Submit Your Article Forum Rules FAQ About Us
Search the forums:

Tech Support Team

Join Now!Nav Seperator FAQNav Seperator GalleryNav Seperator TutorialsNav Seperator BlogNav Seperator SearchNav Seperator Today's PostsNav Seperator Mark Forums ReadNav Seperator Navigation Right

Hello and Welcome to Tech Support Team! Before you can start posting and answering questions, you'll have to register. Registration is fast, simple and absolutely free! Feel free to browse through existing questions by choosing the forum you want to visit below.


Tech Support Team » Malware Removal & Security » Malware Removal » Windows messenger virus

Notices
Before creating a new thread, we ask that you please read our Removal guide first: Malware Removal Guide - Read Before Posting. We also advise you reading this thread before continuing: P2P programs - please remove before posting for help

NOTE: NEVER follow someone elses fix. Just because the symptoms may appear to be the same, it does NOT mean your system has the same malware infection. ALWAYS start a new thread so that a member of our Security Team can take you through the steps of cleaning your computer.

Reply
Thread Tools
 
  #1 (permalink)   Top
Old 12th May 2009, 09:26 PM
SamWatson's Avatar
TST Member
  
Join Date: Jan 2008, 58 posts.
Location: England
Reputation: SamWatson is on a distinguished road
Windows messenger virus
i finaly got the annoying messenger virsu where is send your contact andervisments while your offline


all logs below.


HJT:-----------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:01, on 12/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\sniper\sniper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Cradle%20of%20Persia/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NinjaVideo Helper (NinjaVideo Helper.exe) - NinjaVideo - C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8947 bytes



MBAM:-----------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.36
Database version: 2117
Windows 5.1.2600 Service Pack 3

12/05/2009 18:56:24
mbam-log-2009-05-12 (18-56-24).txt

Scan type: Quick Scan
Objects scanned: 116419
Time elapsed: 25 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


superantispyware:-----------------------------------------------------------------------

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 05/12/2009 at 00:54 AM

Application Version : 4.26.1002

Core Rules Database Version : 3886
Trace Rules Database Version: 1834

Scan type : Complete Scan
Total Scan Time : 01:36:45

Memory items scanned : 720
Memory threats detected : 0
Registry items scanned : 5448
Registry threats detected : 0
File items scanned : 130717
File threats detected : 203

Adware.Tracking Cookie
C:\DOCUME~1\Sam\LOCALS~1\Temp\Cookies\sam@atdmt[1].txt
C:\Documents and Settings\Joe\Cookies\joe@247realmedia[1].txt
C:\Documents and Settings\Joe\Cookies\joe@2o7[1].txt
C:\Documents and Settings\Joe\Cookies\joe@ad.singletrackworld[1].txt
C:\Documents and Settings\Joe\Cookies\joe@ad.yieldmanager[1].txt
C:\Documents and Settings\Joe\Cookies\joe@adbrite[2].txt
C:\Documents and Settings\Joe\Cookies\joe@adfarm1.adition[1].txt
C:\Documents and Settings\Joe\Cookies\joe@adopt.euroclick[1].txt
C:\Documents and Settings\Joe\Cookies\joe@adrevolver[1].txt
C:\Documents and Settings\Joe\Cookies\joe@ads-dev.youporn[2].txt
C:\Documents and Settings\Joe\Cookies\joe@ads.ad4game[1].txt
C:\Documents and Settings\Joe\Cookies\joe@ads.aol.co[1].txt
C:\Documents and Settings\Joe\Cookies\joe@ads.gamershell[1].txt
C:\Documents and Settings\Joe\Cookies\joe@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\Joe\Cookies\joe@ads.pointroll[1].txt
C:\Documents and Settings\Joe\Cookies\joe@ads.widgetbucks[2].txt
C:\Documents and Settings\Joe\Cookies\joe@adserver.adtechus[1].txt
C:\Documents and Settings\Joe\Cookies\joe@adtech[1].txt
C:\Documents and Settings\Joe\Cookies\joe@advertiser.edintorni[1].txt
C:\Documents and Settings\Joe\Cookies\joe@advertising[2].txt
C:\Documents and Settings\Joe\Cookies\joe@adviva[2].txt
C:\Documents and Settings\Joe\Cookies\joe@am.sexinfo101[1].txt
C:\Documents and Settings\Joe\Cookies\joe@animalsexonline[1].txt
C:\Documents and Settings\Joe\Cookies\joe@ar.atwola[2].txt
C:\Documents and Settings\Joe\Cookies\joe@at.atwola[2].txt
C:\Documents and Settings\Joe\Cookies\joe@atdmt[1].txt
C:\Documents and Settings\Joe\Cookies\joe@atwola[1].txt
C:\Documents and Settings\Joe\Cookies\joe@banners.playfuls[1].txt
C:\Documents and Settings\Joe\Cookies\joe@bluestreak[1].txt
C:\Documents and Settings\Joe\Cookies\joe@bs.serving-sys[2].txt
C:\Documents and Settings\Joe\Cookies\joe@casalemedia[1].txt
C:\Documents and Settings\Joe\Cookies\joe@cgm.adbureau[2].txt
C:\Documents and Settings\Joe\Cookies\joe@chitika[2].txt
C:\Documents and Settings\Joe\Cookies\joe@cms.trafficmp[1].txt
C:\Documents and Settings\Joe\Cookies\joe@collective-media[1].txt
C:\Documents and Settings\Joe\Cookies\joe@content.yieldmanager.edge suite[1].txt
C:\Documents and Settings\Joe\Cookies\joe@content.yieldmanager[2].txt
C:\Documents and Settings\Joe\Cookies\joe@content.yieldmanager[3].txt
C:\Documents and Settings\Joe\Cookies\joe@counter10.sextracker[1].txt
C:\Documents and Settings\Joe\Cookies\joe@creview.adbureau[1].txt
C:\Documents and Settings\Joe\Cookies\joe@cz4.clickzs[2].txt
C:\Documents and Settings\Joe\Cookies\joe@doubleclick[1].txt
C:\Documents and Settings\Joe\Cookies\joe@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Joe\Cookies\joe@eas.apm.emediate[2].txt
C:\Documents and Settings\Joe\Cookies\joe@ehg-futurepub.hitbox[2].txt
C:\Documents and Settings\Joe\Cookies\joe@ehg-penguingroupusa.hitbox[1].txt
C:\Documents and Settings\Joe\Cookies\joe@euroclick[1].txt
C:\Documents and Settings\Joe\Cookies\joe@fastclick[2].txt
C:\Documents and Settings\Joe\Cookies\joe@hitbox[2].txt
C:\Documents and Settings\Joe\Cookies\joe@imrworldwide[2].txt
C:\Documents and Settings\Joe\Cookies\joe@kontera[2].txt
C:\Documents and Settings\Joe\Cookies\joe@media.adrevolver[1].txt
C:\Documents and Settings\Joe\Cookies\joe@media.adrevolver[3].txt
C:\Documents and Settings\Joe\Cookies\joe@media.mtvnservices[1].txt
C:\Documents and Settings\Joe\Cookies\joe@media6degrees[2].txt
C:\Documents and Settings\Joe\Cookies\joe@mediafire[1].txt
C:\Documents and Settings\Joe\Cookies\joe@mediaplex[1].txt
C:\Documents and Settings\Joe\Cookies\joe@microsoftgamestudio.112.2 o7[1].txt
C:\Documents and Settings\Joe\Cookies\joe@msnaccountservices.112.2o 7[1].txt
C:\Documents and Settings\Joe\Cookies\joe@msnportal.112.2o7[1].txt
C:\Documents and Settings\Joe\Cookies\joe@myxxxtoon[1].txt
C:\Documents and Settings\Joe\Cookies\joe@overture[2].txt
C:\Documents and Settings\Joe\Cookies\joe@partypoker[1].txt
C:\Documents and Settings\Joe\Cookies\joe@questionmarket[2].txt
C:\Documents and Settings\Joe\Cookies\joe@revenue[2].txt
C:\Documents and Settings\Joe\Cookies\joe@revsci[1].txt
C:\Documents and Settings\Joe\Cookies\joe@server.cpmstar[2].txt
C:\Documents and Settings\Joe\Cookies\joe@server.iad.liveperson[2].txt
C:\Documents and Settings\Joe\Cookies\joe@server.iad.liveperson[3].txt
C:\Documents and Settings\Joe\Cookies\joe@serving-sys[1].txt
C:\Documents and Settings\Joe\Cookies\joe@sexer[1].txt
C:\Documents and Settings\Joe\Cookies\joe@sexinfo101[2].txt
C:\Documents and Settings\Joe\Cookies\joe@sexlist[2].txt
C:\Documents and Settings\Joe\Cookies\joe@sextracker[1].txt
C:\Documents and Settings\Joe\Cookies\joe@singletrackworld[1].txt
C:\Documents and Settings\Joe\Cookies\joe@specificclick[1].txt
C:\Documents and Settings\Joe\Cookies\joe@spylog[1].txt
C:\Documents and Settings\Joe\Cookies\joe@stat.mystat[1].txt
C:\Documents and Settings\Joe\Cookies\joe@statcounter[1].txt
C:\Documents and Settings\Joe\Cookies\joe@stats.adbrite[1].txt
C:\Documents and Settings\Joe\Cookies\joe@statse.webtrendslive[1].txt
C:\Documents and Settings\Joe\Cookies\joe@tacoda[2].txt
C:\Documents and Settings\Joe\Cookies\joe@teengfs[2].txt
C:\Documents and Settings\Joe\Cookies\joe@toplist[1].txt
C:\Documents and Settings\Joe\Cookies\joe@toplist[3].txt
C:\Documents and Settings\Joe\Cookies\joe@track.adform[1].txt
C:\Documents and Settings\Joe\Cookies\joe@trackmill[2].txt
C:\Documents and Settings\Joe\Cookies\joe@tradedoubler[2].txt
C:\Documents and Settings\Joe\Cookies\joe@tribalfusion[2].txt
C:\Documents and Settings\Joe\Cookies\joe@uporn[1].txt
C:\Documents and Settings\Joe\Cookies\joe@viacom.adbureau[2].txt
C:\Documents and Settings\Joe\Cookies\joe@www.googleadservices[1].txt
C:\Documents and Settings\Joe\Cookies\joe@www.googleadservices[2].txt
C:\Documents and Settings\Joe\Cookies\joe@www.googleadservices[3].txt
C:\Documents and Settings\Joe\Cookies\joe@www.googleadservices[4].txt
C:\Documents and Settings\Joe\Cookies\joe@www.googleadservices[5].txt
C:\Documents and Settings\Joe\Cookies\joe@www.mediafire[2].txt
C:\Documents and Settings\Joe\Cookies\joe@www.putridsexobject[1].txt
C:\Documents and Settings\Joe\Cookies\joe@xiti[1].txt
C:\Documents and Settings\Joe\Cookies\joe@xxxcounter[1].txt
C:\Documents and Settings\Joe\Cookies\joe@yadro[2].txt
C:\Documents and Settings\Joe\Cookies\joe@youporngay[2].txt
C:\Documents and Settings\Joe\Cookies\joe@youporn[2].txt
C:\Documents and Settings\Joe\Cookies\joe@zedo[2].txt
C:\Documents and Settings\Mum\Cookies\mum@112.2o7[2].txt
C:\Documents and Settings\Mum\Cookies\mum@122.2o7[1].txt
C:\Documents and Settings\Mum\Cookies\mum@123count[1].txt
C:\Documents and Settings\Mum\Cookies\mum@247realmedia[1].txt
C:\Documents and Settings\Mum\Cookies\mum@2o7[2].txt
C:\Documents and Settings\Mum\Cookies\mum@ad.sitelement[2].txt
C:\Documents and Settings\Mum\Cookies\mum@ad.yieldmanager[2].txt
C:\Documents and Settings\Mum\Cookies\mum@adopt.euroclick[1].txt
C:\Documents and Settings\Mum\Cookies\mum@adrevolver[2].txt
C:\Documents and Settings\Mum\Cookies\mum@ads.anm.co[1].txt
C:\Documents and Settings\Mum\Cookies\mum@ads.holidays-uncovered.co[1].txt
C:\Documents and Settings\Mum\Cookies\mum@ads.telegraph.co[1].txt
C:\Documents and Settings\Mum\Cookies\mum@adtech[1].txt
C:\Documents and Settings\Mum\Cookies\mum@advertising[1].txt
C:\Documents and Settings\Mum\Cookies\mum@adviva[2].txt
C:\Documents and Settings\Mum\Cookies\mum@amazonms.122.2o7[1].txt
C:\Documents and Settings\Mum\Cookies\mum@aoluk.122.2o7[1].txt
C:\Documents and Settings\Mum\Cookies\mum@apmebf[2].txt
C:\Documents and Settings\Mum\Cookies\mum@at.atwola[1].txt
C:\Documents and Settings\Mum\Cookies\mum@atdmt[1].txt
C:\Documents and Settings\Mum\Cookies\mum@atoc.112.2o7[1].txt
C:\Documents and Settings\Mum\Cookies\mum@bgtpartners.112.2o7[1].txt
C:\Documents and Settings\Mum\Cookies\mum@bluestreak[2].txt
C:\Documents and Settings\Mum\Cookies\mum@bs.serving-sys[1].txt
C:\Documents and Settings\Mum\Cookies\mum@casalemedia[1].txt
C:\Documents and Settings\Mum\Cookies\mum@clickshift[1].txt
C:\Documents and Settings\Mum\Cookies\mum@doubleclick[1].txt
C:\Documents and Settings\Mum\Cookies\mum@ehg-baa.hitbox[2].txt
C:\Documents and Settings\Mum\Cookies\mum@ehg-lhw.hitbox[2].txt
C:\Documents and Settings\Mum\Cookies\mum@eqtracking[1].txt
C:\Documents and Settings\Mum\Cookies\mum@euroclick[1].txt
C:\Documents and Settings\Mum\Cookies\mum@fastclick[2].txt
C:\Documents and Settings\Mum\Cookies\mum@flightcentre.112.2o7[1].txt
C:\Documents and Settings\Mum\Cookies\mum@flightstats[2].txt
C:\Documents and Settings\Mum\Cookies\mum@hitbox[2].txt
C:\Documents and Settings\Mum\Cookies\mum@hotelopia.112.2o7[1].txt
C:\Documents and Settings\Mum\Cookies\mum@hotelscom.122.2o7[1].txt
C:\Documents and Settings\Mum\Cookies\mum@imrworldwide[2].txt
C:\Documents and Settings\Mum\Cookies\mum@indexstats[1].txt
C:\Documents and Settings\Mum\Cookies\mum@indextools[2].txt
C:\Documents and Settings\Mum\Cookies\mum@latestnews.virginmedia[2].txt
C:\Documents and Settings\Mum\Cookies\mum@media.adrevolver[1].txt
C:\Documents and Settings\Mum\Cookies\mum@media.adrevolver[2].txt
C:\Documents and Settings\Mum\Cookies\mum@mediaonenetwork[1].txt
C:\Documents and Settings\Mum\Cookies\mum@mediaplex[1].txt
C:\Documents and Settings\Mum\Cookies\mum@msnportal.112.2o7[2].txt
C:\Documents and Settings\Mum\Cookies\mum@msnprod.oberon-media[2].txt
C:\Documents and Settings\Mum\Cookies\mum@neoedge.adbureau[2].txt
C:\Documents and Settings\Mum\Cookies\mum@opodo.122.2o7[1].txt
C:\Documents and Settings\Mum\Cookies\mum@overture[1].txt
C:\Documents and Settings\Mum\Cookies\mum@paypal.112.2o7[1].txt
C:\Documents and Settings\Mum\Cookies\mum@playgames.virginmedia[2].txt
C:\Documents and Settings\Mum\Cookies\mum@playvideogames.virginmedi a[1].txt
C:\Documents and Settings\Mum\Cookies\mum@premiumtv.122.2o7[1].txt
C:\Documents and Settings\Mum\Cookies\mum@qksrv[2].txt
C:\Documents and Settings\Mum\Cookies\mum@questionmarket[2].txt
C:\Documents and Settings\Mum\Cookies\mum@redletterdays.122.2o7[1].txt
C:\Documents and Settings\Mum\Cookies\mum@revsci[2].txt
C:\Documents and Settings\Mum\Cookies\mum@rezidor.112.2o7[1].txt
C:\Documents and Settings\Mum\Cookies\mum@roiservice[2].txt
C:\Documents and Settings\Mum\Cookies\mum@search.virginmedia[1].txt
C:\Documents and Settings\Mum\Cookies\mum@server.iad.liveperson[2].txt
C:\Documents and Settings\Mum\Cookies\mum@server.iad.liveperson[3].txt
C:\Documents and Settings\Mum\Cookies\mum@server.iad.liveperson[4].txt
C:\Documents and Settings\Mum\Cookies\mum@serving-sys[2].txt
C:\Documents and Settings\Mum\Cookies\mum@specificclick[2].txt
C:\Documents and Settings\Mum\Cookies\mum@specificmedia[2].txt
C:\Documents and Settings\Mum\Cookies\mum@statcounter[1].txt
C:\Documents and Settings\Mum\Cookies\mum@stats.paypal[2].txt
C:\Documents and Settings\Mum\Cookies\mum@statse.webtrendslive[1].txt
C:\Documents and Settings\Mum\Cookies\mum@statsserver.contensis.co[1].txt
C:\Documents and Settings\Mum\Cookies\mum@statsserver.contensis.co[2].txt
C:\Documents and Settings\Mum\Cookies\mum@tacoda[1].txt
C:\Documents and Settings\Mum\Cookies\mum@teletext.112.2o7[1].txt
C:\Documents and Settings\Mum\Cookies\mum@toplist[1].txt
C:\Documents and Settings\Mum\Cookies\mum@toplist[3].txt
C:\Documents and Settings\Mum\Cookies\mum@track.adform[1].txt
C:\Documents and Settings\Mum\Cookies\mum@tracker.roitesting[1].txt
C:\Documents and Settings\Mum\Cookies\mum@tracking.keywordmax[1].txt
C:\Documents and Settings\Mum\Cookies\mum@tradedoubler[1].txt
C:\Documents and Settings\Mum\Cookies\mum@tribalfusion[1].txt
C:\Documents and Settings\Mum\Cookies\mum@trvlnet.adbureau[1].txt
C:\Documents and Settings\Mum\Cookies\mum@uk.at.atwola[1].txt
C:\Documents and Settings\Mum\Cookies\mum@virginmedia.gamesplanet[2].txt
C:\Documents and Settings\Mum\Cookies\mum@virginmedia[1].txt
C:\Documents and Settings\Mum\Cookies\mum@weborama[2].txt
C:\Documents and Settings\Mum\Cookies\mum@www.clicksafe.lloydstsb[2].txt
C:\Documents and Settings\Mum\Cookies\mum@www.clicksafe.lloydstsb[3].txt
C:\Documents and Settings\Mum\Cookies\mum@www.encounters.timesonlin e.co[1].txt
C:\Documents and Settings\Mum\Cookies\mum@www.encounters.timesonlin e.co[2].txt
C:\Documents and Settings\Mum\Cookies\mum@www.football.virginmedia[1].txt
C:\Documents and Settings\Mum\Cookies\mum@www.hxtrack[1].txt
C:\Documents and Settings\Mum\Cookies\mum@www.justthinkmedia[2].txt
C:\Documents and Settings\Mum\Cookies\mum@www.oberon-media[2].txt
C:\Documents and Settings\Mum\Cookies\mum@www.virginmedia[1].txt
C:\Documents and Settings\Mum\Cookies\mum@www1.addfreestats[1].txt
C:\Documents and Settings\Mum\Cookies\mum@xiti[1].txt
C:\Documents and Settings\Mum\Cookies\mum@zedo[1].txt
C:\Documents and Settings\Sam\Local Settings\Temp\Cookies\sam@atdmt[1].txt
Reply With Quote
  #2 (permalink)   Top
Old 13th May 2009, 01:23 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Download Disable/Remove Windows Messenger to the Desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the Desktop.

----------

Be sure to download a new copy of ComboFix if you already have it.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #3 (permalink)   Top
Old 13th May 2009, 08:14 AM
SamWatson's Avatar
TST Member
  
Join Date: Jan 2008, 58 posts.
Location: England
Reputation: SamWatson is on a distinguished road
ok.. windows messenger removed..


combo fix log



ComboFix 09-05-12.06 - Sam 13/05/2009 9:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.501 [GMT 1:00]
Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090512-0] *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-05-12 18:03 . 2009-05-12 18:04 -------- d-----w c:\program files\Trend Micro
2009-05-12 17:29 . 2009-05-12 17:29 -------- d-----w c:\documents and settings\Sam\Application Data\Malwarebytes
2009-05-12 17:28 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-12 17:28 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 17:28 . 2009-05-12 17:28 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-12 17:28 . 2009-05-12 17:28 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-11 22:11 . 2009-05-11 22:11 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-11 22:11 . 2009-05-11 22:11 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-11 22:11 . 2009-05-11 22:11 -------- d-----w c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com
2009-05-11 22:10 . 2009-05-11 22:10 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-05 23:53 . 2009-05-06 23:22 25 ----a-w c:\windows\popcinfot.dat
2009-05-05 23:52 . 2009-05-05 23:52 -------- d-----w c:\documents and settings\All Users\Application Data\PopCap Games
2009-05-05 23:51 . 2009-05-06 21:37 -------- d-----w c:\program files\PopCap Games
2009-05-04 23:31 . 2009-05-05 00:16 -------- d-----w c:\documents and settings\All Users\Application Data\foldit
2009-05-04 23:31 . 2009-05-04 23:32 -------- d-----w c:\program files\foldit
2009-05-04 22:24 . 2009-05-04 22:24 -------- d-----w c:\documents and settings\Sam\GMArcade
2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-14 17:36 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 17:36 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 17:34 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-14 17:34 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-14 17:34 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 17:34 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-14 17:34 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 17:34 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 17:34 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 17:34 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 17:34 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 17:34 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-13 07:42 . 2009-01-28 10:09 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-11 22:03 . 2008-02-11 15:30 -------- d-----w c:\program files\CCleaner
2009-05-11 21:59 . 2008-01-29 22:57 -------- d-----w c:\program files\Dell
2009-05-06 23:17 . 2008-04-10 21:48 -------- d-----w c:\program files\Xfire
2009-05-06 22:23 . 2008-10-08 20:48 -------- d-----w c:\program files\Steam
2009-05-05 22:43 . 2008-07-23 16:33 -------- d-----w c:\program files\World of Warcraft
2009-04-14 17:37 . 2009-04-07 23:30 -------- d-----w c:\program files\Windows Live
2009-04-11 15:10 . 2009-04-11 15:10 -------- d-----w c:\program files\The Rise of Atlantis
2009-04-10 20:07 . 2009-04-07 17:47 26 ---ha-w c:\windows\popcinfo.dat
2009-04-10 19:29 . 2009-04-10 19:26 -------- d-----w c:\program files\Bejeweled 2
2009-04-10 18:54 . 2009-03-30 20:17 -------- d-----w c:\program files\Cradle Of Persia
2009-04-10 18:43 . 2009-04-05 18:15 -------- d-----w c:\program files\Cradle Of Rome
2009-04-10 18:24 . 2009-01-02 21:24 -------- d-----w c:\program files\Oberon Media
2009-04-10 18:24 . 2009-04-10 18:24 -------- d-----w c:\program files\Gamenext
2009-04-10 15:40 . 2009-04-05 19:13 -------- d-----w c:\program files\MSN Games
2009-04-10 15:39 . 2009-04-10 14:29 -------- d-----w c:\program files\Jewel Quest 2
2009-04-10 15:39 . 2009-01-02 21:24 -------- d-----w c:\program files\Virgin Media Games
2009-04-10 14:27 . 2009-04-10 14:27 -------- d-----w c:\program files\Amazon
2009-04-08 22:31 . 2009-04-04 20:41 -------- d-----w c:\program files\Zylom Games
2009-04-08 22:15 . 2009-04-08 11:22 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-08 11:16 . 2009-04-08 11:16 -------- d-----w c:\program files\Microsoft
2009-04-07 22:22 . 2008-01-29 22:58 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-07 22:12 . 2008-01-29 22:52 -------- d-----w c:\program files\Java
2009-04-06 19:06 . 2008-08-09 20:08 33624 ----a-w c:\documents and settings\Joe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-05 18:09 . 2009-04-05 18:09 -------- d-----w c:\program files\ReflexiveArcade
2009-04-05 18:09 . 2009-04-05 18:07 -------- d-----w c:\program files\Retro64 Games
2009-03-31 22:48 . 2008-08-25 22:41 -------- d-----w c:\program files\LimeWire
2009-03-30 18:35 . 2008-08-25 15:05 33624 ----a-w c:\documents and settings\Mum\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-29 22:41 . 2008-02-11 09:27 33624 ----a-w c:\documents and settings\Sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-29 22:36 . 2009-03-29 22:36 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-29 22:28 . 2009-03-29 22:28 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-23 22:48 . 2008-08-31 22:29 -------- d-----w c:\program files\EA Games
2009-03-09 04:19 . 2009-03-31 22:46 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-10 12:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 12:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-10 12:51 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-07-10 339968]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2008-02-17 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-04-06 247296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Sam\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-29 50688]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-13 10:57 221184 ----a-w c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Sam^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Sam\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.s ys [29/01/2008 23:34 3456]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [02/04/2008 23:59 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26/04/2007 11:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26/04/2007 11:21 72624]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/04/2009 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 11:33 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [02/04/2008 23:59 20560]
R2 NinjaVideo Helper.exe;NinjaVideo Helper;c:\program files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe [10/04/2008 21:01 110592]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26/04/2007 11:21 1234480]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [10/04/2009 15:27 319488]
S3 gkmixern;gkmixern;\??\c:\docume~1\Sam\LOCALS~1\Tem p\gkmixern.sys --> c:\docume~1\Sam\LOCALS~1\Temp\gkmixern.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 11:33 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fdc1e3b4-3ae3-11dd-9c8e-001d09b2ae9c}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\wqde98ie.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\wqde98ie.default\ext ensions\battlefieldheroespatcher@ea.com\platform\W INNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dl l
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.d ll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-05-13 09:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(760)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DL L
c:\windows\system32\mshtml.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-13 9:09
ComboFix-quarantined-files.txt 2009-05-13 08:09

Pre-Run: 35,675,930,624 bytes free
Post-Run: 37,012,951,040 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

197 --- E O F --- 2009-05-13 07:48













Thanks for oyu help
Reply With Quote
  #4 (permalink)   Top
Old 13th May 2009, 11:25 AM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

Driver::
gkmixern
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
  #5 (permalink)   Top
Old 13th May 2009, 10:42 PM
SamWatson's Avatar
TST Member
  
Join Date: Jan 2008, 58 posts.
Location: England
Reputation: SamWatson is on a distinguished road
ComboFix 09-05-13.01 - Sam 13/05/2009 23:22.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.505 [GMT 1:00]
Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sam\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090513-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.

((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-05-12 18:03 . 2009-05-12 18:04 -------- d-----w c:\program files\Trend Micro
2009-05-12 17:29 . 2009-05-12 17:29 -------- d-----w c:\documents and settings\Sam\Application Data\Malwarebytes
2009-05-12 17:28 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-12 17:28 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 17:28 . 2009-05-12 17:28 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-12 17:28 . 2009-05-12 17:28 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-11 22:11 . 2009-05-11 22:11 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-11 22:11 . 2009-05-11 22:11 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-11 22:11 . 2009-05-11 22:11 -------- d-----w c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com
2009-05-11 22:10 . 2009-05-11 22:10 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-05 23:53 . 2009-05-06 23:22 25 ----a-w c:\windows\popcinfot.dat
2009-05-05 23:52 . 2009-05-05 23:52 -------- d-----w c:\documents and settings\All Users\Application Data\PopCap Games
2009-05-05 23:51 . 2009-05-06 21:37 -------- d-----w c:\program files\PopCap Games
2009-05-04 23:31 . 2009-05-05 00:16 -------- d-----w c:\documents and settings\All Users\Application Data\foldit
2009-05-04 23:31 . 2009-05-04 23:32 -------- d-----w c:\program files\foldit
2009-05-04 22:24 . 2009-05-04 22:24 -------- d-----w c:\documents and settings\Sam\GMArcade
2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-14 17:36 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 17:36 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 17:34 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-14 17:34 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-14 17:34 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 17:34 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-14 17:34 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 17:34 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 17:34 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 17:34 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 17:34 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 17:34 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-13 21:57 . 2009-01-28 10:09 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-11 22:03 . 2008-02-11 15:30 -------- d-----w c:\program files\CCleaner
2009-05-11 21:59 . 2008-01-29 22:57 -------- d-----w c:\program files\Dell
2009-05-06 23:17 . 2008-04-10 21:48 -------- d-----w c:\program files\Xfire
2009-05-06 22:23 . 2008-10-08 20:48 -------- d-----w c:\program files\Steam
2009-05-05 22:43 . 2008-07-23 16:33 -------- d-----w c:\program files\World of Warcraft
2009-04-14 17:37 . 2009-04-07 23:30 -------- d-----w c:\program files\Windows Live
2009-04-11 15:10 . 2009-04-11 15:10 -------- d-----w c:\program files\The Rise of Atlantis
2009-04-10 20:07 . 2009-04-07 17:47 26 ---ha-w c:\windows\popcinfo.dat
2009-04-10 19:29 . 2009-04-10 19:26 -------- d-----w c:\program files\Bejeweled 2
2009-04-10 18:54 . 2009-03-30 20:17 -------- d-----w c:\program files\Cradle Of Persia
2009-04-10 18:43 . 2009-04-05 18:15 -------- d-----w c:\program files\Cradle Of Rome
2009-04-10 18:24 . 2009-01-02 21:24 -------- d-----w c:\program files\Oberon Media
2009-04-10 18:24 . 2009-04-10 18:24 -------- d-----w c:\program files\Gamenext
2009-04-10 15:40 . 2009-04-05 19:13 -------- d-----w c:\program files\MSN Games
2009-04-10 15:39 . 2009-04-10 14:29 -------- d-----w c:\program files\Jewel Quest 2
2009-04-10 15:39 . 2009-01-02 21:24 -------- d-----w c:\program files\Virgin Media Games
2009-04-10 14:27 . 2009-04-10 14:27 -------- d-----w c:\program files\Amazon
2009-04-08 22:31 . 2009-04-04 20:41 -------- d-----w c:\program files\Zylom Games
2009-04-08 22:15 . 2009-04-08 11:22 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-08 11:16 . 2009-04-08 11:16 -------- d-----w c:\program files\Microsoft
2009-04-07 22:22 . 2008-01-29 22:58 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-07 22:12 . 2008-01-29 22:52 -------- d-----w c:\program files\Java
2009-04-06 19:06 . 2008-08-09 20:08 33624 ----a-w c:\documents and settings\Joe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-05 18:09 . 2009-04-05 18:09 -------- d-----w c:\program files\ReflexiveArcade
2009-04-05 18:09 . 2009-04-05 18:07 -------- d-----w c:\program files\Retro64 Games
2009-03-31 22:48 . 2008-08-25 22:41 -------- d-----w c:\program files\LimeWire
2009-03-30 18:35 . 2008-08-25 15:05 33624 ----a-w c:\documents and settings\Mum\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-29 22:41 . 2008-02-11 09:27 33624 ----a-w c:\documents and settings\Sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-29 22:36 . 2009-03-29 22:36 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-29 22:28 . 2009-03-29 22:28 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-23 22:48 . 2008-08-31 22:29 -------- d-----w c:\program files\EA Games
2009-03-09 04:19 . 2009-03-31 22:46 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-10 12:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 12:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-10 12:51 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-13_08.06.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-13 22:30 . 2009-05-13 22:30 16384 c:\windows\Temp\Perflib_Perfdata_710.dat
+ 2009-05-13 22:30 . 2009-05-13 22:30 16384 c:\windows\Temp\Perflib_Perfdata_200.dat
+ 2004-08-10 12:51 . 2009-05-13 22:17 72382 c:\windows\system32\perfc009.dat
- 2004-08-10 12:51 . 2009-05-13 07:46 72382 c:\windows\system32\perfc009.dat
+ 2009-05-13 15:37 . 2009-05-13 15:37 80395 c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
- 2009-04-14 17:51 . 2009-04-14 17:51 80395 c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2004-08-10 12:51 . 2009-05-13 22:17 443534 c:\windows\system32\perfh009.dat
- 2004-08-10 12:51 . 2009-05-13 07:46 443534 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-07-10 339968]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2008-02-17 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-04-06 247296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Sam\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-29 50688]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-13 10:57 221184 ----a-w c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Sam^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Sam\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.s ys [29/01/2008 23:34 3456]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [02/04/2008 23:59 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26/04/2007 11:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26/04/2007 11:21 72624]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/04/2009 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 11:33 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [02/04/2008 23:59 20560]
R2 NinjaVideo Helper.exe;NinjaVideo Helper;c:\program files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe [10/04/2008 21:01 110592]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26/04/2007 11:21 1234480]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [10/04/2009 15:27 319488]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 11:33 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fdc1e3b4-3ae3-11dd-9c8e-001d09b2ae9c}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\wqde98ie.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\wqde98ie.default\ext ensions\battlefieldheroespatcher@ea.com\platform\W INNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dl l
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.d ll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-05-13 23:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(2132)
c:\windows\system32\mshtml.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
************************************************** ************************
.
Completion time: 2009-05-13 23:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-13 22:37
ComboFix2.txt 2009-05-13 22:19
ComboFix3.txt 2009-05-13 08:09

Pre-Run: 36,950,491,136 bytes free
Post-Run: 36,931,674,112 bytes free

224 --- E O F --- 2009-05-13 07:48
Reply With Quote
  #6 (permalink)   Top
Old 13th May 2009, 11:05 PM
evilfantasy's Avatar
Security Team
  
Join Date: Dec 2007, 2,555 posts.
Location: Tulsa, OK
Reputation: evilfantasy will become famous soon enoughevilfantasy will become famous soon enough
  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.


----------

Scan with Panda ActiveScan

This scanner requires Internet Explorer

  • Once you are on the Panda site click the Scan your PC now button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Select the appropriate Yes or No to receiving marketing information
  • Click the Free Online Scan button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.


Post the contents of the ActiveScan report in your next reply.
__________________
.

ƃolq s’ʎsɐʇuɐɟlıʌǝ
Reply With Quote
Reply

Only registered members can participate in forum threads. You must register or log in to contribute.


« Previous Thread | Next Thread »
Thread Tools

Forum Jump


All times are GMT. The time now is 09:53 PM.

Contact Us - Tech Support Team - Terms of Service - Top


Member Login
Forgot Password?



Post A Question!
Useful Links
Main Menu
Home
Forum Rules
FAQ
About Us
Welcome Pack
Search the forums
TST Mobile
Contact Us
Send Message

These are the 8 most used thread tags
Tag Cloud
geforce modem monitor no ring response no signal nvidia soft modem win7
Copyright © Tech Support Team, Inc. All rights reserved.
TechSupportTeam.org is an Privacy Policy and Legal Powered by vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.