Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP ME - Trojan codec.exe [RESOLVED]


  • This topic is locked This topic is locked

#16
JakeManHelpMe

JakeManHelpMe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
GREY KNIGHT, I WILL STOP POSTING ALL THE LOG AND JUST POST AN ATTACHMENT ( NOTE: Will hav to post 2or 3 attatchments :/ its 1.06mb in size...). Do with it what you must, my pc is looking beta but im sure there are still some bugs on it. Anyway let me know if its unsafe for you to download the attatchment and i'll try and post the rest of the log in text.. thx anyway mate,

Cheers,

~Jake




EDIT: Found a minor bug, whenever i open Internet Explorer, the bar above the search browser where you type the web address you want to go to, yeah.. anyway um the bar above that, it goes a dark grey colour untill i go to a different page, and its only there when i open IE , not on actual other websites. It's really minor but definitely not normal.. thats all i've noticed so far anyway, and if anything , the pc is faster than ever.

Cheers.

Attached Files


Edited by JakeManHelpMe, 06 May 2008 - 12:04 AM.

  • 0

Advertisements


#17
JakeManHelpMe

JakeManHelpMe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
AND the second one...




500k limit is a bit annoying :/

Attached Files


  • 0

#18
JakeManHelpMe

JakeManHelpMe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
and finally... the last one. :) hope you can reply soon, as in a.s.a.p as is per usual to you, mate.


Cheers, thnk you so much for ur help,


~Jake

Attached Files


Edited by JakeManHelpMe, 04 May 2008 - 11:02 PM.

  • 0

#19
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you have any idea what's inside this folder?
C:\Documents and Settings\r\!\

Please do NOT open any of the files inside there as enticing as it may look. I have a feeling it's nothing good. Let me know so we can take the appropriate action.

Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Documents and Settings\r\!

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#20
JakeManHelpMe

JakeManHelpMe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey Grey, thnks for your help again.
About to do that OT program that you asked me to do, and i looked for that:
'c:\documents and settings\r\!\ '
but it doesnt exist... (its not there...) its not hidden either because i made sure that hidden folders/items were visible when i looked... :/ i looked at them (the thousands of files in the log) a few times and they look like every 'media' item there is, and i think it has something to do with limewire, because i downloaded limewire recently and then downloaded something off limewire, then it said that i needed to save this thing to my pc, called 'codec.exe' , so that i could watch it, and i said cancel, but then i downloaded about 11 or 12 more of similar ones too (what i was trying to get was a happy tree friends episode, i downloaded all different episodes), and they all said the same thing. so i saved it (STUPID ME :) ) to my computer, and the folder that i saved it in, it was weird because... it appeared there, but then disappeared... and then avg 7.5 free edition (virus detecter one) came up 3 or 4 times saying what i want to do about a trojan on the computer... and yeah. Anyway i'll try that OT program. Get back to you soon.

Cheers mate,

~Jake


NOTE: I am going to uninstall limewire.. because... i don't wanna get another trojan.

Edited by JakeManHelpMe, 06 May 2008 - 12:00 AM.

  • 0

#21
JakeManHelpMe

JakeManHelpMe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey Grey, I don't know if this is very interesting ... seing as there is basically nothing in it :)




OT LOG:

C:\Documents and Settings\r\! moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05062008_161626



Cheers mate.

Seing as my log is clean, why do you think that grey above search/browser bar glitch is there? by the way:

I noticed whenevr i open a window by a link (say, that ot one you gave me) and it comes up in non-full screen, the bar above search bar goes grey and now I've noticed that when it's not full screen (when i maximize it by clicking the top twice it's alright, because its full screen but.. yeah) the top right hand corner and top left hand corner aren't there... making it impossible to click the minimize/restore/close buttons, but i can still press the apropreaite buttons on the keyboard, but as i said, this is a glitch so it doesnt matter if i can work around it... and it means there MUST be something still on my computer.. anyway yeah,

Cheers, thanks for all your help, hope you live the rest of your life to the fullest extent, malware free :) :) :)


~Jake

Edited by JakeManHelpMe, 06 May 2008 - 12:24 AM.

  • 0

#22
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I think a handful of users here got infected via Limewire then because I saw a few other users with the same issue. I had them remove that folder. Glad you removed Limewire. I don't recommend using any file sharing programs as it can contribute to malware issues as you saw first hand.

If you want, you can run more scans to see if anything is found.

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

  • 0

#23
JakeManHelpMe

JakeManHelpMe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey Greyknight, soz for taking so long, had to do some personal things and ...yeah.
From he looks of it, i have now got a few (or a lot) of viruses/infected files e.t.c. on my pc now, no idea why.

My avg anti virus free edition is out of date, simply because whenever i have tried to update it recently , as it updates, it comes up with 'an error has occured' and wether i should send / dont send an error report.

Also, 2 days ago, avg was doing a scan , i think, and it found something called vundo, it didnt say it was really harmfull or anything tho, and it had a _recovery in the name of the place where it is/was from my memory, just thought u should know. anyway, I'm going to post a new hijack this log, and the panda active scan log.

(NOTE: I DID do that ATF Cleaner thing that u asked me to download, and emptied all the files and stuff. i did this B4 the hjthis scan and panda scans too by the way)


HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:21 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Zeallsoft\Super Screen Capture\SSCapture.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Super Screen Capture] C:\Program Files\Zeallsoft\Super Screen Capture\SSCapture.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AB6C839-5654-41C1-AA89-8FA459EB89E2}: NameServer = 211.29.132.12,198.142.0.51
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AB6C839-5654-41C1-AA89-8FA459EB89E2}: NameServer = 211.29.132.12,198.142.0.51
O17 - HKLM\System\CS2\Services\Tcpip\..\{0AB6C839-5654-41C1-AA89-8FA459EB89E2}: NameServer = 211.29.132.12,198.142.0.51
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10401 bytes



PANDA ACTIVESCAN LOG:


;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-05-10 20:04:07
PROTECTIONS: 1
MALWARE: 50
SUSPECTS: 2
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
AVG 7.5.524 7.5.524 Yes No
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00029225 spyware/marketscore Spyware No 1 Yes No c:\windows\system32\rlvknlg.exe
00041487 adware/webhancer Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\R\Cookies\[email protected][2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\R\Cookies\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\R\Cookies\[email protected][2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\R\Cookies\[email protected][3].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\R\Desktop\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\SYSTEM32\Process.exe
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.mediaplex.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.com.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\QooBox\Quarantine\C\FOUND.016\FILE0052.CHK.vir
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\R\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\QooBox\Quarantine\C\FOUND.013\FILE0005.CHK.vir
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\QooBox\Quarantine\C\FOUND.015\FILE0005.CHK.vir
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\R\Cookies\[email protected][2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\R\Cookies\[email protected][1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\R\Cookies\[email protected][2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\R\Cookies\[email protected][3].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\R\Cookies\[email protected][1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.adtech.de/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\R\Cookies\[email protected][1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\R\Cookies\[email protected][2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.zedo.com/]
00172825 Joke/Stress Jokes No 0 Yes No C:\Documents and Settings\Jake\Desktop\stressreducer.exe
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.bluestreak.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\R\Application Data\Mozilla\Firefox\Profiles\phx4g6ax.default\COOKIES.TXT[.searchportal.information.com/]
00223657 Spyware/MarketScore Spyware No 1 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP138\A0127914.MSI[unk_0033]
00223657 Spyware/MarketScore Spyware No 1 Yes No C:\WINDOWS\Installer\7065B7.MSI[unk_0050]
00223657 Spyware/MarketScore Spyware No 1 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP138\A0127916.MSI[unk_0033]
01066590 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Jake\Desktop\EZTMusicManager_WebHancer_AU.exe[webhancer.exe][webhdll.dll]
01066590 Generic Malware Virus/Trojan No 0 No No C:\Program Files\EZT\webhancer.exe[webhdll.dll]
01066650 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Jake\Desktop\EZTMusicManager_WebHancer_AU.exe[webhancer.exe][whInstaller.exe]
01066650 Generic Malware Virus/Trojan No 0 No No C:\Program Files\EZT\webhancer.exe[whInstaller.exe]
01066718 Generic Malware Virus/Trojan No 0 No No C:\Program Files\EZT\webhancer.exe[whiehlpr.dll]
01066718 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Jake\Desktop\EZTMusicManager_WebHancer_AU.exe[webhancer.exe][whiehlpr.dll]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\R\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP137\A0127872.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP136\A0127802.EXE
01241766 Generic Malware Virus/Trojan No 0 No No C:\Program Files\EZT\webhancer.exe[whAgent.exe]
01241766 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Jake\Desktop\EZTMusicManager_WebHancer_AU.exe[webhancer.exe][whAgent.exe]
01286048 Adware/OneStep Adware No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP139\A0127940.DLL
01286211 Adware/OneStep Adware No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP138\A0127918.EXE
01343188 Adware/WebSearch Adware Yes 1 Yes No C:\DOCUMENTS AND SETTINGS\R\LOCAL SETTINGS\TEMP\{CC965873-F913-4866-9203-92E87DAB99B7}\_EXTRA\OBJECTS\CMDLINE.DLL
02011113 Adware/WebHancer Adware No 0 Yes No C:\Program Files\EZT\webhancer.exe
02011113 Adware/WebHancer Adware No 0 No No C:\Documents and Settings\Jake\Desktop\EZTMusicManager_WebHancer_AU.exe[webhancer.exe]
02164071 Adware/OneStep Adware No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP139\A0127941.EXE
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\R\Desktop\SmitfraudFix\Reboot.exe
02658257 Adware/SaveNow Adware No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP138\A0127914.MSI[unk_0052]
02658257 Adware/SaveNow Adware No 0 Yes No C:\WINDOWS\Installer\7065B7.MSI[unk_0051]
02658257 Adware/SaveNow Adware No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP138\A0127916.MSI[unk_0052]
02748433 Adware/WebHancer Adware No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP136\A0127800.EXE
02748433 Adware/WebHancer Adware No 0 No No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP136\A0127798.EXE[whInstaller.exe]
02812088 Adware/WebHancer Adware No 0 No No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP136\A0127798.EXE[whAgent.exe]
02812088 Adware/WebHancer Adware No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP136\A0127799.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP137\A0127851.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP136\A0127775.SYS
02901133 Adware/OneStep Adware No 0 Yes No C:\Program Files\OneStepSearch\uninstall.exe
02901134 Adware/OneStep Adware No 0 Yes No C:\Program Files\OneStepSearch\OSOPT.EXE
02901878 Adware/OneStep Adware Yes 0 Yes No C:\PROGRAM FILES\ONESTEPSEARCH\ONESTEP.EXE
02901906 Dialer.LAV Dialers No 0 No No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\oBL\kepdllsk1.exe.vir[wupda.exe]
02901906 Dialer.LAV Dialers No 0 No No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP137\A0127842.EXE[wupda.exe]
02918606 Adware/WebHancer Adware No 0 No No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP136\A0127798.EXE[whiehlpr.dll]
02918606 Adware/WebHancer Adware No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP136\A0127711.DLL
02930075 Adware/WebHancer Adware No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP136\A0127712.DLL
02930075 Adware/WebHancer Adware No 0 No No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP136\A0127798.EXE[webhdll.dll]
02937945 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qfgiesaf.dll.vir
02937945 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP136\A0127765.DLL
02938488 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP136\A0127763.DLL
02938488 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fvoxlybr.dll.vir
02942369 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP134\A0127540.EXE
02942492 Adware/AccesMembre Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bkEur05\bkEur051080.exe.vir
02942492 Adware/AccesMembre Adware No 0 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP137\A0127841.EXE
02943308 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\opnlJAPf.dll.vir
02943308 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B87F36FC-155B-443C-B65A-D13BE62F944B}\RP136\A0127764.DLL
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location h
;===============================================================================
================================================================================
=
===================
No C:\PROGRAM FILES\ONESTEPSEARCH\ONESTEP.DLL h
No C:\PROGRAM FILES\OPTUSNET DSL INTERNET\DSC.EXE h
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description h
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================





cheers, hope im not causing you too much trouble.


~Jake

EDIT: I just did a search because even though i deleted the main file 'webHancer' that u told me to delete a while ago from 'c:\programfiles' its name 'webHancer' 'webh' e.t.c. came up alot in panda scan. anyway what came up were two things, ezt music manager, a file to download music i got about 3-4months ago, and the installer/uninstaller (what looked like it) of webHancer. Should i delete any/both/1 of these things? plz do everything else that u need to do/check/look at on this post b4 you reply. ~Jake

EDIT2: SORRY. Just realised that i downloaded firefox browser a month or 2 ago, but i havnt used it b4, only once and i disliked it. So i didnt think to do the firefox thing with the ATF Cleaner simply because i didnt realise i had fire fox. but still, i dont USE FIREFOX AT ALL. awaiting further instructions on wether i should just delete it or not. I don't want to do anything else lke delete/download to my pc until this is all over and done with now because of the viruses and things that keep showing up. MUCH APPRECIATIONS FOR ALL YOUR HELP, :)

Edited by JakeManHelpMe, 10 May 2008 - 04:34 AM.

  • 0

#24
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Go into Firefox->Tools->Clear Private Data and hit OK to delete all your cookie and temp files.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

OneStepSearch
webHancer


Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::
c:\windows\system32\rlvknlg.exe
C:\Documents and Settings\Jake\Desktop\stressreducer.exe
C:\WINDOWS\Installer\7065B7.MSI
Folder::
C:\DOCUMENTS AND SETTINGS\R\LOCAL SETTINGS\TEMP\{CC965873-F913-4866-9203-92E87DAB99B7}\
C:\Program Files\EZT\
C:\Program Files\OneStepSearch\
Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#25
JakeManHelpMe

JakeManHelpMe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
GREYKNIGHt, hi again.

webHancer wasnt there to un install, but onestep was. By the way, when i first had he virus(s), i saw something come up in avg, the trojan stuff, and it was in a folder called 'winvi' so i scanned that folder, and moved the harmful contents to vault, then deleted them. anyway, just because i noticed it, in add/remove programs, there was a 'program' called 'winvi' and it had '(remove only) in brackets next to it anyway, just thought u might need to know this or something, let me know if i should remove and/or delete it e.t.c... here is the requested 'combofix log':


COMBOFIX LOG:
ComboFix 08-05-01.3 - r 2008-05-11 7:51:31.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.90 [GMT 10:00]
Running from: C:\Documents and Settings\r\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\r\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Jake\Desktop\stressreducer.exe
C:\WINDOWS\Installer\7065B7.MSI
c:\windows\system32\rlvknlg.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jake\Desktop\stressreducer.exe
C:\DOCUMENTS AND SETTINGS\R\LOCAL SETTINGS\TEMP\{CC965873-F913-4866-9203-92E87DAB99B7}\
C:\DOCUMENTS AND SETTINGS\R\LOCAL SETTINGS\TEMP\{CC965873-F913-4866-9203-92E87DAB99B7}\\_extra\objects\cmdline.dll
C:\Program Files\EZT\
C:\Program Files\EZT\\downloadqueue.xml
C:\Program Files\EZT\\Downloads\003_Apologize.mp3
C:\Program Files\EZT\\Downloads\Theme From The Simpsons Movie.mp3
C:\Program Files\EZT\\Downloads\We Will Rock You_MV0724004.mp3
C:\Program Files\EZT\\queue.raw
C:\Program Files\EZT\\webhancer.exe
C:\WINDOWS\Installer\7065B7.MSI
c:\windows\system32\rlvknlg.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-11 06:09 . 2008-05-11 06:09 <DIR> d--hs---- C:\FOUND.010
2008-05-09 15:45 . 2008-05-09 15:45 <DIR> d-------- C:\Program Files\Panda Security
2008-05-07 17:17 . 2008-05-07 17:17 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-07 17:16 . 2008-05-07 17:16 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-07 17:14 . 2008-05-07 17:14 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-07 17:13 . 2008-05-07 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-07 17:12 . 2008-05-07 17:12 <DIR> dr-h----- C:\MSOCache
2008-05-06 16:16 . 2008-05-06 16:16 <DIR> d-------- C:\_OTMoveIt
2008-05-05 15:35 . 2008-05-05 15:35 <DIR> d-------- C:\Program Files\FileSubmit
2008-05-05 15:32 . 2008-05-05 15:32 1,594,706 --a------ C:\WINDOWS\system32\ashes to ashes.wav
2008-05-05 15:32 . 2008-05-05 15:32 493,293 --a------ C:\WINDOWS\system32\Butterfly Fantasia.edm
2008-05-05 15:32 . 2008-05-05 15:32 361,984 --a------ C:\WINDOWS\system32\Butterfly Fantasia.scr
2008-05-05 08:44 . 2008-05-05 08:45 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-05 08:44 . 2008-05-05 08:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-04 15:34 . 2008-05-04 15:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-04 14:32 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-04 14:32 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-04 14:32 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-04 14:32 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-04 14:32 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-04 14:32 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-04 14:32 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-04 14:32 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-04 14:32 . 2008-05-04 15:47 4,400 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-04 11:29 . 2008-05-04 11:29 <DIR> d-------- C:\Documents and Settings\r\Application Data\LimeWire
2008-04-28 21:28 . 2008-04-28 21:28 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-28 21:26 . 2008-04-28 21:26 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-28 15:47 . 2008-04-28 15:47 <DIR> d-------- C:\Program Files\High-Logic
2008-04-28 15:47 . 2008-04-28 15:47 <DIR> d-------- C:\Documents and Settings\r\Application Data\FontCreator
2008-04-28 15:47 . 2008-04-28 15:47 145 --a------ C:\WINDOWS\fcp5.cfg
2008-04-21 16:28 . 2008-04-21 16:28 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-10 16:55 . 2008-04-10 16:55 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 09:16 --------- d-----w C:\Documents and Settings\r\Application Data\AVG7
2008-04-09 09:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-09 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-09 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-06 23:18 --------- d-----w C:\Program Files\Active GIF Creator 3.2
2008-04-03 06:14 --------- d-----w C:\Documents and Settings\r\Application Data\Hamachi
2008-04-03 06:13 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-03 06:13 --------- d-----w C:\Program Files\Hamachi
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 08:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( [email protected]_11.03.31.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-29 11:31:00 204,081 ----a-w C:\WINDOWS\.silabclient_store_32\code.dat
+ 2008-05-08 05:45:52 200,605 ----a-w C:\WINDOWS\.silabclient_store_32\code.dat
+ 2008-05-07 07:17:30 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-05-07 07:17:32 4,608 ----a-w C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2008-05-07 07:17:30 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-05-07 07:16:46 80,696 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2008-05-07 07:17:10 1,276,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-05-07 07:17:10 150,320 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-05-07 07:17:12 920,376 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2008-05-07 07:17:12 35,648 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-05-07 07:17:12 248,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-05-07 07:17:10 20,280 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-05-07 07:17:12 781,104 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-05-07 07:17:30 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-05-07 07:17:10 371,496 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-05-07 07:17:12 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-05-07 07:17:30 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-05-07 07:17:30 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-05-07 07:17:10 416,544 ----a-w C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-05-07 07:16:48 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2008-05-07 07:17:16 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2008-05-07 07:17:22 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2008-05-07 07:17:22 12,632 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-05-07 07:17:22 12,112 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2008-05-07 07:17:18 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2008-05-07 07:17:26 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2008-05-07 07:17:18 12,080 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-05-07 07:17:18 11,544 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2008-05-07 07:17:30 16,384 ----a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
- 2008-05-05 00:59:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 21:54:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-25 08:13:04 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 03:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
+ 2006-10-27 05:16:36 133,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 10:55:32 87,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 05:07:36 17,891,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 10:55:48 340,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 05:16:46 2,939,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-26 10:34:12 660,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 10:34:10 192,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-09-15 06:25:18 3,611,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 05:16:44 594,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 05:16:48 12,813,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 05:16:40 176,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-26 10:55:54 413,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-26 10:55:44 263,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 10:55:44 272,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-26 11:13:08 14,674,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 11:17:08 11,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2008-05-07 07:14:00 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-05-07 19:37:36 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-07 19:37:36 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-07 19:37:36 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-07 19:37:36 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-07 19:37:36 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-05-07 19:37:36 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-07 19:37:36 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-07 19:37:36 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2006-10-26 04:10:08 1,190,688 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2006-10-26 04:10:06 33,088 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2008-04-09 20:17:20 157,160 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-07 19:32:04 203,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2006-10-26 03:45:04 207,360 ----a-w C:\WINDOWS\system32\INKED.DLL
+ 2006-07-24 00:50:38 125,744 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
+ 2006-07-24 00:50:40 39,728 ----a-w C:\WINDOWS\system32\SCP32.DLL
+ 2006-07-24 00:50:40 47,920 ----a-w C:\WINDOWS\system32\VBAME.DLL
+ 2006-10-26 03:45:04 293,376 ----a-w C:\WINDOWS\system32\WISPTIS.EXE
+ 2006-10-26 03:40:34 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2006-10-26 03:40:36 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2006-10-26 03:40:36 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2006-10-26 03:40:36 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2006-10-26 03:40:36 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-10-26 03:40:36 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 03:40:36 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 03:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 03:40:36 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 03:40:36 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 03:40:36 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 03:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 03:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 03:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 03:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 03:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 03:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-16 18:26 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"RTHDCPL"="RTHDCPL.EXE" [2005-11-16 20:27 15600128 C:\WINDOWS\RTHDCPL.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 16:17 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 16:16 692315]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-18 04:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-18 04:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-18 04:10 114688]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 15:59 212992]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 20:39 471040]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"Desktop Service Centre"="C:\Program Files\OptusNet DSL Internet\DSC.exe" [2005-11-30 12:21 2919831]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"Super Screen Capture"="C:\Program Files\Zeallsoft\Super Screen Capture\SSCapture.exe" [2007-11-27 11:32 3026432]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 13:01 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-09 19:15 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 16:05:52 2297856]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 11:11:48 6395464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43954:TCP"= 43954:TCP:demonicangels.no-ip.biz
"43594:TCP"= 43594:TCP:...

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 17:53]

*Newly Created Service* - INT15.SYS
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 07:55:49
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\sccfg.sys 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RtlGina2.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Zeallsoft\Super Screen Capture\zHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGUPSVC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\PROGRAM FILES\LAUNCH MANAGER\QTZGACER.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\SYSTEM32\IGFXSRVC.EXE
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-05-11 8:02:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-10 22:02:00
ComboFix3.txt 2008-05-05 01:04:32
ComboFix2.txt 2008-05-05 03:41:08

Pre-Run: 8,124,645,376 bytes free
Post-Run: 8,185,249,792 bytes free

288 --- E O F --- 2008-05-07 19:37:36


Thanks again,

~Jake
  • 0

Advertisements


#26
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::
C:\WINDOWS\system32\ashes to ashes.wav
C:\WINDOWS\system32\Butterfly Fantasia.edm
C:\WINDOWS\system32\Butterfly Fantasia.scr
Folder::
C:\FOUND.010
C:\Program Files\FileSubmit

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far?
  • 0

#27
JakeManHelpMe

JakeManHelpMe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey man, very gracious for the amount of help you have put into this.


:) :)

anyway, the computer, as far as i'm concerned is running fine now, umm... my guardian (mum) said it is running slow/a bit slow.. but as for me, i don't agree... if anything its running normal/faster than ever (the internet i mean, and also the whole computer)

in other matters, here is the log that you asked for, and also, can you please post a link or something to the download of a good antivirus prgram for my pc? ill get rid of avg b4 i install 'cuz i know its not good to have two, only because avg won't update itself, how its always saying an error occured whenever i try and get it to update... so yeah, anything thats good and works will do.

Oh and also, that minor bug, with the grey coloured bar above search browser on the internet, and how it cuts the top corners off, yeah? well, it's basically gone now. It doesn't happen anymore. As far as i can tell there aren't any other bugs either which is good.


Here is the ComboFix Log that you requested.


COMBOFIX LOG:

ComboFix 08-05-12.1 - r 2008-05-13 15:53:55.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.119 [GMT 10:00]
Running from: C:\Documents and Settings\r\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\r\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\ashes to ashes.wav
C:\WINDOWS\system32\Butterfly Fantasia.edm
C:\WINDOWS\system32\Butterfly Fantasia.scr
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.010
C:\FOUND.010\FILE0000.CHK
C:\FOUND.010\FILE0001.CHK
C:\FOUND.010\FILE0002.CHK
C:\Program Files\FileSubmit
C:\Program Files\FileSubmit\fishtrouble1024wp\fishtrouble1024wp.zip
C:\WINDOWS\system32\ashes to ashes.wav
C:\WINDOWS\system32\Butterfly Fantasia.edm
C:\WINDOWS\system32\Butterfly Fantasia.scr

.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.

2008-05-13 12:42 . 2008-05-13 12:42 <DIR> d--hs---- C:\FOUND.011
2008-05-09 15:45 . 2008-05-09 15:45 <DIR> d-------- C:\Program Files\Panda Security
2008-05-07 17:17 . 2008-05-07 17:17 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-07 17:16 . 2008-05-07 17:16 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-07 17:14 . 2008-05-07 17:14 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-07 17:13 . 2008-05-07 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-07 17:12 . 2008-05-07 17:12 <DIR> dr-h----- C:\MSOCache
2008-05-06 16:16 . 2008-05-06 16:16 <DIR> d-------- C:\_OTMoveIt
2008-05-05 08:44 . 2008-05-05 08:45 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-05 08:44 . 2008-05-05 08:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-04 15:34 . 2008-05-04 15:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-04 14:32 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-04 14:32 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-04 14:32 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-04 14:32 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-04 14:32 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-04 14:32 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-04 14:32 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-04 14:32 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-04 14:32 . 2008-05-04 15:47 4,400 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-04 11:29 . 2008-05-04 11:29 <DIR> d-------- C:\Documents and Settings\r\Application Data\LimeWire
2008-04-28 21:28 . 2008-04-28 21:28 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-28 21:26 . 2008-04-28 21:26 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-28 15:47 . 2008-04-28 15:47 <DIR> d-------- C:\Program Files\High-Logic
2008-04-28 15:47 . 2008-04-28 15:47 <DIR> d-------- C:\Documents and Settings\r\Application Data\FontCreator
2008-04-28 15:47 . 2008-04-28 15:47 145 --a------ C:\WINDOWS\fcp5.cfg
2008-04-21 16:28 . 2008-04-21 16:28 <DIR> dr-h----- C:\$VAULT$.AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 09:16 --------- d-----w C:\Documents and Settings\r\Application Data\AVG7
2008-04-09 09:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-09 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-09 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-06 23:18 --------- d-----w C:\Program Files\Active GIF Creator 3.2
2008-04-03 06:14 --------- d-----w C:\Documents and Settings\r\Application Data\Hamachi
2008-04-03 06:13 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-03 06:13 --------- d-----w C:\Program Files\Hamachi
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 08:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot_2008-05-11_ 7.58.26.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-10 21:54:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 02:43:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-13 15:40 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"RTHDCPL"="RTHDCPL.EXE" [2005-11-16 20:27 15600128 C:\WINDOWS\RTHDCPL.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 16:17 102491]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 16:16 692315]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-18 04:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-18 04:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-18 04:10 114688]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 15:59 212992]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 20:39 471040]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"Desktop Service Centre"="C:\Program Files\OptusNet DSL Internet\DSC.exe" [2005-11-30 12:21 2919831]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"Super Screen Capture"="C:\Program Files\Zeallsoft\Super Screen Capture\SSCapture.exe" [2007-11-27 11:32 3026432]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 13:01 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-09 19:15 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 16:05:52 2297856]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 11:11:48 6395464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43954:TCP"= 43954:TCP:demonicangels.no-ip.biz
"43594:TCP"= 43594:TCP:...

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 17:53]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 15:56:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\sccfg.sys 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RtlGina2.dll
.
Completion time: 2008-05-13 15:59:46
ComboFix-quarantined-files.txt 2008-05-13 05:59:44
ComboFix4.txt 2008-05-05 01:04:32
ComboFix3.txt 2008-05-05 03:41:08
ComboFix2.txt 2008-05-10 22:02:10

Pre-Run: 7,978,401,792 bytes free
Post-Run: 8,075,902,976 bytes free

171 --- E O F --- 2008-05-07 19:37:36



Cheers :)

~Jake
  • 0

#28
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Jake, AVG should be able to update itself automatically. Maybe it was the malware giving it problems earlier? I used this antivirus program for years and only have good things to say about it :)

Uninstall AVG 7. There is a newer version of it (version 8) at http://free.grisoft.com if you want to get it. If you don't want to use AVG anymore, then give Avast Home Edition a try (Google for link). It's also free.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#29
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP