This topic is locked
Just wondering if anyone can help me.
I have some malware which has thrown my pc into a bit of trouble at the moment.
It shows up VIRUS ALERT! in the bottom righthand corner of my task bar, and comes up with the words VIRUS ALERT after everything where the date/time are used. ie at the end of my emails after the date I received them, or in folder where I change the list of files in there to detail.
I have downloaded and ran SUPERAntiSpyware, Malwarebytes' Anti-Malware, AVG (free edition), Spyware Doctor, and adaware, but its still coming up with this problem.
It also doesnt show my 'C Drive' when I open the My Computer icon.
When I ran Combo Fix, it no longer says VIRUS ALERT in my taskbar but the time is in military time and I wanted to see if there are any lingering virus's still.
Please help!
Thanks in advance!
Here is my Combo Fix Log:
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\ebvs.exe
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\Sys4.exe
C:\WINDOWS\Sys5.exe
C:\WINDOWS\system32\CJijQqss.ini
C:\WINDOWS\system32\CJijQqss.ini2
C:\WINDOWS\system32\cltuxgks.ini
C:\WINDOWS\system32\guhounrg.dll
C:\WINDOWS\system32\iweebekp.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pybhmeaj.dll
C:\WINDOWS\system32\rtqrwaog.ini
C:\WINDOWS\system32\tqtihsks.ini
C:\WINDOWS\system32\vnvtucgb.ini
.
((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
.
2008-07-15 14:07 . 2008-07-15 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-15 14:06 . 2008-07-15 14:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-15 14:06 . 2008-07-15 14:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-15 14:06 . 2008-07-15 14:06 <DIR> d-------- C:\Documents and Settings\Kevin Mickaelian\Application Data\SUPERAntiSpyware.com
2008-07-15 12:26 . 2008-07-15 12:26 <DIR> d-------- C:\Program Files\CCleaner
2008-07-10 22:56 . 2008-07-10 22:58 184 --a------ C:\WINDOWS\wininit.ini
2008-07-10 20:48 . 2008-07-10 01:33 24,064 --a------ C:\WINDOWS\Sys5F.exe
2008-07-10 20:48 . 2008-07-10 01:33 23,552 --a------ C:\WINDOWS\Sys60.exe
2008-07-10 20:48 . 2008-07-10 01:33 23,040 --a------ C:\WINDOWS\Sys61.exe
2008-07-02 19:13 . 2008-07-02 19:25 <DIR> d-------- C:\Holly-IS Work File
2008-06-28 13:31 . 2008-06-28 13:31 25,088 --a------ C:\Bidding Procedure 3.17.08.xls
2008-06-28 13:20 . 2008-06-28 13:20 17,920 --a------ C:\Job Handoff Meeting Agenda 5.13.08.xls
2008-06-28 13:16 . 2008-06-28 13:16 149,733 --a------ C:\Role description - Estimator 3.31.08.rtf
2008-06-28 13:04 . 2008-06-28 13:04 14,336 --a------ C:\Strategic planning follow-up meeting 6.26.08.xls
2008-06-28 13:04 . 2008-06-28 13:04 0 --a------ C:\WINDOWS\webica.ini
2008-06-23 18:08 . 2008-02-28 17:57 12,800 --a------ C:\WINDOWS\system32\EKDeviceServices.dll
2008-06-23 17:02 . 2008-02-15 06:03 335,872 --a------ C:\WINDOWS\system32\EKIJ5000MON.dll
2008-06-22 11:51 . 2008-06-22 11:51 <DIR> d-------- C:\Program Files\Intuit
2008-06-22 11:51 . 2008-06-22 11:51 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-06-22 11:51 . 1999-05-10 00:00 1,694,992 --a------ C:\WINDOWS\system32\vba6.dll
2008-06-22 11:51 . 1999-05-07 00:00 1,009,136 --a------ C:\WINDOWS\system32\Mschrt20.ocx
2008-06-22 11:51 . 2000-11-15 13:46 999,424 --a------ C:\WINDOWS\system32\SPR32X30.ocx
2008-06-22 11:51 . 2000-11-15 13:46 737,280 --a------ C:\WINDOWS\system32\spr32d30.dll
2008-06-22 11:51 . 2003-07-07 18:30 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-06-22 11:51 . 2002-09-20 08:45 339,968 --a------ C:\WINDOWS\system32\cdintf.dll
2008-06-22 11:51 . 1999-05-07 00:00 244,232 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-06-22 11:51 . 2000-12-06 13:02 209,608 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-06-22 11:51 . 2000-05-22 01:00 203,976 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-06-22 11:51 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\THREED32.OCX
2008-06-22 11:50 . 2008-06-22 11:52 <DIR> d-------- C:\WINDOWS\Intuit
2008-06-20 10:41 . 2008-06-20 10:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 03:44 . 2008-06-20 03:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-11 06:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-11 03:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-28 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\kds_kodak
2008-06-24 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
2008-06-23 23:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-06-22 18:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 18:52 --------- d-----w C:\Program Files\Common Files\Intuit
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 23:28 --------- d-----w C:\Documents and Settings\Kevin Mickaelian\Application Data\Apple Computer
2008-05-28 19:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-08 00:59 836 ----a-w C:\Documents and Settings\Kevin Mickaelian\Application Data\wklnhst.dat
2007-07-10 21:29 31,744 ----a-w C:\Program Files\km graphix.ve
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-11 18:48 4841472]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 12:17 53248]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-08-16 11:38 32881]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 03:36 135168]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 17:45 71280]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 12:35 70800]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 22:08 28672]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 01:52 380928]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 01:52 122880]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52 380928]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 03:00 99840]
"Tracker"="C:\Program Files\MySoftware\MyInvoices\tracker.exe" [2002-11-25 12:22 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-04-11 17:46 95960]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-03-13 20:47 6731312]
"EKIJ5000StatusMonitor"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 06:03 1052672]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 11:43 88363 C:\WINDOWS\AGRSMMSG.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
IEEE 802.11g USB Wireless LAN Utility.lnk - C:\Program Files\IEEE 802.11g USB Wireless LAN\Wireless LAN\WlanUtil.exe [2008-05-08 20:52:14 479232]
MySoftware NewsFlash.lnk - C:\Program Files\Common Files\MySoftware\Newsflsh.exe [2005-04-08 19:54:29 233472]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-06-22 11:51:55 724992]
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [2004-11-24 16:14:53 229376]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-04-07 19:55:29 217088]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"SENTINEL"= snti386.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VE LXi Expert 6\\Program\\App.exe"=
"C:\\Program Files\\IEEE 802.11g USB Wireless LAN\\Wireless LAN\\WlanUtil.exe"=
R2 KodakSvc;Kodak AiO Device Service;C:\Program Files\Kodak\printer\center\KodakSvc.exe [2008-02-28 17:57]
R2 Par1284;Par1284;C:\Program Files\VE LXi Expert 6\Program\Par1284.sys [2001-05-07 12:04]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-07-08 22:26]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-07-08 22:17]
S3 ZD1211BU(WLAN);IEEE 802.11g USB Wireless LAN(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{665a1dba-04ea-11dc-b350-0011d80010ed}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da747384-3e6d-11d9-9ff2-806d6172696f}]
\shell\AutoRun\command - R:\Autorun.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{2795888A-D593-46AB-A756-2ED3FBFDECE7} - (no file)
BHO-{5BF80E72-9D8F-47B0-9CC5-A951202037B2} - C:\WINDOWS\system32\ssqQjiJC.dll
BHO-{DE9494CD-A282-456F-8B7C-00CCD25FD69C} - (no file)
BHO-{F16BA8D7-3DA7-4C34-9CDD-FAF8E2218B0B} - (no file)
HKCU-Run-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe
HKCU-Run-Sys3.exe - C:\Windows\Sys3.exe
HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
HKLM-Run-Sys8.exe - C:\Windows\Sys8.exe
HKLM-Run-Sys9.exe - C:\Windows\Sys9.exe
HKLM-Run-5c7bb784 - C:\WINDOWS\system32\pkebeewi.dll
HKLM-Run-Sys2.exe - C:\Windows\Sys2.exe
HKLM-Run-Sys3.exe - C:\Windows\Sys3.exe
SSODL-fdxbameg-{72AC2ACB-4DF4-4155-A864-36FC55E9610C} - C:\WINDOWS\fdxbameg.dll
SSODL-fsrpknov-{19B620C1-C944-4DBC-948C-91605E1D7DD1} - C:\WINDOWS\fsrpknov.dll
Notify-pmnoNDUN - pmnoNDUN.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 15:12:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-15 15:15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-15 22:15:13
Pre-Run: 175,768,637,440 bytes free
Post-Run: 175,654,998,016 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
197 --- E O F --- 2008-07-10 16:41:20
Sign In
Create Account
