•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 374,613 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,372 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser:
Views: 865 | Replies: 14
 |
•
•
Join Date: May 2005
Posts: 2,352
Reputation: 
Rep Power: 8
Solved Threads: 118
Hmm, that scan missed the mark, but this next scan targets the downloaders behind some of the websites that were added to your trusted zone - that seems a good place to check for the source of the scamming/popups...
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebyt...are_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file to install the application and ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything is checked, and click Remove Selected.
Post the Notepad log [it is also saved under Logs tab in MBAM].
And then this:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebyt...are_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file to install the application and ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything is checked, and click Remove Selected.
Post the Notepad log [it is also saved under Logs tab in MBAM].
And then this:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Last edited by gerbil : May 11th, 2008 at 8:05 am.
Deep, deep in the woods, but walking about.
•
•
Join Date: May 2008
Posts: 7
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
OMG !! I think the pop ups are gone !! 
, heres the Malwarebyte Anti-Malware Report : Malwarebytes' Anti-Malware 1.12
Database version: 740
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 79815
Time elapsed: 25 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NFi (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\in3\wmsdir3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NFi\kepdllsk1.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
C:\Program Files\winvi\Uninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\desktop.html (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\settings.sol (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.
and then i tried running combo fix, but it kept on giving me the blue screen error, so i ran it in safe mode, and it worked perfectly fine! Heres the combo fix report : ComboFix 08-05-11.1 - dell 2008-05-11 16:34:11.2 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\dell\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\WudfRdd.sys
.
---- Previous Run -------
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\system32\pskill.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WUDFRDD
-------\Service_WudfRdd
((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.
2008-05-11 16:20 . 2008-05-11 16:20 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-05-11 15:03 . 2008-05-11 15:03 <DIR> d-------- C:\Documents and Settings\dell\Application Data\Malwarebytes
2008-05-11 15:02 . 2008-05-11 15:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 15:02 . 2008-05-11 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-11 15:02 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-11 15:02 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-11 14:59 . 2008-05-11 15:03 <DIR> d-------- C:\Program Files\Paraben
2008-05-11 14:59 . 2008-05-11 14:59 <DIR> d-------- C:\Program Files\Common Files\Paraben Shared
2008-05-10 23:30 . 2008-05-10 23:30 <DIR> d-------- C:\Program Files\Thoosje
2008-05-10 23:23 . 2008-05-10 23:24 <DIR> d-------- C:\Documents and Settings\dell\Application Data\ViStart
2008-05-10 23:19 . 2008-05-10 23:19 <DIR> d-------- C:\Documents and Settings\dell\Application Data\Styler
2008-05-10 23:18 . 2008-05-10 23:18 <DIR> d-------- C:\Program Files\WinFlip
2008-05-10 23:18 . 2008-05-10 23:18 <DIR> d-------- C:\Program Files\TrueTransparency
2008-05-10 23:18 . 2008-05-11 16:20 <DIR> d-------- C:\Program Files\Styler
2008-05-10 23:09 . 2008-05-10 23:09 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-05-10 23:08 . 2008-05-11 16:23 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-05-10 23:08 . 2008-05-10 23:21 <DIR> d-------- C:\VTPFiles
2008-05-10 23:08 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-05-10 23:08 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2008-05-10 23:08 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-05-10 23:08 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-05-10 22:29 . 2008-05-11 16:19 <DIR> d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-05-09 18:38 . 2008-05-09 18:48 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-08 16:07 . 2008-05-08 16:07 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-05-08 16:07 . 2008-05-08 16:07 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-05-08 16:06 . 2008-05-08 16:14 <DIR> d-------- C:\Program Files\DAP
2008-05-07 08:17 . 2008-05-10 15:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-07 08:17 . 2008-05-10 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-06 20:27 . 2008-05-11 00:07 3,232 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-06 20:20 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-06 20:20 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-06 16:17 . 2008-05-06 16:17 268 --ah----- C:\sqmdata01.sqm
2008-05-06 16:17 . 2008-05-06 16:17 244 --ah----- C:\sqmnoopt01.sqm
2008-05-06 16:04 . 2008-05-06 16:04 <DIR> d-------- C:\VundoFix Backups
2008-05-05 21:36 . 2008-05-05 21:36 268 --ah----- C:\sqmdata00.sqm
2008-05-05 21:36 . 2008-05-05 21:36 244 --ah----- C:\sqmnoopt00.sqm
2008-05-04 09:30 . 2008-05-04 09:30 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-04 09:30 . 2008-05-04 09:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-04 09:19 . 2008-05-04 09:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-04 09:13 . 2008-05-04 09:10 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-04 09:10 . 2008-05-04 14:47 <DIR> d-------- C:\Documents and Settings\dell\.housecall6.6
2008-05-03 12:36 . 2008-05-10 14:15 <DIR> d-------- C:\Program Files\Stardock
2008-05-03 12:36 . 2008-05-03 12:36 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-05-03 12:02 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-03 12:02 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-03 12:02 . 2008-03-09 00:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-03 12:02 . 2008-03-05 21:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-03 12:02 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-03 12:02 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-03 11:37 . 2008-05-03 11:37 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-03 11:23 . 2008-05-03 12:19 121 --a------ C:\WINDOWS\_vmtxp.ini
2008-05-03 09:26 . 2008-05-07 08:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-03 09:00 . 2008-05-11 15:42 <DIR> d-------- C:\WINDOWS\system32\in3
2008-05-03 09:00 . 2008-05-03 09:00 <DIR> d-------- C:\WINDOWS\system32\dvb1
2008-05-03 09:00 . 2008-05-03 09:00 <DIR> d-------- C:\WINDOWS\system32\bTMP
2008-05-03 09:00 . 2008-05-03 09:00 <DIR> d-------- C:\WINDOWS\system32\bkEur01
2008-05-03 08:54 . 2008-05-03 08:54 <DIR> d-------- C:\Temp\maxsv15
2008-05-03 08:54 . 2008-05-11 16:28 <DIR> d-------- C:\Temp
2008-05-02 22:53 . 2008-05-02 22:53 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-02 21:55 . 2008-05-02 21:55 <DIR> d-------- C:\Program Files\Opera
2008-05-02 21:36 . 2008-05-02 21:36 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-02 12:01 . 2006-08-09 20:58 218,624 --a------ C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-04-22 20:54 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-22 20:54 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-22 20:54 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-22 20:54 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-19 10:05 . 2008-04-19 10:06 <DIR> d-------- C:\Documents and Settings\dell\Application Data\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 21:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 21:22 --------- d-----w C:\Documents and Settings\dell\Application Data\DNA
2008-05-10 01:36 --------- d-----w C:\Documents and Settings\dell\Application Data\BitTorrent
2008-05-03 03:53 --------- d-----w C:\Program Files\Common Files\Real
2008-05-02 23:55 --------- d-----w C:\Program Files\Windows Live
2008-05-02 23:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-30 21:06 --------- d-----w C:\Program Files\QuickTime
2008-04-30 21:04 --------- d-----w C:\Program Files\MUSICMATCH
2008-04-22 20:56 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-12 15:11 --------- d-----w C:\Documents and Settings\dell\Application Data\AdobeUM
2008-04-11 02:34 --------- d-----w C:\Documents and Settings\dell\Application Data\DivX
2008-04-11 02:24 --------- d-----w C:\Program Files\DivX
2008-04-10 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 02:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 02:13 --------- d-----w C:\Program Files\Veoh Networks
2008-04-08 02:55 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-08 01:58 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-08 01:37 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-08 01:30 --------- d-----w C:\Program Files\BillP Studios
2008-04-08 01:30 --------- d-----w C:\Documents and Settings\dell\Application Data\WinPatrol
2008-04-07 23:01 --------- d-----w C:\Program Files\WordPerfect Office 12
2008-04-07 22:38 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-07 22:38 --------- d-----w C:\Program Files\Windows Live Favorites
2008-04-07 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-04-07 22:04 --------- d-----w C:\Program Files\CCleaner
2008-04-07 21:52 --------- d-----w C:\Program Files\DNA
2008-04-07 21:52 --------- d-----w C:\Program Files\BitTorrent
2008-04-07 21:48 --------- d-----w C:\Program Files\MSBuild
2008-04-07 21:48 --------- d-----w C:\Program Files\Microsoft Works
2008-04-07 21:46 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-07 21:44 --------- d-----w C:\Documents and Settings\dell\Application Data\vlc
2008-04-07 21:43 --------- d-----w C:\Program Files\VideoLAN
2008-04-07 21:34 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-07 21:34 --------- d-----w C:\Program Files\Athan
2008-04-07 21:05 --------- d-----w C:\Program Files\Google
2008-05-08 21:07 251,392 ----a-w C:\Program Files\opera\program\plugins\dapop.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51 306688]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 13:02 289088]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"DesktopX"="C:\Program Files\Stardock\Object Desktop\IconX\IconX.exe" [2005-08-03 12:58 54272]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-02-19 17:59 418632]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [ ]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-01-31 16:35 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-31 21:10 339968]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"Athan"="C:\Program Files\Athan\Athan.exe" [2005-09-11 19:04 937984]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 12:37 79224]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 00:38 316728]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-02 22:53 185896]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-05-08 16:07 3053056]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-20 13:05:19 24576]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoLogoff"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 12:31]
S2 ASTSRV;ASTSRV;C:\Windows\System32\ASTSRV.exe []
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 12:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08631429-d361-11dc-a709-0012f093f636}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-05-11 21:05:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-07 19:20:37 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-11 21:23:41 C:\WINDOWS\Tasks\SpeedOptimizer Startup.job"
- c:\program files\speedoptimizer\SPO.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 16:39:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
.
**************************************************************************
.
Completion time: 2008-05-11 16:42:07 - machine was rebooted [dell]
ComboFix-quarantined-files.txt 2008-05-11 21:42:01
Pre-Run: 17,032,511,488 bytes free
Post-Run: 16,952,479,744 bytes free
226 --- E O F --- 2008-04-16 14:25:29
Anyway Thank you very much for your help!! , and If its okay, I want to know whats a good Anti-Virus Program, I have avast, but is there anything better?
, heres the Malwarebyte Anti-Malware Report : Malwarebytes' Anti-Malware 1.12Database version: 740
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 79815
Time elapsed: 25 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NFi (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\in3\wmsdir3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NFi\kepdllsk1.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
C:\Program Files\winvi\Uninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\desktop.html (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\settings.sol (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.
and then i tried running combo fix, but it kept on giving me the blue screen error, so i ran it in safe mode, and it worked perfectly fine! Heres the combo fix report : ComboFix 08-05-11.1 - dell 2008-05-11 16:34:11.2 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\dell\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\WudfRdd.sys
.
---- Previous Run -------
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\system32\pskill.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WUDFRDD
-------\Service_WudfRdd
((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.
2008-05-11 16:20 . 2008-05-11 16:20 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-05-11 15:03 . 2008-05-11 15:03 <DIR> d-------- C:\Documents and Settings\dell\Application Data\Malwarebytes
2008-05-11 15:02 . 2008-05-11 15:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 15:02 . 2008-05-11 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-11 15:02 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-11 15:02 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-11 14:59 . 2008-05-11 15:03 <DIR> d-------- C:\Program Files\Paraben
2008-05-11 14:59 . 2008-05-11 14:59 <DIR> d-------- C:\Program Files\Common Files\Paraben Shared
2008-05-10 23:30 . 2008-05-10 23:30 <DIR> d-------- C:\Program Files\Thoosje
2008-05-10 23:23 . 2008-05-10 23:24 <DIR> d-------- C:\Documents and Settings\dell\Application Data\ViStart
2008-05-10 23:19 . 2008-05-10 23:19 <DIR> d-------- C:\Documents and Settings\dell\Application Data\Styler
2008-05-10 23:18 . 2008-05-10 23:18 <DIR> d-------- C:\Program Files\WinFlip
2008-05-10 23:18 . 2008-05-10 23:18 <DIR> d-------- C:\Program Files\TrueTransparency
2008-05-10 23:18 . 2008-05-11 16:20 <DIR> d-------- C:\Program Files\Styler
2008-05-10 23:09 . 2008-05-10 23:09 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-05-10 23:08 . 2008-05-11 16:23 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-05-10 23:08 . 2008-05-10 23:21 <DIR> d-------- C:\VTPFiles
2008-05-10 23:08 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-05-10 23:08 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2008-05-10 23:08 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-05-10 23:08 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-05-10 22:29 . 2008-05-11 16:19 <DIR> d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-05-09 18:38 . 2008-05-09 18:48 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-08 16:07 . 2008-05-08 16:07 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-05-08 16:07 . 2008-05-08 16:07 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-05-08 16:06 . 2008-05-08 16:14 <DIR> d-------- C:\Program Files\DAP
2008-05-07 08:17 . 2008-05-10 15:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-07 08:17 . 2008-05-10 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-06 20:27 . 2008-05-11 00:07 3,232 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-06 20:20 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-06 20:20 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-06 16:17 . 2008-05-06 16:17 268 --ah----- C:\sqmdata01.sqm
2008-05-06 16:17 . 2008-05-06 16:17 244 --ah----- C:\sqmnoopt01.sqm
2008-05-06 16:04 . 2008-05-06 16:04 <DIR> d-------- C:\VundoFix Backups
2008-05-05 21:36 . 2008-05-05 21:36 268 --ah----- C:\sqmdata00.sqm
2008-05-05 21:36 . 2008-05-05 21:36 244 --ah----- C:\sqmnoopt00.sqm
2008-05-04 09:30 . 2008-05-04 09:30 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-04 09:30 . 2008-05-04 09:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-04 09:19 . 2008-05-04 09:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-04 09:13 . 2008-05-04 09:10 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-04 09:10 . 2008-05-04 14:47 <DIR> d-------- C:\Documents and Settings\dell\.housecall6.6
2008-05-03 12:36 . 2008-05-10 14:15 <DIR> d-------- C:\Program Files\Stardock
2008-05-03 12:36 . 2008-05-03 12:36 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-05-03 12:02 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-03 12:02 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-03 12:02 . 2008-03-09 00:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-03 12:02 . 2008-03-05 21:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-03 12:02 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-03 12:02 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-03 11:37 . 2008-05-03 11:37 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-03 11:23 . 2008-05-03 12:19 121 --a------ C:\WINDOWS\_vmtxp.ini
2008-05-03 09:26 . 2008-05-07 08:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-03 09:00 . 2008-05-11 15:42 <DIR> d-------- C:\WINDOWS\system32\in3
2008-05-03 09:00 . 2008-05-03 09:00 <DIR> d-------- C:\WINDOWS\system32\dvb1
2008-05-03 09:00 . 2008-05-03 09:00 <DIR> d-------- C:\WINDOWS\system32\bTMP
2008-05-03 09:00 . 2008-05-03 09:00 <DIR> d-------- C:\WINDOWS\system32\bkEur01
2008-05-03 08:54 . 2008-05-03 08:54 <DIR> d-------- C:\Temp\maxsv15
2008-05-03 08:54 . 2008-05-11 16:28 <DIR> d-------- C:\Temp
2008-05-02 22:53 . 2008-05-02 22:53 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-02 21:55 . 2008-05-02 21:55 <DIR> d-------- C:\Program Files\Opera
2008-05-02 21:36 . 2008-05-02 21:36 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-02 12:01 . 2006-08-09 20:58 218,624 --a------ C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-04-22 20:54 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-22 20:54 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-22 20:54 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-22 20:54 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-19 10:05 . 2008-04-19 10:06 <DIR> d-------- C:\Documents and Settings\dell\Application Data\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 21:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 21:22 --------- d-----w C:\Documents and Settings\dell\Application Data\DNA
2008-05-10 01:36 --------- d-----w C:\Documents and Settings\dell\Application Data\BitTorrent
2008-05-03 03:53 --------- d-----w C:\Program Files\Common Files\Real
2008-05-02 23:55 --------- d-----w C:\Program Files\Windows Live
2008-05-02 23:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-30 21:06 --------- d-----w C:\Program Files\QuickTime
2008-04-30 21:04 --------- d-----w C:\Program Files\MUSICMATCH
2008-04-22 20:56 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-12 15:11 --------- d-----w C:\Documents and Settings\dell\Application Data\AdobeUM
2008-04-11 02:34 --------- d-----w C:\Documents and Settings\dell\Application Data\DivX
2008-04-11 02:24 --------- d-----w C:\Program Files\DivX
2008-04-10 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 02:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 02:13 --------- d-----w C:\Program Files\Veoh Networks
2008-04-08 02:55 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-08 01:58 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-08 01:37 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-08 01:30 --------- d-----w C:\Program Files\BillP Studios
2008-04-08 01:30 --------- d-----w C:\Documents and Settings\dell\Application Data\WinPatrol
2008-04-07 23:01 --------- d-----w C:\Program Files\WordPerfect Office 12
2008-04-07 22:38 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-07 22:38 --------- d-----w C:\Program Files\Windows Live Favorites
2008-04-07 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-04-07 22:04 --------- d-----w C:\Program Files\CCleaner
2008-04-07 21:52 --------- d-----w C:\Program Files\DNA
2008-04-07 21:52 --------- d-----w C:\Program Files\BitTorrent
2008-04-07 21:48 --------- d-----w C:\Program Files\MSBuild
2008-04-07 21:48 --------- d-----w C:\Program Files\Microsoft Works
2008-04-07 21:46 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-07 21:44 --------- d-----w C:\Documents and Settings\dell\Application Data\vlc
2008-04-07 21:43 --------- d-----w C:\Program Files\VideoLAN
2008-04-07 21:34 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-07 21:34 --------- d-----w C:\Program Files\Athan
2008-04-07 21:05 --------- d-----w C:\Program Files\Google
2008-05-08 21:07 251,392 ----a-w C:\Program Files\opera\program\plugins\dapop.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51 306688]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 13:02 289088]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"DesktopX"="C:\Program Files\Stardock\Object Desktop\IconX\IconX.exe" [2005-08-03 12:58 54272]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-02-19 17:59 418632]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [ ]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-01-31 16:35 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-31 21:10 339968]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"Athan"="C:\Program Files\Athan\Athan.exe" [2005-09-11 19:04 937984]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 12:37 79224]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 00:38 316728]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-02 22:53 185896]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-05-08 16:07 3053056]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-20 13:05:19 24576]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoLogoff"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 12:31]
S2 ASTSRV;ASTSRV;C:\Windows\System32\ASTSRV.exe []
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 12:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08631429-d361-11dc-a709-0012f093f636}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-05-11 21:05:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-07 19:20:37 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-11 21:23:41 C:\WINDOWS\Tasks\SpeedOptimizer Startup.job"
- c:\program files\speedoptimizer\SPO.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 16:39:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
.
**************************************************************************
.
Completion time: 2008-05-11 16:42:07 - machine was rebooted [dell]
ComboFix-quarantined-files.txt 2008-05-11 21:42:01
Pre-Run: 17,032,511,488 bytes free
Post-Run: 16,952,479,744 bytes free
226 --- E O F --- 2008-04-16 14:25:29
Anyway Thank you very much for your help!! , and If its okay, I want to know whats a good Anti-Virus Program, I have avast, but is there anything better?
•
•
Join Date: May 2005
Posts: 2,352
Reputation:
Rep Power: 8
Solved Threads: 118
You have the VTP pack... and is/was pskill.exe a part of the package..? Combofix broke that one.. 
I imagine you are comforatble in there, so open registry and go to these two keys and delete them:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x?\Enum\Root\Legacy_WUDFRDD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x?\Enum\Root\Service_WudfRdd
where the x? stands for whatever controlset the keys are in....
I cannot see anything else.
Delete Vundofix and its files in C:\
Go start, run: combofix /u -to remove combofix.
May as well remove MBAM also...
Good luck out there.
[Crunchie swears by Avast.... I use AVG, but it is bugging me with a daily popup to buy it lately, and that may be enough to get me to change...]
I imagine you are comforatble in there, so open registry and go to these two keys and delete them:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x?\Enum\Root\Legacy_WUDFRDD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x?\Enum\Root\Service_WudfRdd
where the x? stands for whatever controlset the keys are in....
I cannot see anything else.
Delete Vundofix and its files in C:\
Go start, run: combofix /u -to remove combofix.
May as well remove MBAM also...
Good luck out there.
[Crunchie swears by Avast.... I use AVG, but it is bugging me with a daily popup to buy it lately, and that may be enough to get me to change...]
Last edited by gerbil : May 11th, 2008 at 10:40 pm.
Deep, deep in the woods, but walking about.
•
•
Join Date: May 2008
Posts: 7
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
Well, i am not really comfortable with the registry 
, but i know how to get into it, and find them in it. I seached HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x?\Enum\Root\Legacy_WUDFRDD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x?\Enum\Root\Service_WudfRdd
up in regedit, but it said they dont exist. But other then that my comps been working fine ! thanks a lot for your help! dunno what i wouldve done w/o your help, and hopefully i can help others who get the same problem as me.
, but i know how to get into it, and find them in it. I seached HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x?\Enum\Root\Legacy_WUDFRDDHKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x?\Enum\Root\Service_WudfRdd
up in regedit, but it said they dont exist. But other then that my comps been working fine !
thanks a lot for your help! dunno what i wouldve done w/o your help, and hopefully i can help others who get the same problem as me. |
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb Viruses, Spyware and other Nasties Marketplace
Linear Mode
Similar Threads
- Iexplorer, spyware, adware on a IBM laptop, please help <hijackthislog included> (Viruses, Spyware and other Nasties)
- Confused on what to do next... (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Neewbie KIndly asking for Help
- Next Thread: error message everytime i open a window in vista
