Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

infections [RESOLVED]


  • This topic is locked This topic is locked

#1
bigbilly

bigbilly

    Member

  • Member
  • PipPip
  • 44 posts
Hi my friend has asked me to check her computer but i have came to a dead end
there seems to be multiple infections on the system.
Any help would be appreciated.
it is running windows xp and nothing seems to be running
hear is my hijack log.
The computer keeps freezing as well
and running slow
with a lot of pop ups



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:13, on 04/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {5CE27BE5-F932-45C5-AD5E-C02AC761EB7E} - C:\WINDOWS\system32\jkkHXoLc.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\tcntpkdn.exe DWram
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [BM73e06116] Rundll32.exe "C:\WINDOWS\system32\cadmoath.dll",s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1209896448000
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcYqnOf - ddcYqnOf.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10708 bytes
right

Edited by bigbilly, 04 May 2008 - 10:05 AM.

  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
O2 - BHO: (no name) - {5CE27BE5-F932-45C5-AD5E-C02AC761EB7E} - C:\WINDOWS\system32\jkkHXoLc.dll (file missing)
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\tcntpkdn.exe DWram
O4 - HKLM\..\Run: [BM73e06116] Rundll32.exe "C:\WINDOWS\system32\cadmoath.dll",s
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O20 - Winlogon Notify: ddcYqnOf - ddcYqnOf.dll (file missing)


Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\tcntpkdn.exe
C:\WINDOWS\system32\cadmoath.dll


1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
bigbilly

bigbilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi greyknight 17

thanks for your help i could not find any of those two files you asked me to search for

C:\WINDOWS\system32\tcntpkdn.exe
C:\WINDOWS\system32\cadmoath.dll

here is my combofix log

ComboFix 08-05-01.3 - me 2008-05-05 12:02:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.110 [GMT 1:00]
Running from: D:\Documents and Settings\me\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-05 00:53 . 2008-05-05 00:53 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-04 16:32 . 2008-05-04 16:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-04 16:21 . 2008-05-04 16:24 4,260 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-04 16:20 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-04 16:20 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-04 16:20 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-04 16:20 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-04 16:20 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-04 16:20 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-04 16:20 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-04 16:20 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-04 16:07 . 2008-05-04 16:07 <DIR> d-------- C:\VundoFix Backups
2008-05-04 15:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-04 15:12 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-04 12:37 . 2008-05-05 12:04 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-04 12:30 . 2008-05-04 12:30 <DIR> d-------- D:\Documents and Settings\me\Application Data\Malwarebytes
2008-05-04 12:30 . 2008-05-04 12:30 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-04 12:30 . 2008-05-04 12:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 12:19 . 2008-05-05 10:33 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-04 12:19 . 2008-05-04 12:19 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-04 12:19 . 2008-05-04 12:19 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-04 12:19 . 2008-05-04 12:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-04 11:38 . 2008-05-04 11:38 <DIR> d-------- C:\Program Files\Panda Security
2008-05-04 11:36 . 2008-05-04 11:36 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-03 22:44 . 2008-05-04 12:18 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avg8
2008-05-03 22:38 . 2008-05-03 22:38 <DIR> d-------- C:\Program Files\CCleaner
2008-05-03 22:32 . 2008-05-05 11:45 <DIR> d-------- D:\Documents and Settings\me\Application Data\AVGTOOLBAR
2008-05-03 22:32 . 2008-05-03 22:32 <DIR> d-------- C:\Program Files\AVG
2008-05-03 20:48 . 2008-05-03 20:48 <DIR> d-------- D:\Documents and Settings\me\Application Data\SUPERAntiSpyware.com
2008-05-03 20:48 . 2008-05-03 20:48 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-03 20:48 . 2008-05-04 09:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-03 20:40 . 2008-05-03 20:40 <DIR> d--hs---- C:\TrustedAntivirus
2008-05-03 17:02 . 2008-05-03 17:02 1,280 --a------ D:\Documents and Settings\me\Application Data\update.log
2008-05-03 16:38 . 2008-05-03 16:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-03 16:38 . 2008-05-03 16:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-03 16:27 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-25 19:41 . 2008-04-25 19:41 26,752 --a------ C:\WINDOWS\system32\qoMdARLE.dll
2008-04-22 19:25 . 2008-04-22 19:25 <DIR> dr------- D:\Documents and Settings\All Users\Application Data\SalesMon
2008-04-21 22:04 . 2001-08-17 22:36 25,600 --a------ C:\WINDOWS\system32\dllcache\dc210_32.dll
2008-04-21 22:04 . 2001-08-17 22:36 25,600 --a------ C:\WINDOWS\system32\dc210_32.dll
2008-04-21 22:04 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-04-21 22:04 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2008-04-21 22:03 . 2001-08-17 22:36 80,896 --a------ C:\WINDOWS\system32\dllcache\dc210usd.dll
2008-04-21 22:03 . 2001-08-17 22:36 80,896 --a------ C:\WINDOWS\system32\dc210usd.dll
2008-04-14 22:16 . 2008-04-14 22:16 267 --a------ D:\Documents and Settings\me\9631.bat
2008-04-14 19:27 . 2008-04-14 19:27 89,070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe
2008-04-14 14:55 . 2008-04-14 14:55 13,942 --a------ C:\WINDOWS\system32\N90-002.ico
2008-04-14 08:26 . 2008-05-04 10:49 109,194 --a------ C:\WINDOWS\BM73e06116.xml
2008-04-14 07:24 . 2008-04-14 07:24 267 --a------ D:\Documents and Settings\me\6115.bat
2008-04-13 22:25 . 2008-04-13 22:25 267 --a------ D:\Documents and Settings\me\4059.bat
2008-04-13 22:10 . 2008-04-13 22:10 267 --a------ D:\Documents and Settings\me\2855.bat
2008-04-13 21:55 . 2008-04-13 21:55 267 --a------ D:\Documents and Settings\me\1500.bat
2008-04-13 21:40 . 2008-04-13 21:40 267 --a------ D:\Documents and Settings\me\6712.bat
2008-04-13 21:25 . 2008-04-13 21:25 267 --a------ D:\Documents and Settings\me\7297.bat
2008-04-13 21:10 . 2008-04-13 21:10 267 --a------ D:\Documents and Settings\me\7079.bat
2008-04-13 20:55 . 2008-04-13 20:55 267 --a------ D:\Documents and Settings\me\9204.bat
2008-04-13 20:40 . 2008-04-13 20:40 267 --a------ D:\Documents and Settings\me\1484.bat
2008-04-13 20:25 . 2008-04-13 20:25 267 --a------ D:\Documents and Settings\me\2441.bat
2008-04-13 20:10 . 2008-04-13 20:10 267 --a------ D:\Documents and Settings\me\1054.bat
2008-04-13 19:55 . 2008-04-13 19:55 267 --a------ D:\Documents and Settings\me\8836.bat
2008-04-13 19:40 . 2008-04-13 19:40 267 --a------ D:\Documents and Settings\me\4240.bat
2008-04-13 19:24 . 2008-04-13 19:24 267 --a------ D:\Documents and Settings\me\2292.bat
2008-04-13 19:09 . 2008-04-13 19:09 267 --a------ D:\Documents and Settings\me\1728.bat
2008-04-13 18:55 . 2008-04-13 18:55 400,597 --a------ C:\WINDOWS\system32\g0.exe
2008-04-13 18:55 . 2008-04-14 22:15 36,864 --a------ D:\Documents and Settings\me\winlogo.exe
2008-04-13 18:55 . 2008-04-13 18:55 267 --a------ D:\Documents and Settings\me\2559.bat
2008-04-13 14:26 . 2008-04-15 08:51 <DIR> d--hs---- C:\WINDOWS\bWU
2008-04-13 14:26 . 2008-04-13 14:26 298,302 --a------ C:\WINDOWS\system32\gside.exe
2008-04-13 14:26 . 2008-04-13 14:26 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-13 14:26 . 2008-05-03 18:54 63,918 --a------ C:\WINDOWS\system32\{b2276649-1ade-3653-b6c9-37df024a3c8f}.dll-uninst.exe
2008-04-13 14:26 . 2008-05-03 18:54 937 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-13 14:26 . 2008-04-13 14:26 267 --a------ C:\WINDOWS\system32\4813.bat
2008-04-13 14:25 . 2008-04-13 14:25 <DIR> d-------- C:\WINDOWS\system32\id3
2008-04-13 14:25 . 2008-05-03 20:40 <DIR> d-------- C:\WINDOWS\system32\gui4
2008-04-13 14:25 . 2008-05-04 14:48 <DIR> d-------- C:\WINDOWS\system32\ginp
2008-04-13 14:25 . 2008-05-04 10:44 <DIR> d-------- C:\WINDOWS\system32\bharebio05
2008-04-13 14:25 . 2008-04-15 08:49 <DIR> d-------- C:\WINDOWS\system32\ace2
2008-04-13 14:25 . 2008-04-13 14:25 <DIR> d-------- C:\Temp\wdlw14
2008-04-13 14:25 . 2008-05-05 11:22 <DIR> d-------- C:\Temp
2008-04-13 14:25 . 2008-04-13 14:25 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-04-13 14:25 . 2008-04-13 14:25 1,579 --a------ C:\f.exe
2008-04-13 14:25 . 2008-04-13 14:25 0 --a------ C:\WINDOWS\system32\taskkill.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 16:23 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-04 11:26 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 09:59 --------- d-----w C:\Program Files\Google
2008-05-03 21:46 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-05-03 21:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 20:07 --------- d-----w C:\Program Files\Yahoo!
2008-05-03 20:07 --------- d-----w C:\Program Files\DivX
2008-05-03 20:07 --------- d-----w C:\Program Files\Common Files\aolshare
2008-05-03 20:07 --------- d-----w C:\Program Files\AOL 9.0
2008-05-03 19:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 19:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-05-03 19:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-03 17:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kodak
2008-05-03 15:27 --------- d-----w C:\Program Files\Java
2008-04-28 20:34 5,872 ----a-w D:\Documents and Settings\me\Application Data\wklnhst.dat
2008-04-28 20:34 --------- d-----w C:\Program Files\Lx_cats
2008-04-17 10:39 25,214 ----a-w C:\Program Files\B.ico
2008-04-17 10:39 25,214 ----a-w C:\Program Files\A.ico
2008-04-07 14:09 --------- d-----w D:\Documents and Settings\me\Application Data\Yahoo!
2008-03-19 19:19 --------- d-----w C:\Program Files\Navman
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2006-12-14 19:51 0 ----a-w D:\Documents and Settings\me\Application Data\Install.dat
2006-11-02 08:21 557,056 ----a-w D:\Documents and Settings\me\chatlnk.exe
2003-06-20 03:05 49,776 -c--a-w C:\WINDOWS\inf\usbhub20.sys
2003-06-20 03:05 24,752 -c--a-w C:\WINDOWS\inf\hidclass.sys
2003-06-20 03:05 20,688 -c--a-w C:\WINDOWS\inf\usbd.sys
2003-06-20 03:05 19,728 -c--a-w C:\WINDOWS\inf\usbehci.sys
2003-06-20 03:05 138,288 -c--a-w C:\WINDOWS\inf\usbport.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-04 12:19 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-04 12:19 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-04 12:19 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 17:11 2478080]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-07 16:34 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 17:33 147456 C:\WINDOWS\system32\VTTrayp.exe]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-07 22:42 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-07 22:37 98304]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 12:03 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RegistryMechanic"="" []
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 20:27 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 09:19 20480]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40 380928]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-04 12:19 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^broadband medic.lnk]
backup=C:\WINDOWS\pss\broadband medic.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
backup=C:\WINDOWS\pss\BT Broadband Help.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"D:\\Documents and Settings\\me\\My Documents\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-04 12:19]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-04 12:19]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-04 12:19]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-04 12:19]
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 10:41]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 10:41]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys [2004-10-15 11:41]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-14 19:24]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 13:10]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 12:05:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-05 12:06:37
ComboFix-quarantined-files.txt 2008-05-05 11:06:34

Pre-Run: 20,631,785,472 bytes free
Post-Run: 20,587,417,600 bytes free

238 --- E O F --- 2008-05-04 23:53:14

Edited by bigbilly, 05 May 2008 - 05:12 AM.

  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::
D:\Documents and Settings\me\Application Data\update.log
C:\WINDOWS\system32\qoMdARLE.dll
D:\Documents and Settings\me\9631.bat
C:\WINDOWS\system32\myss_sb_uninstall.exe
C:\WINDOWS\system32\N90-002.ico
C:\WINDOWS\BM73e06116.xml
D:\Documents and Settings\me\6115.bat
D:\Documents and Settings\me\4059.bat
D:\Documents and Settings\me\2855.bat
D:\Documents and Settings\me\1500.bat
D:\Documents and Settings\me\6712.bat
D:\Documents and Settings\me\7297.bat
D:\Documents and Settings\me\7079.bat
D:\Documents and Settings\me\9204.bat
D:\Documents and Settings\me\1484.bat
D:\Documents and Settings\me\2441.bat
D:\Documents and Settings\me\1054.bat
D:\Documents and Settings\me\8836.bat
D:\Documents and Settings\me\4240.bat
D:\Documents and Settings\me\2292.bat
D:\Documents and Settings\me\1728.bat
D:\Documents and Settings\me\winlogo.exe
D:\Documents and Settings\me\2559.bat
C:\WINDOWS\system32\g0.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\{b2276649-1ade-3653-b6c9-37df024a3c8f}.dll-uninst.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\4813.bat
C:\WINDOWS\system32\vbzip10.dll
C:\f.exe
C:\WINDOWS\system32\taskkill.exe
C:\Program Files\B.ico
C:\Program Files\A.ico
Folder::
C:\TrustedAntivirus
D:\Documents and Settings\All Users\Application Data\SalesMon
C:\WINDOWS\bWU
C:\WINDOWS\system32\id3
C:\WINDOWS\system32\gui4
C:\WINDOWS\system32\ginp
C:\WINDOWS\system32\bharebio05
C:\WINDOWS\system32\ace2
C:\Temp\

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is it running so far?

Edited by greyknight17, 08 May 2008 - 08:31 PM.

  • 0

#5
bigbilly

bigbilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi greyknight 17

the computer is running a lot better than it was thanks here is the log that you asked for
i hope i have done it right thanks again.



ComboFix 08-05-01.3 - me 2008-05-06 17:10:53.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.135 [GMT 1:00]Running from: D:\Documents and Settings\me\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\me\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Temp\
C:\TrustedAntivirus
C:\WINDOWS\bWU
C:\WINDOWS\system32\ace2
C:\WINDOWS\system32\bharebio05
C:\WINDOWS\system32\ginp
C:\WINDOWS\system32\gui4
C:\WINDOWS\system32\id3
D:\Documents and Settings\All Users\Application Data\SalesMon
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\f.exe\
C:\Program Files\A.ico\
C:\Program Files\B.ico\
C:\WINDOWS\BM73e06116.xml\
C:\WINDOWS\system32\{b2276649-1ade-3653-b6c9-37df024a3c8f}.dll-uninst.exe\
C:\WINDOWS\system32\4813.bat\
C:\WINDOWS\system32\gside.exe\
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe\
C:\WINDOWS\system32\myss_sb_uninstall.exe\
C:\WINDOWS\system32\N90-002.ico\
C:\WINDOWS\system32\qoMdARLE.dll\
C:\WINDOWS\system32\taskkill.exe\
C:\WINDOWS\system32\vbzip10.dll\
C:\WINDOWS\system32\winpfz33.sys\
D:\Documents and Settings\me\1054.bat\
D:\Documents and Settings\me\1484.bat\
D:\Documents and Settings\me\1500.bat\
D:\Documents and Settings\me\1728.bat\
D:\Documents and Settings\me\2292.bat\
D:\Documents and Settings\me\2441.bat\
D:\Documents and Settings\me\2559.bat\
D:\Documents and Settings\me\2855.bat\
D:\Documents and Settings\me\4059.bat\
D:\Documents and Settings\me\4240.bat\
D:\Documents and Settings\me\6115.bat\
D:\Documents and Settings\me\6712.bat\
D:\Documents and Settings\me\7079.bat\
D:\Documents and Settings\me\7297.bat\
D:\Documents and Settings\me\8836.bat\
D:\Documents and Settings\me\9204.bat\
D:\Documents and Settings\me\9631.bat\
D:\Documents and Settings\me\Application Data\update.log\
D:\Documents and Settings\me\winlogo.exe\

.
((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

2008-05-05 18:40 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-05 18:39 . 2008-05-05 18:40 <DIR> d-------- C:\Program Files\Java
2008-05-05 18:37 . 2008-05-05 18:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-05 00:53 . 2008-05-05 00:53 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-04 16:32 . 2008-05-04 16:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-04 16:21 . 2008-05-04 16:24 4,260 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-04 16:20 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-04 16:20 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-04 16:20 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-04 16:20 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-04 16:20 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-04 16:20 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-04 16:20 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-04 16:20 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-04 16:07 . 2008-05-04 16:07 <DIR> d-------- C:\VundoFix Backups
2008-05-04 15:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-04 15:12 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-04 12:37 . 2008-05-05 13:35 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-04 12:30 . 2008-05-04 12:30 <DIR> d-------- D:\Documents and Settings\me\Application Data\Malwarebytes
2008-05-04 12:30 . 2008-05-04 12:30 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-04 12:30 . 2008-05-04 12:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 12:19 . 2008-05-06 17:00 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-04 12:19 . 2008-05-04 12:19 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-04 12:19 . 2008-05-04 12:19 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-04 12:19 . 2008-05-04 12:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-04 11:38 . 2008-05-04 11:38 <DIR> d-------- C:\Program Files\Panda Security
2008-05-04 11:36 . 2008-05-04 11:36 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-03 22:44 . 2008-05-04 12:18 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avg8
2008-05-03 22:38 . 2008-05-03 22:38 <DIR> d-------- C:\Program Files\CCleaner
2008-05-03 22:32 . 2008-05-05 11:45 <DIR> d-------- D:\Documents and Settings\me\Application Data\AVGTOOLBAR
2008-05-03 22:32 . 2008-05-03 22:32 <DIR> d-------- C:\Program Files\AVG
2008-05-03 20:48 . 2008-05-03 20:48 <DIR> d-------- D:\Documents and Settings\me\Application Data\SUPERAntiSpyware.com
2008-05-03 20:48 . 2008-05-03 20:48 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-03 20:48 . 2008-05-04 09:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-03 20:40 . 2008-05-03 20:40 <DIR> d--hs---- C:\TrustedAntivirus
2008-05-03 17:02 . 2008-05-03 17:02 1,280 --a------ D:\Documents and Settings\me\Application Data\update.log
2008-05-03 16:38 . 2008-05-03 16:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-03 16:38 . 2008-05-03 16:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-25 19:41 . 2008-04-25 19:41 26,752 --a------ C:\WINDOWS\system32\qoMdARLE.dll
2008-04-22 19:25 . 2008-04-22 19:25 <DIR> dr------- D:\Documents and Settings\All Users\Application Data\SalesMon
2008-04-21 22:04 . 2001-08-17 22:36 25,600 --a------ C:\WINDOWS\system32\dllcache\dc210_32.dll
2008-04-21 22:04 . 2001-08-17 22:36 25,600 --a------ C:\WINDOWS\system32\dc210_32.dll
2008-04-21 22:04 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-04-21 22:04 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2008-04-21 22:03 . 2001-08-17 22:36 80,896 --a------ C:\WINDOWS\system32\dllcache\dc210usd.dll
2008-04-21 22:03 . 2001-08-17 22:36 80,896 --a------ C:\WINDOWS\system32\dc210usd.dll
2008-04-14 22:16 . 2008-04-14 22:16 267 --a------ D:\Documents and Settings\me\9631.bat
2008-04-14 19:27 . 2008-04-14 19:27 89,070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe
2008-04-14 14:55 . 2008-04-14 14:55 13,942 --a------ C:\WINDOWS\system32\N90-002.ico
2008-04-14 08:26 . 2008-05-04 10:49 109,194 --a------ C:\WINDOWS\BM73e06116.xml
2008-04-14 07:24 . 2008-04-14 07:24 267 --a------ D:\Documents and Settings\me\6115.bat
2008-04-13 22:25 . 2008-04-13 22:25 267 --a------ D:\Documents and Settings\me\4059.bat
2008-04-13 22:10 . 2008-04-13 22:10 267 --a------ D:\Documents and Settings\me\2855.bat
2008-04-13 21:55 . 2008-04-13 21:55 267 --a------ D:\Documents and Settings\me\1500.bat
2008-04-13 21:40 . 2008-04-13 21:40 267 --a------ D:\Documents and Settings\me\6712.bat
2008-04-13 21:25 . 2008-04-13 21:25 267 --a------ D:\Documents and Settings\me\7297.bat
2008-04-13 21:10 . 2008-04-13 21:10 267 --a------ D:\Documents and Settings\me\7079.bat
2008-04-13 20:55 . 2008-04-13 20:55 267 --a------ D:\Documents and Settings\me\9204.bat
2008-04-13 20:40 . 2008-04-13 20:40 267 --a------ D:\Documents and Settings\me\1484.bat
2008-04-13 20:25 . 2008-04-13 20:25 267 --a------ D:\Documents and Settings\me\2441.bat
2008-04-13 20:10 . 2008-04-13 20:10 267 --a------ D:\Documents and Settings\me\1054.bat
2008-04-13 19:55 . 2008-04-13 19:55 267 --a------ D:\Documents and Settings\me\8836.bat
2008-04-13 19:40 . 2008-04-13 19:40 267 --a------ D:\Documents and Settings\me\4240.bat
2008-04-13 19:24 . 2008-04-13 19:24 267 --a------ D:\Documents and Settings\me\2292.bat
2008-04-13 19:09 . 2008-04-13 19:09 267 --a------ D:\Documents and Settings\me\1728.bat
2008-04-13 18:55 . 2008-04-14 22:15 36,864 --a------ D:\Documents and Settings\me\winlogo.exe
2008-04-13 18:55 . 2008-04-13 18:55 267 --a------ D:\Documents and Settings\me\2559.bat
2008-04-13 14:26 . 2008-04-15 08:51 <DIR> d--hs---- C:\WINDOWS\bWU
2008-04-13 14:26 . 2008-04-13 14:26 298,302 --a------ C:\WINDOWS\system32\gside.exe
2008-04-13 14:26 . 2008-04-13 14:26 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-13 14:26 . 2008-05-03 18:54 63,918 --a------ C:\WINDOWS\system32\{b2276649-1ade-3653-b6c9-37df024a3c8f}.dll-uninst.exe
2008-04-13 14:26 . 2008-05-03 18:54 937 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-13 14:26 . 2008-04-13 14:26 267 --a------ C:\WINDOWS\system32\4813.bat
2008-04-13 14:25 . 2008-05-05 13:35 <DIR> d-------- C:\WINDOWS\system32\id3
2008-04-13 14:25 . 2008-05-03 20:40 <DIR> d-------- C:\WINDOWS\system32\gui4
2008-04-13 14:25 . 2008-05-04 14:48 <DIR> d-------- C:\WINDOWS\system32\ginp
2008-04-13 14:25 . 2008-05-04 10:44 <DIR> d-------- C:\WINDOWS\system32\bharebio05
2008-04-13 14:25 . 2008-04-15 08:49 <DIR> d-------- C:\WINDOWS\system32\ace2
2008-04-13 14:25 . 2008-04-13 14:25 <DIR> d-------- C:\Temp\wdlw14
2008-04-13 14:25 . 2008-05-05 11:22 <DIR> d-------- C:\Temp
2008-04-13 14:25 . 2008-04-13 14:25 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-04-13 14:25 . 2008-04-13 14:25 1,579 --a------ C:\f.exe
2008-04-13 14:25 . 2008-04-13 14:25 0 --a------ C:\WINDOWS\system32\taskkill.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 17:16 5,872 ----a-w D:\Documents and Settings\me\Application Data\wklnhst.dat
2008-05-04 16:23 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-04 11:26 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 09:59 --------- d-----w C:\Program Files\Google
2008-05-03 21:46 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-05-03 21:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 20:07 --------- d-----w C:\Program Files\Yahoo!
2008-05-03 20:07 --------- d-----w C:\Program Files\DivX
2008-05-03 20:07 --------- d-----w C:\Program Files\Common Files\aolshare
2008-05-03 20:07 --------- d-----w C:\Program Files\AOL 9.0
2008-05-03 19:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 19:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-05-03 19:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-03 17:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kodak
2008-04-28 20:34 --------- d-----w C:\Program Files\Lx_cats
2008-04-17 10:39 25,214 ----a-w C:\Program Files\B.ico
2008-04-17 10:39 25,214 ----a-w C:\Program Files\A.ico
2008-04-07 14:09 --------- d-----w D:\Documents and Settings\me\Application Data\Yahoo!
2008-03-19 19:19 --------- d-----w C:\Program Files\Navman
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2006-12-14 19:51 0 ----a-w D:\Documents and Settings\me\Application Data\Install.dat
2006-11-02 08:21 557,056 ----a-w D:\Documents and Settings\me\chatlnk.exe
2003-06-20 03:05 49,776 -c--a-w C:\WINDOWS\inf\usbhub20.sys
2003-06-20 03:05 24,752 -c--a-w C:\WINDOWS\inf\hidclass.sys
2003-06-20 03:05 20,688 -c--a-w C:\WINDOWS\inf\usbd.sys
2003-06-20 03:05 19,728 -c--a-w C:\WINDOWS\inf\usbehci.sys
2003-06-20 03:05 138,288 -c--a-w C:\WINDOWS\inf\usbport.sys
.

((((((((((((((((((((((((((((( [email protected]_11.29.21.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 10:25:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-06 15:58:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-10 08:42:23 356,952 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-06 15:57:56 358,544 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-04 12:19 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-04 12:19 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-04 12:19 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 17:11 2478080]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-07 16:34 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 17:33 147456 C:\WINDOWS\system32\VTTrayp.exe]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-07 22:42 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-07 22:37 98304]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 12:03 57344]
"RegistryMechanic"="" []
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 20:27 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 09:19 20480]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40 380928]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-04 12:19 1177368]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^broadband medic.lnk]
backup=C:\WINDOWS\pss\broadband medic.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
backup=C:\WINDOWS\pss\BT Broadband Help.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"D:\\Documents and Settings\\me\\My Documents\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-04 12:19]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-04 12:19]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-04 12:19]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-04 12:19]
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 10:41]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 10:41]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys [2004-10-15 11:41]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-14 19:24]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 13:10]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 17:12:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-06 17:13:50
ComboFix-quarantined-files.txt 2008-05-06 16:13:47
ComboFix2.txt 2008-05-05 11:06:38

Pre-Run: 22,211,731,456 bytes free
Post-Run: 22,198,837,248 bytes free

294 --- E O F --- 2008-05-04 23:53:14

Edited by bigbilly, 06 May 2008 - 10:24 AM.

  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I'm sorry about that....I made a mistake on my last post. Don't know where my head was when I posted that. Please go back and repeat the instructions again. Copy and paste the new lines there (I edited my post). Post the new log here when ready.
  • 0

#7
bigbilly

bigbilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi here is the log you asked for i hope i have done it right
if not you can let me know and i will try again.



ComboFix 08-05-01.3 - me 2008-05-09 15:28:55.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.118 [GMT 1:00]Running from: D:\Documents and Settings\me\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\me\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\f.exe
C:\Program Files\A.ico
C:\Program Files\B.ico
C:\WINDOWS\BM73e06116.xml
C:\WINDOWS\system32\{b2276649-1ade-3653-b6c9-37df024a3c8f}.dll-uninst.exe
C:\WINDOWS\system32\4813.bat
C:\WINDOWS\system32\g0.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\myss_sb_uninstall.exe
C:\WINDOWS\system32\N90-002.ico
C:\WINDOWS\system32\qoMdARLE.dll
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\winpfz33.sys
D:\Documents and Settings\me\1054.bat
D:\Documents and Settings\me\1484.bat
D:\Documents and Settings\me\1500.bat
D:\Documents and Settings\me\1728.bat
D:\Documents and Settings\me\2292.bat
D:\Documents and Settings\me\2441.bat
D:\Documents and Settings\me\2559.bat
D:\Documents and Settings\me\2855.bat
D:\Documents and Settings\me\4059.bat
D:\Documents and Settings\me\4240.bat
D:\Documents and Settings\me\6115.bat
D:\Documents and Settings\me\6712.bat
D:\Documents and Settings\me\7079.bat
D:\Documents and Settings\me\7297.bat
D:\Documents and Settings\me\8836.bat
D:\Documents and Settings\me\9204.bat
D:\Documents and Settings\me\9631.bat
D:\Documents and Settings\me\Application Data\update.log
D:\Documents and Settings\me\winlogo.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\f.exe
C:\Program Files\A.ico
C:\Program Files\B.ico
C:\Temp\
C:\Temp\\wdlw14\maxN1bo.log
C:\TrustedAntivirus
C:\WINDOWS\BM73e06116.xml
C:\WINDOWS\bWU
C:\WINDOWS\system32\{b2276649-1ade-3653-b6c9-37df024a3c8f}.dll-uninst.exe
C:\WINDOWS\system32\4813.bat
C:\WINDOWS\system32\ace2
C:\WINDOWS\system32\bharebio05
C:\WINDOWS\system32\ginp
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\gui4
C:\WINDOWS\system32\id3
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\myss_sb_uninstall.exe
C:\WINDOWS\system32\N90-002.ico
C:\WINDOWS\system32\qoMdARLE.dll
C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\winpfz33.sys
D:\Documents and Settings\All Users\Application Data\SalesMon
D:\Documents and Settings\me\1054.bat
D:\Documents and Settings\me\1484.bat
D:\Documents and Settings\me\1500.bat
D:\Documents and Settings\me\1728.bat
D:\Documents and Settings\me\2292.bat
D:\Documents and Settings\me\2441.bat
D:\Documents and Settings\me\2559.bat
D:\Documents and Settings\me\2855.bat
D:\Documents and Settings\me\4059.bat
D:\Documents and Settings\me\4240.bat
D:\Documents and Settings\me\6115.bat
D:\Documents and Settings\me\6712.bat
D:\Documents and Settings\me\7079.bat
D:\Documents and Settings\me\7297.bat
D:\Documents and Settings\me\8836.bat
D:\Documents and Settings\me\9204.bat
D:\Documents and Settings\me\9631.bat
D:\Documents and Settings\me\Application Data\install.dat
D:\Documents and Settings\me\Application Data\update.log
D:\Documents and Settings\me\ResErrors.log
D:\Documents and Settings\me\winlogo.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-05 18:40 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-05 18:39 . 2008-05-05 18:40 <DIR> d-------- C:\Program Files\Java
2008-05-05 18:37 . 2008-05-05 18:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-05 00:53 . 2008-05-05 00:53 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-04 16:32 . 2008-05-04 16:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-04 16:21 . 2008-05-04 16:24 4,260 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-04 16:20 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-04 16:20 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-04 16:20 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-04 16:20 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-04 16:20 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-04 16:20 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-04 16:20 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-04 16:20 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-04 16:07 . 2008-05-04 16:07 <DIR> d-------- C:\VundoFix Backups
2008-05-04 15:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-04 15:12 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-04 12:37 . 2008-05-05 13:35 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-04 12:30 . 2008-05-04 12:30 <DIR> d-------- D:\Documents and Settings\me\Application Data\Malwarebytes
2008-05-04 12:30 . 2008-05-04 12:30 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-04 12:30 . 2008-05-04 12:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 12:19 . 2008-05-09 15:04 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-04 12:19 . 2008-05-04 12:19 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-04 12:19 . 2008-05-04 12:19 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-04 12:19 . 2008-05-04 12:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-04 11:38 . 2008-05-04 11:38 <DIR> d-------- C:\Program Files\Panda Security
2008-05-04 11:36 . 2008-05-04 11:36 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-03 22:44 . 2008-05-04 12:18 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avg8
2008-05-03 22:38 . 2008-05-03 22:38 <DIR> d-------- C:\Program Files\CCleaner
2008-05-03 22:32 . 2008-05-05 11:45 <DIR> d-------- D:\Documents and Settings\me\Application Data\AVGTOOLBAR
2008-05-03 22:32 . 2008-05-03 22:32 <DIR> d-------- C:\Program Files\AVG
2008-05-03 20:48 . 2008-05-03 20:48 <DIR> d-------- D:\Documents and Settings\me\Application Data\SUPERAntiSpyware.com
2008-05-03 20:48 . 2008-05-03 20:48 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-03 20:48 . 2008-05-04 09:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-03 16:38 . 2008-05-03 16:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-03 16:38 . 2008-05-03 16:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-21 22:04 . 2001-08-17 22:36 25,600 --a------ C:\WINDOWS\system32\dllcache\dc210_32.dll
2008-04-21 22:04 . 2001-08-17 22:36 25,600 --a------ C:\WINDOWS\system32\dc210_32.dll
2008-04-21 22:04 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-04-21 22:04 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2008-04-21 22:03 . 2001-08-17 22:36 80,896 --a------ C:\WINDOWS\system32\dllcache\dc210usd.dll
2008-04-21 22:03 . 2001-08-17 22:36 80,896 --a------ C:\WINDOWS\system32\dc210usd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 20:23 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-05 17:16 5,872 ----a-w D:\Documents and Settings\me\Application Data\wklnhst.dat
2008-05-04 11:26 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 09:59 --------- d-----w C:\Program Files\Google
2008-05-03 21:46 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-05-03 21:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 20:07 --------- d-----w C:\Program Files\Yahoo!
2008-05-03 20:07 --------- d-----w C:\Program Files\DivX
2008-05-03 20:07 --------- d-----w C:\Program Files\Common Files\aolshare
2008-05-03 20:07 --------- d-----w C:\Program Files\AOL 9.0
2008-05-03 19:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 19:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-05-03 19:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-03 17:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kodak
2008-04-28 20:34 --------- d-----w C:\Program Files\Lx_cats
2008-04-07 14:09 --------- d-----w D:\Documents and Settings\me\Application Data\Yahoo!
2008-03-19 19:19 --------- d-----w C:\Program Files\Navman
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2006-11-02 08:21 557,056 ----a-w D:\Documents and Settings\me\chatlnk.exe
2003-06-20 03:05 49,776 -c--a-w C:\WINDOWS\inf\usbhub20.sys
2003-06-20 03:05 24,752 -c--a-w C:\WINDOWS\inf\hidclass.sys
2003-06-20 03:05 20,688 -c--a-w C:\WINDOWS\inf\usbd.sys
2003-06-20 03:05 19,728 -c--a-w C:\WINDOWS\inf\usbehci.sys
2003-06-20 03:05 138,288 -c--a-w C:\WINDOWS\inf\usbport.sys
.

((((((((((((((((((((((((((((( [email protected]_11.29.21.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 10:25:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 14:01:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-10 08:42:23 356,952 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-06 15:57:56 358,544 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-04 12:19 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-04 12:19 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-04 12:19 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 17:11 2478080]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-07 16:34 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 17:33 147456 C:\WINDOWS\system32\VTTrayp.exe]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-07 22:42 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-07 22:37 98304]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 12:03 57344]
"RegistryMechanic"="" []
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 20:27 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 09:19 20480]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40 380928]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-04 12:19 1177368]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^broadband medic.lnk]
backup=C:\WINDOWS\pss\broadband medic.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
backup=C:\WINDOWS\pss\BT Broadband Help.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"D:\\Documents and Settings\\me\\My Documents\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-04 12:19]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-04 12:19]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-04 12:19]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-04 12:19]
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 10:41]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 10:41]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys [2004-10-15 11:41]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-14 19:24]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 13:10]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 15:30:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-09 15:31:53
ComboFix-quarantined-files.txt 2008-05-09 14:31:50
ComboFix2.txt 2008-05-06 16:13:51
ComboFix3.txt 2008-05-05 11:06:38

Pre-Run: 22,148,747,264 bytes free
Post-Run: 22,133,776,384 bytes free

287 --- E O F --- 2008-05-04 23:53:14
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#9
bigbilly

bigbilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
hi greyknight

just to say thanks and keep up the good work
your help was much appreciated.
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP