Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hello I got The Virus Alert!!! in my taskbar. It also shows up in IM windows and In firefox on the download windows.. I have went through using steps listed on another post and am currently running Malwarebyte's on a full scan. When I get that finished I will post the highjack this log for someone to look at. Thanks for any help
ok I have run and cleaned as much as I can and i'm still have problems. Here is the Malware log
Malwarebytes' Anti-Malware 1.25
Database version: 1096
Windows 5.1.2600 Service Pack 311:13:40 PM 8/29/2008
mbam-log-08-29-2008 (23-13-40).txtScan type: Full Scan (C:\|)
Objects scanned: 300663
Time elapsed: 1 hour(s), 26 minute(s), 12 second(s)Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1Memory Processes Infected:
(No malicious items detected)Memory Modules Infected:
(No malicious items detected)Registry Keys Infected:
(No malicious items detected)Registry Values Infected:
(No malicious items detected)Registry Data Items Infected:
(No malicious items detected)Folders Infected:
(No malicious items detected)Files Infected:
C:\System Volume Information\_restore{D9857BDA-CE26-4F57-AF3E-DAEC14767C8F}\RP124\A0159049.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.I will post the other on another reply
0 
I have now ran the hijack log here it is
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27: VIRUS ALERT!, on 8/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\system32\CTHELPER.exe
C:\WINDOWS\system32\CTXFIHLP.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2771] command /c del "C:\WINDOWS\pdoskegl.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8425] cmd /c del "C:\WINDOWS\pdoskegl.dll_old"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/c...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/g...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pl...
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe--
End of file - 9248 bytes
thats all of it. Thank you again for taking the time to look over this
0
Run Hijack this, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":
O4 - HKCU\..\RunOnce: [SpybotDeletingB2771] command /c del "C:\WINDOWS\pdoskegl.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8425] cmd /c del "C:\WINDOWS\pdoskegl.dll_old"O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
Exit Hijack This
Please download SmitFraudFix from this link:
You will get a warning from your antivirus when you download this program, just ignore it.
Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky and other antivirus programs) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
0
ok here is the log from the smitfraudfix
SmitFraudFix v2.342
Scan done at 7:22:45.09, Sat 08/30/2008
Run from C:\Documents and Settings\David\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\system32\CTHELPER.exe
C:\WINDOWS\system32\CTXFIHLP.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe»»»»»»»»»»»»»»»»»»»»»»»» hosts
hosts file corrupted !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\David\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!VACFix
Credits: Malware Analysis & Diagnostic
0
Please download ComboFix to the desktop from one of the following links:
Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.In your case do the following to run Combofix:
1. Go offline and turn off your Avast antivirus and spybot.
2. Run Combofix and save its log.
3.Restart the computer to get your antivirus running but dont restart Spybot until your computer is clean.
4. Post the Combofix log.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.
0
ok just finished running the comboFIX program. did a restart and no more virus alert all over everything. here is my log from combofix
ComboFix 08-08-29.02 - David 2008-08-30 8:12:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2701 [GMT -5:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
* Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\FJ53RL85\bin.clearspring.com
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\FJ53RL85\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\FJ53RL85\interclick.com
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\FJ53RL85\interclick.com\ud.sol
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))
.2008-08-30 07:22 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-30 07:22 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-30 07:22 . 2008-08-26 20:19 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-30 07:22 . 2008-08-27 15:17 87,040 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-30 07:22 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-30 07:22 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-30 07:22 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-30 07:22 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-30 07:22 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-30 07:22 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-30 07:22 . 2008-08-30 07:22 3,404 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-29 20:55 . 2008-08-29 20:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-29 20:50 . 2008-08-29 20:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 20:50 . 2008-08-29 20:50 <DIR> d-------- C:\Documents and Settings\David\Application Data\Malwarebytes
2008-08-29 20:50 . 2008-08-29 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-29 20:50 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 20:50 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 20:01 . 2008-08-29 20:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-29 20:01 . 2008-08-29 20:01 <DIR> d-------- C:\Documents and Settings\David\Application Data\SUPERAntiSpyware.com
2008-08-29 20:01 . 2008-08-29 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-29 08:48 . 2008-08-29 08:48 135 --a------ C:\WINDOWS\wininit.ini
2008-08-29 08:47 . 2008-08-29 08:47 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-29 08:27 . 2008-08-29 08:27 <DIR> d-------- C:\Program Files\iPod
2008-08-29 08:21 . 2008-08-29 08:21 <DIR> d-------- C:\temp
2008-08-28 23:49 . 2008-08-28 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Media Center Programs
2008-08-28 23:44 . 2008-08-28 23:44 <DIR> d-------- C:\Documents and Settings\David\Application Data\InstallShield
2008-08-26 20:33 . 2008-08-26 20:33 <DIR> d-------- C:\Program Files\3DGroove
2008-08-25 07:54 . 2008-08-25 08:10 <DIR> d-------- C:\Capitalism II
2008-08-16 10:14 . 2008-08-16 10:14 268 --ah----- C:\sqmdata00.sqm
2008-08-16 10:14 . 2008-08-16 10:14 244 --ah----- C:\sqmnoopt00.sqm
2008-08-16 05:49 . 2008-08-16 23:47 <DIR> d-------- C:\Program Files\Anno 1701
2008-08-15 22:06 . 2008-08-16 22:46 <DIR> d-------- C:\Documents and Settings\David\Contacts
2008-08-15 22:05 . 2008-08-15 22:05 <DIR> d-------- C:\Program Files\MSN Messenger
2008-08-14 11:03 . 2008-08-14 11:03 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-08-14 11:03 . 2008-08-29 20:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-14 11:03 . 2008-08-14 11:03 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-08-14 10:52 . 2008-08-14 10:52 <DIR> d-------- C:\Program Files\Sony
2008-08-14 10:52 . 2008-08-14 10:52 <DIR> d-------- C:\Program Files\Flying Lab Software
2008-08-14 10:28 . 2008-08-14 10:28 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-14 10:28 . 2008-08-14 10:28 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-14 09:51 . 2008-08-14 16:52 <DIR> d-------- C:\Program Files\The Witcher
2008-08-12 21:04 . 2008-08-12 21:04 <DIR> d-------- C:\Program Files\Electronic Arts
2008-08-12 21:03 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-08-12 21:03 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-08-12 21:03 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-08-12 21:03 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-08-12 21:03 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-08-12 21:03 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-08-12 21:03 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-08-12 04:34 . 2008-08-13 13:05 <DIR> d-------- C:\Program Files\Auslogics
2008-08-12 04:34 . 2008-08-12 04:34 <DIR> d-------- C:\Documents and Settings\David\Application Data\Auslogics
2008-08-11 19:46 . 2008-08-11 19:46 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-08-08 18:21 . 2008-08-08 18:21 <DIR> d-------- C:\Program Files\FSForce 2.0
2008-08-08 18:21 . 2008-08-08 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FS Force
2008-08-08 18:05 . 2008-08-08 18:48 <DIR> d-------- C:\Program Files\Logitech
2008-08-08 18:05 . 2008-08-08 18:48 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-08-08 18:05 . 2008-01-24 15:08 233,992 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2008-08-08 18:05 . 2008-01-24 15:09 48,904 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-08-08 18:05 . 2008-01-24 15:09 28,168 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-08-08 18:05 . 2008-01-24 15:08 19,336 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-08-08 18:05 . 2008-01-24 15:09 14,728 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-08-08 13:41 . 2008-08-08 13:42 <DIR> d-------- C:\Python25
2008-08-08 12:57 . 2008-08-08 12:57 <DIR> d-------- C:\Documents and Settings\David\.idlerc
2008-08-08 08:44 . 2008-08-08 08:44 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-08-08 08:16 . 2008-08-28 23:46 <DIR> d-------- C:\Program Files\SEGA
2008-08-06 22:35 . 2008-08-06 22:35 <DIR> d-------- C:\Program Files\Red Kawa
2008-08-06 18:42 . 2008-08-06 19:32 152 --a------ C:\X-Plane Installer.prf
2008-08-06 17:53 . 2008-08-06 17:53 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-08-06 17:49 . 2008-08-22 09:54 <DIR> d-------- C:\X-Plane 9
2008-08-06 09:19 . 2008-08-06 09:19 <DIR> d-------- C:\Program Files\Virtools
2008-08-06 09:19 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-08-03 22:11 . 2008-08-03 22:11 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2008-08-03 22:11 . 2008-08-03 22:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-08-03 22:10 . 2008-08-03 22:10 <DIR> d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2008-08-03 22:03 . 2008-04-13 19:12 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-08-03 22:03 . 2008-04-13 19:12 91,136 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-08-03 22:03 . 2008-04-13 19:12 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-08-03 22:03 . 2008-04-13 19:12 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-08-03 22:03 . 2008-04-13 19:12 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-08-03 22:03 . 2008-04-13 19:12 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-08-03 22:03 . 2008-04-13 19:12 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-08-03 22:03 . 2008-04-13 19:12 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-08-03 22:03 . 2008-04-13 19:12 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
2008-08-03 22:03 . 2008-04-13 19:12 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2008-08-03 07:43 . 2008-08-03 07:43 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-03 07:43 . 2008-08-03 07:43 <DIR> d-------- C:\WINDOWS\Logs
2008-07-31 10:45 . 2008-07-31 10:45 <DIR> d-------- C:\Program Files\FSMap
2008-07-31 10:45 . 2008-07-31 10:45 <DIR> d-------- C:\Program Files\Common Files\Thomas Molitor EDV Service
2008-07-31 10:45 . 2008-07-31 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FSMap
2008-07-30 17:11 . 2008-08-16 17:34 <DIR> d-------- C:\GEX-Backup
2008-07-30 17:02 . 2008-07-30 17:17 <DIR> d-------- C:\Program Files\Ground Environment X
2008-07-30 17:02 . 2008-07-30 17:10 439,854 --a------ C:\Program Files\UnGEXUSACAN.exe
2008-07-29 21:32 . 2008-07-29 21:32 <DIR> d-------- C:\FPA
2008-07-25 23:35 . 2008-07-25 23:36 <DIR> d-------- C:\Program Files\Google
2008-07-14 22:52 . 2008-07-14 22:52 <DIR> d-------- C:\ATI
2008-07-13 15:17 . 2008-07-13 15:17 <DIR> d-------- C:\Program Files\Atari
2008-07-13 14:18 . 2008-07-13 14:18 <DIR> d-------- C:\Program Files\MagicISO
2008-07-13 13:45 . 2008-07-13 13:45 <DIR> d-------- C:\Program Files\MagicDisc
2008-07-13 13:45 . 2008-05-27 12:11 96,896 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-07-13 13:37 . 2008-08-08 08:24 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-13 13:35 . 2008-07-13 13:35 <DIR> d-------- C:\Documents and Settings\David\Application Data\Leadertech
2008-07-13 13:04 . 2008-07-13 13:04 <DIR> d-------- C:\NeverwinterNights
2008-07-11 14:51 . 2008-08-30 08:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-11 00:47 . 2008-08-29 08:20 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-09 15:15 . 2008-07-09 15:15 61 ---hs---- C:\WINDOWS\cnerolf.bin
2008-07-09 08:13 . 2008-07-09 08:13 <DIR> d-------- C:\Documents and Settings\David\Application Data\Move Networks
2008-07-09 00:58 . 2008-07-27 10:45 <DIR> d-------- C:\Program Files\SnapShooter 2007
2008-07-09 00:28 . 2008-07-09 00:28 61 ---hs---- C:\WINDOWS\cnerolf.dat
2008-07-09 00:26 . 2008-07-09 00:26 <DIR> d-------- C:\Program Files\Ken Salter
2008-07-08 15:30 . 2008-07-14 14:01 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-08 13:52 . 2008-07-08 13:52 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-08 13:50 . 2008-07-08 13:50 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-08 12:57 . 2008-07-08 12:57 <DIR> d-------- C:\Program Files\Flight1 Downloader
2008-07-08 12:40 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-07 09:57 . 2008-07-07 09:57 <DIR> d-------- C:\Program Files\Flight One Software
2008-07-07 09:08 . 2008-07-07 09:08 <DIR> d-------- C:\WINDOWS\BirdsEyeView
2008-07-07 09:08 . 2008-07-07 09:42 <DIR> d-------- C:\Program Files\BirdsEyeView
2008-07-07 09:06 . 2008-07-07 09:05 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-07-06 22:58 . 2008-07-06 22:58 2,048 --a------ C:\WINDOWS\fe2004.lic
2008-07-06 22:45 . 2008-07-30 17:00 <DIR> d-------- C:\Flight One Software
2008-07-06 22:45 . 2008-07-06 22:45 2,048 --a------ C:\WINDOWS\grpro1.lic
2008-07-06 20:35 . 2008-04-13 19:12 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-06 20:35 . 2008-04-13 13:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-06 20:35 . 2008-04-13 13:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-06 20:35 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 22:10 14 ----a-w C:\Program Files\settings.cfg
2008-07-03 16:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-03 16:47 --------- d-----w C:\Program Files\Windows Plus
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57 1103480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 04:39 486856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 11:39 216520]
"Auslogics BoostSpeed 4"="C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [2008-06-26 13:30 362608]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-08-08 17:47 1169456]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-08-08 18:00 1945424]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-08-08 17:51 148760]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3739648]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05 734264]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 11:38 88584]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe]C:\Documents and Settings\David\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-07-13 13:45:04 547840]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2008-07-03 12:07:14 565248][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"C:\\X-Plane 9\\X-Plane.exe"=
"C:\\Program Files\\SEGA\\Beijing 2008\\Beijing.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Anno 1701\\Anno1701.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\SEGA\\Gas Powered Games\\Space Siege\\SpaceSiege.exe"=
"C:\\Program Files\\SEGA\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2005-01-19 03:18]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 09:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 09:37]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82fbc3f6-640a-11dd-b84f-000f6614addb}]
\Shell\AutoRun\command - G:\Capinst.exe
.
Contents of the 'Scheduled Tasks' folder2008-08-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\rn017vjv.default\
FF -: plugin - C:\Program Files\Download Manager\npfpdlm.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Virtools\3D Life Player\npvirtools.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 08:16:04
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
r Running Proce
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-30 8:19:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-30 13:19:06Pre-Run: 276,024,201,216 bytes free
Post-Run: 276,188,057,600 bytes free277 --- E O F --- 2008-08-30 12:45:17
0
Open Notepad and copy/paste everything between the X"s into it and make sure the first word (such as KILLALL, Or File, etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\sqmdata00.sqm
C:\sqmnoopt00.sqmXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Go to start> run> type in combofix /u (note the space after Comboxfix) then press enter. This will uninstall Combofix and its accessories.
Go to start> control panel> add/remove and uninstall Hijack This, you should keep Malwarebytes and AFT Cleaner and run them weekly.
How is the computer operating?
0
looks like everything is back to normal Thanks a ton for the help. I have not been at home all week so kids were on PC with me checking up on them. Thanks for all the help
0
only one last thing.. my clock is on 24 hour time now. Thats not that big of a deal but how can I change that if I need to ?
0
Go to start> control panel> regional and language options> regional options> customize>time> in "time format" select "h:mm:ss tt"> apply.ok.
That should reset the time. Let me know that it worked please.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
