\<DIR> MUSICMATCH [03/22/2008\|10:02] C:\Program Files\<DIR> Mysteryville [06/11/2008\|01:04] C:\Program Files\<DIR> Nancy Drew [08/16/2005\|04:40] C:\Program Files\<DIR> NetMeeting [08/16/2006\|07:41] C:\Program Files\<DIR> NetWaiting [08/16/2006\|07:46] C:\Program Files\<DIR> NetZeroInstallers [11/17/2007\|03:16] C:\Program Files\<DIR> Oberon Media [02/07/2007\|05:15] C:\Program Files\<DIR> On2 Technologies [08/16/2005\|04:38] C:\Program Files\<DIR> Online Services [08/31/2006\|01:09] C:\Program Files\<DIR> Outlook Express [09/07/2008\|11:27] C:\Program Files\<DIR> Paparazzi [09/07/2008\|11:27] C:\Program Files\<DIR> Peggle Deluxe [02/07/2007\|04:43] C:\Program Files\<DIR> Pizza Frenzy [05/04/2008\|12:22] C:\Program Files\<DIR> PlayFirst [08/16/2006\|07:49] C:\Program Files\<DIR> QuickTime [09/21/2006\|12:06] C:\Program Files\<DIR> Real [09/14/2008\|10:01] C:\Program Files\<DIR> Red Cross ERU [12/17/2006\|10:04] C:\Program Files\<DIR> ReflexiveArcade [08/16/2005\|08:58] C:\Program Files\<DIR> RGB [01/15/2007\|03:17] C:\Program Files\<DIR> ScanSoft [08/16/2006\|07:57] C:\Program Files\<DIR> SearchAssist [08/29/2008\|08:21] C:\Program Files\<DIR> Shockwave.com [08/16/2006\|07:37] C:\Program Files\<DIR> Sigmatel [02/24/2007\|11:55] C:\Program Files\<DIR> SmartDraw 2007 [08/16/2006\|07:49] C:\Program Files\<DIR> Sonic [09/01/2007\|10:27] C:\Program Files\<DIR> Sophos [01/31/2007\|02:00] C:\Program Files\<DIR> Sophos SWEEP for NT [09/24/2006\|02:38] C:\Program Files\<DIR> SpongeBobDinerDash_at [09/19/2008\|09:12] C:\Program Files\<DIR> Spybot - Search & Destroy [11/17/2007\|03:25] C:\Program Files\<DIR> SuperCollapse3_at [05/04/2008\|12:09] C:\Program Files\<DIR> Supple [08/16/2006\|07:34] C:\Program Files\<DIR> Synaptics [02/21/2007\|01:16] C:\Program Files\<DIR> The Adventure Company [05/04/2008\|12:09] C:\Program Files\<DIR> The Game of Life - PTS [09/07/2008\|11:28] C:\Program Files\<DIR> The Game Of LIFE PTS [02/06/2007\|10:48] C:\Program Files\<DIR> TikGames [09/22/2008\|02:56] C:\Program Files\<DIR> Trend Micro [09/07/2008\|11:30] C:\Program Files\<DIR> Tropix 2 - The Quest for the Golden Banana [11/18/2006\|08:37] C:\Program Files\<DIR> TryMedia [08/16/2005\|04:50] C:\Program Files\<DIR> Uninstall Information [09/14/2008\|10:00] C:\Program Files\<DIR> Venture Arctic [04/22/2007\|05:30] C:\Program Files\<DIR> Virtual Laguna Beach [08/16/2006\|07:51] C:\Program Files\<DIR> WebCyberCoach [08/26/2008\|07:47] C:\Program Files\<DIR> Western Digital [08/26/2008\|07:45] C:\Program Files\<DIR> Western Digital Technologies [08/16/2006\|07:35] C:\Program Files\<DIR> WIDCOMM [08/22/2006\|08:16] C:\Program Files\<DIR> WildTangent [03/19/2008\|11:15] C:\Program Files\<DIR> Windows Media Player [08/16/2005\|04:37] C:\Program Files\<DIR> Windows NT [08/16/2005\|04:37] C:\Program Files\<DIR> Windows Plus [01/15/2007\|03:09] C:\Program Files\<DIR> WindowsUpdate [02/24/2008\|12:57] C:\Program Files\<DIR> WinRAR [08/16/2006\|07:50] C:\Program Files\<DIR> WordPerfect Office 12 [08/16/2005\|04:43] C:\Program Files\<DIR> xerox [02/28/2007\|10:45] C:\Program Files\<DIR> Yahoo! [09/21/2008\|05:04] C:\Program Files\<DIR> Yahoo! Games [09/23/2006\|05:38] C:\Program Files\<DIR> ZooVet_at [03/23/2008\|07:21] C:\Program Files\<DIR> Zune --------------------\\ Listing Folders in C:\Program Files\Common Files [08/31/2006\|09:23] C:\Program Files\Common Files\<DIR> Adobe [03/09/2007\|12:41] C:\Program Files\Common Files\<DIR> AOL [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> aolshare [08/16/2006\|07:50] C:\Program Files\Common Files\<DIR> Borland Shared [09/01/2007\|10:27] C:\Program Files\Common Files\<DIR> Cisco Systems [03/19/2008\|11:16] C:\Program Files\Common Files\<DIR> ComponentOne [08/16/2006\|07:50] C:\Program Files\Common Files\<DIR> Corel [08/16/2006\|07:41] C:\Program Files\Common Files\<DIR> Creative Labs Shared [08/27/2006\|05:33] C:\Program Files\Common Files\<DIR> Designer [08/26/2008\|07:47] C:\Program Files\Common Files\<DIR> eSellerate [09/15/2006\|07:24] C:\Program Files\Common Files\<DIR> Hypnotizer [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> InstallShield [08/16/2006\|07:31] C:\Program Files\Common Files\<DIR> Java [03/23/2008\|07:16] C:\Program Files\Common Files\<DIR> Microsoft Shared [08/16/2005\|04:40] C:\Program Files\Common Files\<DIR> MSSoap [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> Nullsoft [08/16/2005\|04:33] C:\Program Files\Common Files\<DIR> ODBC [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> Real [09/23/2006\|06:04] C:\Program Files\Common Files\<DIR> Sandlot Shared [01/15/2007\|03:18] C:\Program Files\Common Files\<DIR> ScanSoft Shared [08/16/2005\|04:40] C:\Program Files\Common Files\<DIR> Services [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> Sonic Shared [08/16/2005\|04:33] C:\Program Files\Common Files\<DIR> SpeechEngines [09/09/2006\|06:31] C:\Program Files\Common Files\<DIR> SWF Studio [08/31/2006\|01:09] C:\Program Files\Common Files\<DIR> System [08/16/2006\|07:47] C:\Program Files\Common Files\<DIR> TiVo Shared --------------------\\ Process ( 72 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\Manda\Cookies\manda@advertising[2].txt C:\DOCUME~1\Manda\Cookies\manda@adopt.euroclick[1].txt --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-29 18:29:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections --------------------\\ ROOTKIT !! Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\tdssserv] [F:13][D:5]-> C:\DOCUME~1\Manda\LOCALS~1\Temp [F:139][D:0]-> C:\DOCUME~1\Manda\Cookies [F:23][D:4]-> C:\DOCUME~1\Manda\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Tue 09/23/2008\| 7:53 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - Mon 09/29/2008\|18:31 - Option : [1] --------------------\\ Scan completed at 18:31:33 My computer seems to be running well. There hasnt been any sign of the virus.

Egwene View Member Profile	Sep 30 2008, 01:41 AM Post #22
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hello amanda732, I was right, there is still something to do here : there is a leftover registry key. It appears that each time you have run Combofix, you forget to disable your real-time protection ( resident AV ). * Resident AV is active This prevents combofix to delete the bad key of the rootkit : Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\tdssserv] So, i will ask you to run again combofix, without any CFscript, just by double-clicking on it as you did it for the first time. But before running Combofix again, please disable your AV resident ! You need to disable Spybot and Sophos real-time protections. Do you understand ? Post me the new combofix repport in your next answer. Regards, Egwene.

amanda732 View Member Profile	Sep 30 2008, 08:59 AM Post #23
Member Posts: 14 OS: XP	i disabled sophos and ran combofix. here is the log: ComboFix 08-09-28.05 - Manda 2008-09-30 9:38:25.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512 [GMT -5:00] Running from: C:\Documents and Settings\Manda\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))) . 2008-09-26 19:06 . 2008-09-26 19:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-26 19:06 . 2008-09-26 19:06 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Malwarebytes 2008-09-26 19:06 . 2008-09-26 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-26 19:06 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-26 19:06 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-25 16:11 . 2008-09-25 16:11 711 --a------ C:\Settings.ini 2008-09-25 12:15 . 2008-09-25 12:17 <DIR> d-------- C:\Combo-Fix 2008-09-24 17:40 . 2008-09-24 17:40 <DIR> d-------- C:\_OTMoveIt 2008-09-23 07:34 . 2008-09-29 18:31 <DIR> d-------- C:\Lop SD 2008-09-22 20:59 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-09-22 20:49 . 2008-09-22 20:49 <DIR> d-------- C:\Documents and Settings\Manda\JavaRa 2008-09-22 16:12 . 2008-09-22 16:12 0 --a------ C:\WINDOWS\BS.INI 2008-09-22 15:00 . 2008-09-22 15:00 <DIR> d-------- C:\Program Files\DellSupport 2008-09-22 14:33 . 2008-09-22 14:33 <DIR> d-------- C:\Program Files\ERUNT 2008-09-21 20:06 . 2008-09-21 20:06 <DIR> d-------- C:\VundoFix Backups 2008-09-16 22:38 . 2008-09-16 22:38 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\InstallShield 2008-09-16 22:37 . 2008-09-16 22:37 65 --a------ C:\WINDOWS\minitab.ini 2008-09-16 22:36 . 2008-09-16 22:37 <DIR> d-------- C:\Program Files\Minitab 15 2008-09-11 16:00 . 2008-09-11 16:00 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ITTNord 2008-09-08 16:21 . 2008-09-21 00:55 <DIR> d-------- C:\Program Files\iWin.com 2008-09-08 16:18 . 2008-09-08 16:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\iWinArcade 2008-09-08 16:18 . 2008-09-19 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games 2008-09-07 15:58 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Venture Arctic 2008-09-07 15:37 . 2008-09-14 22:01 <DIR> d-------- C:\Program Files\Red Cross ERU 2008-09-06 20:11 . 2008-09-06 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo 2008-09-06 16:19 . 2008-09-06 16:19 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Big Fish Games 2008-09-06 14:46 . 2008-09-07 11:28 <DIR> d-------- C:\Program Files\The Game Of LIFE PTS 2008-09-06 14:44 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Paparazzi 2008-09-06 14:41 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Peggle Deluxe 2008-09-06 13:23 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Azada 2008-09-06 13:20 . 2008-09-07 11:25 <DIR> d-------- C:\Program Files\Hawaiian Explorer The Lost Island 2008-09-06 13:20 . 2008-09-14 22:00 <DIR> d-------- C:\Program Files\Games 2008-09-06 13:14 . 2008-09-07 11:27 <DIR> d-------- C:\Program Files\Kudos 2008-09-06 13:12 . 2008-09-07 11:24 <DIR> d-------- C:\Program Files\Cooking Academy 2008-09-06 13:09 . 2008-09-21 17:02 <DIR> d-------- C:\Program Files\Fenomen Games Downloader 2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Valusoft 2008-09-05 23:48 . 2008-09-05 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft 2008-09-05 16:54 . 2008-09-05 16:55 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\BeachPartyCraze 2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm 2008-09-05 16:45 . 2008-09-05 16:45 588 --a------ C:\WINDOWS\system32\settings.sfm 2008-09-04 10:18 . 2008-09-04 10:18 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Jane s Hotel Family Hero 2008-09-03 19:05 . 2008-09-07 11:30 <DIR> d-------- C:\Program Files\Tropix 2 - The Quest for the Golden Banana 2008-09-02 16:59 . 2008-09-02 16:59 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\ViquaSoft 2008-09-02 14:57 . 2008-09-02 14:57 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\GamesCafe 2008-08-30 10:24 . 2008-08-30 11:17 <DIR> d-------- C:\Documents and Settings\Manda\Application Data\Righteous Kill 2008-08-26 21:21 . 2008-08-26 21:21 <DIR> d-------- C:\Program Files\echospin 2008-08-26 21:21 . 2008-08-26 21:31 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\esClient 2008-08-26 21:21 . 2008-08-26 21:21 15,172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys 2008-08-26 19:47 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Western Digital 2008-08-26 19:47 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Common Files\eSellerate 2008-08-26 19:46 . 2008-08-26 19:47 <DIR> d-------- C:\Program Files\Memeo 2008-08-26 19:45 . 2008-08-26 19:45 <DIR> d-------- C:\Program Files\Western Digital Technologies 2008-08-26 19:45 . 2008-08-26 19:46 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Memeo 2008-08-26 15:53 . 2008-08-26 15:53 131 --a------ C:\todolist.htm 2008-08-25 15:52 . 2008-08-25 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-28 01:15 --------- d-----w C:\Documents and Settings\Manda\Application Data\Move Networks 2008-09-27 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-09-27 16:30 --------- d-----w C:\Program Files\Java 2008-09-27 16:28 --------- d-----w C:\Program Files\Azureus 2008-09-22 20:09 --------- d--h--w C:\Documents and Settings\Manda\Application Data\Gtek 2008-09-22 20:01 --------- d-----w C:\Documents and Settings\Visitor\Application Data\Gtek 2008-09-22 19:56 --------- d-----w C:\Program Files\Trend Micro 2008-09-21 22:04 --------- d-----w C:\Program Files\Yahoo! Games 2008-09-21 22:04 --------- d-----w C:\Documents and Settings\Manda\Application Data\iWin 2008-09-21 16:58 --------- d-----w C:\Program Files\Google 2008-09-20 02:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-20 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-20 01:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-15 03:00 --------- d-----w C:\Program Files\GameHouse 2008-09-09 12:39 --------- d-----w C:\Documents and Settings\Manda\Application Data\AdobeUM 2008-09-06 18:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-05 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-09-03 02:28 --------- d-----w C:\Documents and Settings\Manda\Application Data\PlayFirst 2008-09-03 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-08-30 15:13 --------- d-----w C:\Documents and Settings\Manda\Application Data\Gamelab 2008-08-30 01:21 --------- d-----w C:\Program Files\Shockwave.com 2006-09-21 05:05 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2007-07-26 21:01 114,688 ----a-w C:\Program Files\internet explorer\plugins\ChimeShim.dll 2007-06-14 19:52 56 -csh--r C:\WINDOWS\system32\54CC8C8FB6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 50528] "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 C:\WINDOWS\MIDIDEF.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-16 98304] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe] "MBMon"="CTMBHA.DLL" [2006-03-03 C:\WINDOWS\system32\CTMBHA.DLL] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-16 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk backup=C:\WINDOWS\pss\AutoUpdate Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk] path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk backup=C:\WINDOWS\pss\Memeo AutoBackup Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Manda^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk] path=C:\Documents and Settings\Manda\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "C:\\Program Files\\America Online 9.0\\waol.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Documents and Settings\\Manda\\Desktop\\VundoFix.exe"= R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-08-26 15172] R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-10-25 101120] R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-10-25 33408] R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832] R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Manda\Application Data\Mozilla\Firefox\Profiles\tl7cygpl.default\ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\echospin\npesProxy.dll FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-30 10:45:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Zune\ZuneNss.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\Manda\LOCALS~1\Temp\clclean.0001 C:\WINDOWS\ehome\ehmsas.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\AIM6\aolsoftware.exe C:\ComboFix\pv.cfexe C:\WINDOWS\system32\verclsid.exe . ************************************************************************ . Completion time: 2008-09-30 10:56:23 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-30 15:56:19 ComboFix2.txt 2008-09-29 00:21:00 ComboFix3.txt 2008-09-28 21:48:48 ComboFix4.txt 2008-09-26 20:14:53 ComboFix5.txt 2008-09-30 14:37:42 Pre-Run: 58,316,132,352 bytes free Post-Run: 58,344,271,872 bytes free 229 --- E O F --- 2008-04-10 08:02:06

Egwene View Member Profile	Sep 30 2008, 03:05 PM Post #24
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hello amanda732, Good work Could you please post me a fresh LopSD repport option 1 to check it's ok now ? Regards, Egwene.

amanda732 View Member Profile	Sep 30 2008, 05:35 PM Post #25
Member Posts: 14 OS: XP	here is the new LopS&D log: --------------------\\ Lop S&D 4.2.4-4 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2250 @ 1.73GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02 USER : Manda ( Administrator ) BOOT : Normal boot Antivirus : Sophos Anti-Virus (Not Activated) C:\ (Local Disk) - NTFS - Total : 105 Go Free : 54 Go D:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-09-2008\|22:20 ) Option : [1] ( Tue 09/30/2008\|19:27 ) --------------------\\ Listing folders in APPLIC~1 [08/16/2006\|07:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> ATI [08/16/2005\|04:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities [08/16/2006\|07:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intel [08/16/2005\|04:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft [08/16/2006\|07:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun [09/25/2007\|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Advanced Chemistry Development [08/31/2006\|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL [11/05/2007\|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads [03/09/2007\|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP [01/15/2007\|03:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Brother [08/16/2006\|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative Labs [10/26/2007\|05:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Escape From Paradise [08/26/2008\|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> esClient [04/22/2007\|05:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FloodLightGames [09/06/2008\|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fugazo [12/16/2007\|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gogii [04/22/2007\|05:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google [08/16/2006\|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek [05/03/2008\|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HipSoft [08/16/2006\|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield [08/16/2006\|07:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intel [09/03/2007\|02:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin [09/19/2008\|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin Games [11/20/2007\|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JollyBear [09/26/2008\|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes [08/26/2008\|07:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Memeo [03/23/2008\|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [03/09/2008\|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MumboJumbo [04/24/2007\|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> n7-89-o9-3r-4t-r9 [09/04/2007\|03:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NannyMania [08/25/2008\|03:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NeoEdge Networks [09/08/2007\|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Oberon Games [10/22/2006\|02:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Oberon Media [09/02/2008\|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PlayFirst [03/07/2007\|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap [10/08/2006\|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime [09/04/2008\|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games [01/15/2007\|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft [01/31/2007\|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sophos [09/19/2008\|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy [09/19/2008\|08:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP [09/17/2006\|01:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia [09/05/2008\|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Valusoft [09/27/2008\|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint [08/31/2006\|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage [04/22/2007\|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo! [09/07/2007\|08:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Zylom [08/16/2006\|07:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> ATI [08/16/2005\|04:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities [08/16/2006\|07:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intel [08/16/2005\|04:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [08/16/2006\|07:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun [03/23/2007\|03:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Intel [03/19/2008\|11:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [09/01/2006\|06:43] C:\DOCUME~1\Manda\APPLIC~1\<DIR> 7100Series [10/20/2007\|10:02] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Abra Academy2 [09/09/2006\|06:28] C:\DOCUME~1\Manda\APPLIC~1\<DIR> acccore [12/09/2007\|07:45] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Adobe [09/09/2008\|07:39] C:\DOCUME~1\Manda\APPLIC~1\<DIR> AdobeUM [08/16/2006\|07:44] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ATI [07/27/2008\|12:03] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Azureus [09/05/2008\|04:55] C:\DOCUME~1\Manda\APPLIC~1\<DIR> BeachPartyCraze [09/06/2008\|04:19] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Big Fish Games [03/02/2008\|11:36] C:\DOCUME~1\Manda\APPLIC~1\<DIR> BloodTies [01/16/2007\|02:22] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Brother [09/03/2006\|10:25] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Corel [10/02/2006\|11:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Corel Photo Album [08/22/2006\|08:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Creative [01/12/2007\|06:10] C:\DOCUME~1\Manda\APPLIC~1\<DIR> CyberLink [10/15/2006\|03:14] C:\DOCUME~1\Manda\APPLIC~1\<DIR> DivX [09/17/2006\|06:53] C:\DOCUME~1\Manda\APPLIC~1\<DIR> EA [09/03/2007\|10:42] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Eyeblaster [04/22/2007\|05:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> FloodLightGames [09/03/2007\|10:35] C:\DOCUME~1\Manda\APPLIC~1\<DIR> GameHouse [08/30/2008\|10:13] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Gamelab [09/02/2008\|02:57] C:\DOCUME~1\Manda\APPLIC~1\<DIR> GamesCafe [10/23/2006\|09:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Google [09/22/2008\|03:09] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Gtek [06/10/2008\|12:36] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Help [12/15/2007\|02:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Home Sweet Home [08/16/2005\|04:50] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Identities [10/16/2006\|10:10] C:\DOCUME~1\Manda\APPLIC~1\<DIR> IMVU [09/16/2008\|10:38] C:\DOCUME~1\Manda\APPLIC~1\<DIR> InstallShield [08/16/2006\|07:35] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Intel [09/11/2008\|04:00] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ITTNord [09/21/2008\|05:04] C:\DOCUME~1\Manda\APPLIC~1\<DIR> iWin [09/08/2008\|04:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> iWinArcade [10/20/2007\|01:17] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Jane s Hotel [09/04/2008\|10:18] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Jane s Hotel Family Hero [11/06/2007\|06:42] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Legends of pirates [09/06/2006\|10:49] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Macromedia [04/18/2007\|01:07] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Magic Academy [09/17/2006\|11:37] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Magic Match [09/26/2008\|07:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Malwarebytes [08/25/2008\|03:51] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Microsoft [08/27/2006\|05:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Microsoft Web Folders [09/27/2008\|08:15] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Move Networks [09/06/2008\|11:25] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Mozilla [05/02/2008\|10:01] C:\DOCUME~1\Manda\APPLIC~1\<DIR> My Games [03/09/2008\|02:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> MysteryStudio [09/02/2008\|09:28] C:\DOCUME~1\Manda\APPLIC~1\<DIR> PlayFirst [08/30/2008\|11:17] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Righteous Kill [09/09/2007\|09:03] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Sandlot Games [10/08/2007\|08:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> SecuROM [12/09/2006\|05:13] C:\DOCUME~1\Manda\APPLIC~1\<DIR> SmartDraw [08/16/2006\|07:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Sun [03/09/2008\|03:15] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Total Eclipse [05/01/2008\|11:01] C:\DOCUME~1\Manda\APPLIC~1\<DIR> U3 [09/05/2008\|11:48] C:\DOCUME~1\Manda\APPLIC~1\<DIR> Valusoft [09/29/2007\|05:06] C:\DOCUME~1\Manda\APPLIC~1\<DIR> VeniceMysteryData [09/02/2008\|04:59] C:\DOCUME~1\Manda\APPLIC~1\<DIR> ViquaSoft [04/22/2007\|05:31] C:\DOCUME~1\Manda\APPLIC~1\<DIR> yahoo! [03/07/2007\|03:15] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft [08/16/2006\|07:44] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> ATI [09/22/2008\|03:01] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Gtek [08/16/2005\|04:50] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Identities [08/16/2006\|07:35] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Intel [03/23/2007\|03:11] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Microsoft [08/16/2006\|07:31] C:\DOCUME~1\Visitor\APPLIC~1\<DIR> Sun --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [09/29/2008 09:00 PM][--a------] C:\WINDOWS\tasks\Daily.job [09/30/2008 09:45 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/10/2004 05:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [02/07/2007\|12:22] C:\Program Files\<DIR> Activision Value [09/09/2008\|07:36] C:\Program Files\<DIR> Adobe [11/05/2007\|09:36] C:\Program Files\<DIR> AIM6 [12/17/2006\|10:20] C:\Program Files\<DIR> Alawar [12/16/2007\|08:52] C:\Program Files\<DIR> America Online 9.0 [11/12/2006\|04:10] C:\Program Files\<DIR> Ant War [09/09/2006\|06:28] C:\Program Files\<DIR> AOD [09/09/2006\|06:20] C:\Program Files\<DIR> AOL [08/16/2006\|07:49] C:\Program Files\<DIR> AOL Companion [08/16/2006\|07:40] C:\Program Files\<DIR> ATI Technologies [09/07/2008\|11:24] C:\Program Files\<DIR> Azada [09/27/2008\|11:28] C:\Program Files\<DIR> Azureus [08/16/2006\|07:57] C:\Program Files\<DIR> BAE [04/22/2007\|05:13] C:\Program Files\<DIR> BFG [08/16/2006\|07:34] C:\Program Files\<DIR> Broadcom [01/15/2007\|03:22] C:\Program Files\<DIR> Brother [11/12/2006\|04:10] C:\Program Files\<DIR> CakeMania_at [03/22/2008\|08:51] C:\Program Files\<DIR> Cate West The Vanishing Files [03/19/2008\|10:42] C:\Program Files\<DIR> Cathys Caribbean Club [02/07/2007\|04:39] C:\Program Files\<DIR> CoffeeTycoon_at [09/30/2008\|09:40] C:\Program Files\<DIR> Common Files [08/16/2005\|04:38] C:\Program Files\<DIR> ComPlus Applications [01/12/2007\|05:47] C:\Program Files\<DIR> Compton's Home Library [08/16/2006\|07:37] C:\Program Files\<DIR> CONEXANT [09/07/2008\|11:24] C:\Program Files\<DIR> Cooking Academy [08/16/2006\|07:54] C:\Program Files\<DIR> Corel [08/16/2006\|07:55] C:\Program Files\<DIR> Corel Corporation [08/16/2006\|07:43] C:\Program Files\<DIR> Creative [02/07/2007\|04:39] C:\Program Files\<DIR> Crime Puzzle [08/16/2006\|07:44] C:\Program Files\<DIR> CyberLink [02/07/2007\|04:39] C:\Program Files\<DIR> Deep Sea Tycoon 2_at [10/13/2007\|09:41] C:\Program Files\<DIR> DeliveryKing_at [08/16/2006\|08:00] C:\Program Files\<DIR> Dell [09/22/2008\|03:00] C:\Program Files\<DIR> DellSupport [03/19/2008\|11:16] C:\Program Files\<DIR> DIFX [08/16/2006\|07:41] C:\Program Files\<DIR> Digital Line Detect [03/01/2007\|07:42] C:\Program Files\<DIR> DivX [10/20/2007\|04:47] C:\Program Files\<DIR> DreamChronicles_at [10/08/2007\|07:08] C:\Program Files\<DIR> EA GAMES [08/16/2006\|07:49] C:\Program Files\<DIR> EarthLink Setup [08/26/2008\|09:21] C:\Program Files\<DIR> echospin [08/16/2005\|08:51] C:\Program Files\<DIR> EnglishOtto [09/22/2008\|02:33] C:\Program Files\<DIR> ERUNT [09/21/2008\|05:02] C:\Program Files\<DIR> Fenomen Games Downloader [03/19/2008\|10:42] C:\Program Files\<DIR> Feyruna Fairy Forest [08/23/2006\|02:27] C:\Program Files\<DIR> Game On [09/14/2008\|10:00] C:\Program Files\<DIR> GameHouse [09/14/2008\|10:00] C:\Program Files\<DIR> Games [09/30/2007\|02:29] C:\Program Files\<DIR> GamesBar [12/16/2007\|10:28] C:\Program Files\<DIR> GemMaster [12/01/2006\|05:30] C:\Program Files\<DIR> GlobalStar Software [09/21/2008\|11:58] C:\Program Files\<DIR> Google [03/19/2008\|10:43] C:\Program Files\<DIR> Grimms Hatchery [10/15/2006\|03:25] C:\Program Files\<DIR> GustoSoft [09/07/2008\|11:25] C:\Program Files\<DIR> Hawaiian Explorer The Lost Island [12/18/2006\|01:05] C:\Program Files\<DIR> Infogrames [06/22/2007\|03:05] C:\Program Files\<DIR> Infogrames Interactive [09/06/2008\|01:29] C:\Program Files\<DIR> InstallShield Installation Information [08/16/2006\|07:35] C:\Program Files\<DIR> Intel [08/16/2006\|07:35] C:\Program Files\<DIR> Intel, Inc [04/10/2008\|03:01] C:\Program Files\<DIR> Internet Explorer [09/21/2008\|12:55] C:\Program Files\<DIR> iWin.com [08/27/2006\|05:43] C:\Program Files\<DIR> Jasc Software Inc [09/27/2008\|11:30] C:\Program Files\<DIR> Java [09/07/2008\|11:27] C:\Program Files\<DIR> Kudos [12/16/2007\|10:28] C:\Program Files\<DIR> LawandOrderDarkObsession_at [11/12/2006\|04:12] C:\Program Files\<DIR> LawOrderVengefulHeart_at [08/16/2006\|07:49] C:\Program Files\<DIR> Learn2.com [10/09/2007\|10:20] C:\Program Files\<DIR> LimeWire [12/12/2006\|06:23] C:\Program Files\<DIR> Lx_cats [09/26/2008\|07:09] C:\Program Files\<DIR> Malwarebytes' Anti-Malware [08/26/2008\|07:47] C:\Program Files\<DIR> Memeo [08/16/2006\|07:32] C:\Program Files\<DIR> Messenger [08/27/2006\|05:31] C:\Program Files\<DIR> microsoft frontpage [08/27/2006\|05:31] C:\Program Files\<DIR> Microsoft Office [08/16/2006\|07:47] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition [08/16/2006\|07:47] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE [09/09/2007\|08:51] C:\Program Files\<DIR> Microsoft Works [09/16/2008\|10:37] C:\Program Files\<DIR> Minitab 15 [08/16/2006\|07:41] C:\Program Files\<DIR> Modem Helper [10/11/2007\|07:09] C:\Program Files\<DIR> ModTheSims2.com [08/16/2005\|04:37] C:\Program Files\<DIR> Movie Maker [09/30/2008\|03:17] C:\Program Files\<DIR> Mozilla Firefox [08/16/2005\|04:37] C:\Program Files\<DIR> MSN [08/16/2005\|04:37] C:\Program Files\<DIR> MSN Gaming Zone [11/29/2006\|12:34] C:\Program Files\<DIR> MSXML 4.0 [08/16/2006\|07:52] C:\Program Files\<DIR> MUSICMATCH [03/22/2008\|10:02] C:\Program Files\<DIR> Mysteryville [06/11/2008\|01:04] C:\Program Files\<DIR> Nancy Drew [08/16/2005\|04:40] C:\Program Files\<DIR> NetMeeting [08/16/2006\|07:41] C:\Program Files\<DIR> NetWaiting [08/16/2006\|07:46] C:\Program Files\<DIR> NetZeroInstallers [11/17/2007\|03:16] C:\Program Files\<DIR> Oberon Media [02/07/2007\|05:15] C:\Program Files\<DIR> On2 Technologies [08/16/2005\|04:38] C:\Program Files\<DIR> Online Services [08/31/2006\|01:09] C:\Program Files\<DIR> Outlook Express [09/07/2008\|11:27] C:\Program Files\<DIR> Paparazzi [09/07/2008\|11:27] C:\Program Files\<DIR> Peggle Deluxe [02/07/2007\|04:43] C:\Program Files\<DIR> Pizza Frenzy [05/04/2008\|12:22] C:\Program Files\<DIR> PlayFirst [08/16/2006\|07:49] C:\Program Files\<DIR> QuickTime [09/21/2006\|12:06] C:\Program Files\<DIR> Real [09/14/2008\|10:01] C:\Program Files\<DIR> Red Cross ERU [12/17/2006\|10:04] C:\Program Files\<DIR> ReflexiveArcade [08/16/2005\|08:58] C:\Program Files\<DIR> RGB [01/15/2007\|03:17] C:\Program Files\<DIR> ScanSoft [08/16/2006\|07:57] C:\Program Files\<DIR> SearchAssist [08/29/2008\|08:21] C:\Program Files\<DIR> Shockwave.com [08/16/2006\|07:37] C:\Program Files\<DIR> Sigmatel [02/24/2007\|11:55] C:\Program Files\<DIR> SmartDraw 2007 [08/16/2006\|07:49] C:\Program Files\<DIR> Sonic [09/01/2007\|10:27] C:\Program Files\<DIR> Sophos [01/31/2007\|02:00] C:\Program Files\<DIR> Sophos SWEEP for NT [09/24/2006\|02:38] C:\Program Files\<DIR> SpongeBobDinerDash_at [09/19/2008\|09:12] C:\Program Files\<DIR> Spybot - Search & Destroy [11/17/2007\|03:25] C:\Program Files\<DIR> SuperCollapse3_at [05/04/2008\|12:09] C:\Program Files\<DIR> Supple [08/16/2006\|07:34] C:\Program Files\<DIR> Synaptics [02/21/2007\|01:16] C:\Program Files\<DIR> The Adventure Company [05/04/2008\|12:09] C:\Program Files\<DIR> The Game of Life - PTS [09/07/2008\|11:28] C:\Program Files\<DIR> The Game Of LIFE PTS [02/06/2007\|10:48] C:\Program Files\<DIR> TikGames [09/22/2008\|02:56] C:\Program Files\<DIR> Trend Micro [09/07/2008\|11:30] C:\Program Files\<DIR> Tropix 2 - The Quest for the Golden Banana [11/18/2006\|08:37] C:\Program Files\<DIR> TryMedia [08/16/2005\|04:50] C:\Program Files\<DIR> Uninstall Information [09/14/2008\|10:00] C:\Program Files\<DIR> Venture Arctic [04/22/2007\|05:30] C:\Program Files\<DIR> Virtual Laguna Beach [08/16/2006\|07:51] C:\Program Files\<DIR> WebCyberCoach [08/26/2008\|07:47] C:\Program Files\<DIR> Western Digital [08/26/2008\|07:45] C:\Program Files\<DIR> Western Digital Technologies [08/16/2006\|07:35] C:\Program Files\<DIR> WIDCOMM [08/22/2006\|08:16] C:\Program Files\<DIR> WildTangent [03/19/2008\|11:15] C:\Program Files\<DIR> Windows Media Player [08/16/2005\|04:37] C:\Program Files\<DIR> Windows NT [08/16/2005\|04:37] C:\Program Files\<DIR> Windows Plus [01/15/2007\|03:09] C:\Program Files\<DIR> WindowsUpdate [02/24/2008\|12:57] C:\Program Files\<DIR> WinRAR [08/16/2006\|07:50] C:\Program Files\<DIR> WordPerfect Office 12 [08/16/2005\|04:43] C:\Program Files\<DIR> xerox [02/28/2007\|10:45] C:\Program Files\<DIR> Yahoo! [09/21/2008\|05:04] C:\Program Files\<DIR> Yahoo! Games [09/23/2006\|05:38] C:\Program Files\<DIR> ZooVet_at [03/23/2008\|07:21] C:\Program Files\<DIR> Zune --------------------\\ Listing Folders in C:\Program Files\Common Files [08/31/2006\|09:23] C:\Program Files\Common Files\<DIR> Adobe [03/09/2007\|12:41] C:\Program Files\Common Files\<DIR> AOL [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> aolshare [08/16/2006\|07:50] C:\Program Files\Common Files\<DIR> Borland Shared [09/01/2007\|10:27] C:\Program Files\Common Files\<DIR> Cisco Systems [03/19/2008\|11:16] C:\Program Files\Common Files\<DIR> ComponentOne [08/16/2006\|07:50] C:\Program Files\Common Files\<DIR> Corel [08/16/2006\|07:41] C:\Program Files\Common Files\<DIR> Creative Labs Shared [08/27/2006\|05:33] C:\Program Files\Common Files\<DIR> Designer [08/26/2008\|07:47] C:\Program Files\Common Files\<DIR> eSellerate [09/15/2006\|07:24] C:\Program Files\Common Files\<DIR> Hypnotizer [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> InstallShield [08/16/2006\|07:31] C:\Program Files\Common Files\<DIR> Java [03/23/2008\|07:16] C:\Program Files\Common Files\<DIR> Microsoft Shared [08/16/2005\|04:40] C:\Program Files\Common Files\<DIR> MSSoap [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> Nullsoft [08/16/2005\|04:33] C:\Program Files\Common Files\<DIR> ODBC [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> Real [09/23/2006\|06:04] C:\Program Files\Common Files\<DIR> Sandlot Shared [01/15/2007\|03:18] C:\Program Files\Common Files\<DIR> ScanSoft Shared [08/16/2005\|04:40] C:\Program Files\Common Files\<DIR> Services [08/16/2006\|07:49] C:\Program Files\Common Files\<DIR> Sonic Shared [08/16/2005\|04:33] C:\Program Files\Common Files\<DIR> SpeechEngines [09/09/2006\|06:31] C:\Program Files\Common Files\<DIR> SWF Studio [08/31/2006\|01:09] C:\Program Files\Common Files\<DIR> System [08/16/2006\|07:47] C:\Program Files\Common Files\<DIR> TiVo Shared --------------------\\ Process ( 72 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\Manda\Cookies\manda@advertising[2].txt C:\DOCUME~1\Manda\Cookies\manda@adopt.euroclick[1].txt --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-30 19:28:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections No other infections found ! [F:6][D:2]-> C:\DOCUME~1\Manda\LOCALS~1\Temp [F:139][D:0]-> C:\DOCUME~1\Manda\Cookies [F:23][D:4]-> C:\DOCUME~1\Manda\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Tue 09/23/2008\| 7:53 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - Mon 09/29/2008\|18:31 - Option : [1] 3 - "C:\Lop SD\LopR_3.txt" - Tue 09/30/2008\|19:30 - Option : [1] --------------------\\ Scan completed at 19:30:25

Egwene View Member Profile	Oct 1 2008, 02:02 AM Post #26
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Hello amanda732, Congralutations, your log looks clean 1) Uninstall combofix : Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. 2) Run OTcleanIT : Please Download OTcleanIT (OldTimer) : http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe Open it and double-click on the "CleanUp" boutton. 3) Update windows : Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically. Automatic Updates for Windows * Click Start. * Select Settings and then Control Panel. * Select Automatic Updates. * Click Automatic (recommended) * Choose a day and a time when you know the computer will be on and connected to the internet. * Click Apply then OK. 4) Prevention/protection : The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. If you haven't a firewall on your computer, I advice you to install one of the following : Kerio / Commodo / ZoneAlarme. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well. SpywareBlaster - Great prevention tool to keep nasties from installing on your system. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) To reduce re-infection for malware in the future, I strongly recommend installing these free programs: SpywareBlaster protects against bad ActiveX. IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all Have a look at this tutorial for IE-Spyad here Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here Take a good look at the following suggestions for malware prevention by reading Tony Klein�s article 'How Did I Get Infected In The First Place' Here Thank you for your patience, and performing all of the procedures requested. Regards, Egwene.

amanda732 View Member Profile	Oct 2 2008, 07:43 AM Post #27
Member Posts: 14 OS: XP	Thank you for all the help. I have done what you advised and my computer seems to be nicely protected and it is running great. Thanks again.

Egwene View Member Profile	Oct 2 2008, 10:04 AM Post #28
Trusted Helper Posts: 2,141 From: France OS: XP/Vista �dition basique familiale	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

< 1 2

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Troj/Virtum-Gen Virus [RESOLVED]	10 / 740	12th February 2008 - 03:01 AM socceraddict07 started - last by kahdah
Virus, Spyware and Trojan Removal Troj/Virtum-Gen! Please Help! [RESOLVED]	12 / 607	9th December 2008 - 05:03 PM Killabyte started - last by Rorschach112
Virus, Spyware and Trojan Removal Need help removing Troj/Virtum-Gen virus [RESOLVED]	12 / 1,592	9th December 2008 - 05:05 PM klay44 started - last by Essexboy
Virus, Spyware and Trojan Removal Need help removing Troj/Virtum-Gen Virus [RESOLVED]	3 / 406	9th December 2008 - 10:38 PM bwelty started - last by fenzodahl512