Solved: IE popups - Page 2

**Cheeseball81** · 26-Apr-2008, 03:57 PM **#16**

It can take awhile...that's normal.
If you don't wanna wait, just rerun Combofix and post the results.

BJones557 · 27-Apr-2008, 02:01 PM **#17**

WoW i would have to post the results in about 50 different sections so what should i do?

**Cheeseball81** · 28-Apr-2008, 08:11 PM **#18**

For the Panda scan?

BJones557 · 29-Apr-2008, 07:35 PM **#19**

**Cheeseball81** · 30-Apr-2008, 05:53 PM **#20**

Can you attach it?

BJones557 · 30-Apr-2008, 09:07 PM **#21**

no it's too big

**Byteman** · 12:16 AM

Are you sure you saved the results file as activescan.txt?

That text file should not be larger than our attachment size here....something is wrong, unless you have one of those email worms that creates thousands of copies/files on your hard drive.... that might make the log file too many characters.

If you cannot post it either way, what you will have to do is post several pieces of it in separate replies, or use an offsite file storing site and provide a link to the stored file so we can go look at the log...

I'd try this online storage utility> sign up, set it up, and upload that log file and post a link back here to your file. Remember, you will perhaps have to mark that file shared or whatever the utility has so that we can see a link at the storage site for it!!

Here are a few:

http://www.dropboks.com/

http://www.bluestring.com/

http://www.4shared.com/

BJones557 · 04-May-2008, 08:53 PM **#23**

Thanks. Here is a link to the file:

http://www.4shared.com/file/46439639/4125592c/ActiveS

**Byteman** · 09:50 PM

Good God, the text file results log is 8.54 Megabytes!

Cheeseball81- Would it be OK if I try to help out a bit and post a sampling of the relevant infected items minus Cookies for you and this poster?

Here's the problem, hundreds of copies of the Gaodrop.A worm that are in both user accounts' folders: This is a small amount of the actual items of Gaodrop.A and other malware....

C:\Documents and Settings\Brian\Cookies\brian@i.screensavers[1].txt
00254610 W32/Gaobot.MFM.worm Virus/Worm No 1 Yes No

C:\QooBox\Quarantine\C\onoes.exe.vir
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABCD Gaussian Beam Propagation (Classic) 1.2.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABCD Gaussian Beam Propagation (OS X) 1.2.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\abcDB 6.39.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\AbcMover 1.3.7.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABCPix 2.13.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\AbcPuzzles 8.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\AbcShortcuts 1.0.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABCSpell for Outlook Express 7.1.3.2.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABCUpload 4.6.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABCWebWizard Web Design 1.0.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abcxyz 1.0.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abe AVIWMV 2 MP4 Converter 2.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abe WXMedia AVIWMV 3GP Converter 2.0m.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abebooks HomeBase 2.3.19.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abee CHM Maker Pro 1.8.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abee MP3 Database Organizer 0.9.2.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abee Mp3 Duplicates Finder 2.3.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abexo Defragmenter Lite Plus 4.0.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abexo Defragmenter Pro 4.0.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abexo Free Registry Cleaner 1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abexo Memory Defragmenter 1.1.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abexo Registry Cleaner 4.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abextra Aquarium Screensaver 1.0.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABF Favorite Folders 1.3.8.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABF Magnifying Tools 1.2.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABF Outlook Backup 2.7.0.85 build 11152005.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABF Outlook Express Backup 2.0.0.15.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABF Password Recovery 1.7.0.71.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABF Photo Camera 1.0.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABF Slide Show Screen Saver 1.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABF Splash Screen 1.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABF Value Converter 2.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABF Visual Components Library 4.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\AbfComponents 4.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABGPro 2.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abhibhavak Organizer As if Guardian in Life (AO) 3.2.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABI-Coder 3.6.1.4.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abidia Wireless for BlackBerry 2.5.3.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abidia Wireless for Palm OS 3.0.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abidia Wireless for Pocket PC 3.0.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abidia Wireless for Smartphone 3.0.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abilities Builder Add & Subtract Fractions 3.5.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abilities Builder Add & Subtract Whole Numbers 6.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abilities Builder Divide Whole Numbers 6.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abilities Builder Fill-In Tests 6.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abilities Builder Fraction Facts 3.5.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abilities Builder Language Plus 8.6.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abilities Builder Matching Tests 6.6.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abilities Builder Multiply Whole Numbers 6.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abilities Builder Spell Plus 6.6.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abilities Builder Spell Words 6.6.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abilities Builder Whole Number Math Facts 6.6.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abilities Builder Whole Numbers Plus 7.6.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Ability FTP Server 1.18.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Ability Mail Server 2.57.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\AbilityMP3 301004.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\AbilitySuite Advanced Lifecycle Management Module R3.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abit AT7 BIOS ed.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abit AT7-MAX2 BIOS eb.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abit BE7 BE7-RAID BIOS bs.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abit IT7-MAX2 BIOS e8.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abit KD7KD7-RAID BIOS b8.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abit KX7-333 KX7-333R BIOS b6.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abit NV7-133R BIOS dw.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Abit NV7m BIOS be.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\AbiWord 2.4.4.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABIX 6.15.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Able Fax Tif View 1.8.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Able Graphic Manager 2.4.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Able MIDI Editor 1.3 build 131.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Able MPEG2 Editor 2.4.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Able Page View 1.6.8.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Able Photo Slide Show 1.9.9.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Able RAWer 1.2.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Able Staff Scheduler 4.25.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Able Video Snapshot 1.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Able2Doc 3.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Able2Extract 4.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\Able2Know Toolbar 1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\AbleFtp 7.04.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\AbleFtp 7.11.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\AbleGet 6.4.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\abLF02 1.0.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\ABMIS Professional 1.9 build 4132.zip[Setup.exe]

C:\Documents and Settings\Spencer\Complete\Zero Assumption Digital Image Recovery 1.2.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Spencer\Complete\Zero Assumption Recovery 7.3.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Spencer\Complete\ZERO Binary 1.5.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Spencer\Complete\Zero Code Designer 1.5.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Spencer\Complete\Zero Footprint Crypt 4.3.1.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Spencer\Complete\Zero Hour Retarded 4.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Spencer\Complete\Zero Spelling 5.0.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Spencer\Complete\Zero Trace 1.6.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Spencer\Complete\ZeroAds 1.40.0262.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Spencer\Complete\ZeroNetHistory 2005 1.65.9.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Spencer\Complete\ZeroPace Training Log 2.0.16.2004.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Spencer\Complete\ZeroSpyware 2005 3.4.11.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Spencer\Complete\ZeroSpyware Free Edition 3.04.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Spencer\Complete\ZeroSpyware Limited Edition 2.1.29.zip[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Spencer\Complete\Zeta Debugger 1.3.zip[Setup.exe]

C:\Documents and Settings\Compaq_Owner\Shared\Sexy horde 1-70 wow.zip[setup.exe][²ÜÇ\bann.exe][■%%\gzmrt.dll]
02899326 Adware/AdRotator Adware

C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS\NSBROWSEROPT.DLL
02904747 Adware/AdRotator

C:\Documents and Settings\Compaq_Owner\Shared\Sexy horde 1-70 wow.zip[setup.exe][²ÜÇ\adw.exe][²ªÇ]
02905994 Adware/BHO

C:\Documents and Settings\All Users\Application Data\SecTaskMan\rgtndz.dll.q_804EC00_q
02918722 Spyware/Virtumonde

C:\Documents and Settings\Compaq_Owner\Shared\wow stat changer.zip[Setup.exe]
02900692 Application/Playmp3z HackTools No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\wow godmod.zip[Setup.exe]
02900692 Application/Playmp3z HackTools No 0 Yes No C:\Documents and Settings\Compaq_Owner\Shared\in game 170 mod.zip[Setup.exe]
02901019 Adware/VapSup Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\SecTaskMan\iebrowserc.dll.q_8048004_q
02901019 Adware/VapSup

Application/PRScheduler HackTools No 0 Yes No C:\Documents and Settings\Linsdey\Start Menu\Programs\Startup\PowerReg Scheduler.exe

C:\QooBox\Quarantine\C\Program Files\outlook\p.zip.vir[Setup.exe]
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\Program Files\outlook\v.tmp.vir
00254690 Trj/Gaodrop.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Linsdey\Complete\RecallWorks Invoicing 2.9.zip[Setup.exe]

And, these were in the Kaspersky log you also had at the online storage site.....

Quote:

Virus:Bck/Agent.HBI Disinfected C:\WINDOWS\system32\vtlayiehoae.exe
Hacktool:Hacktool/MailBomber.F Not disinfected D:\new files\ELECTRICAL STUDY\gtmanual\steam Turbine\Turbine_Setup.EXE
Hacktool:Hacktool/MailBomber.F Not disinfected D:\new files\REPORT ON EVENTS\Purchase Requisitions\Latest greenfield-Jawed Alam\GREEN FIELD JOB CARDS WORKING\uconeer.zip[uconeer_setup.exe]

Cheeseball81 should be around to help you-

**Cheeseball81** · 05-May-2008, 08:37 PM **#25**

Thanks Bill. I am looking through the results now.

BJones557 · 09-May-2008, 04:30 PM **#26**

So what do I need to do now?

**Cheeseball81** · 12-May-2008, 05:29 PM **#27**

Stay put. I have another guru taking a look here. I'm not around here often enough to finish up this thread. But I have other gold shield members reviewing this.

BJones557 · 12-May-2008, 06:38 PM **#28**

ok thanks

JSntgRvr · 12-May-2008, 06:41 PM **#29**

Hi, BJones557

Cheeseball81 has ask me for some assistance on this one.

Lets first remove what has been detected so far:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Lets remove your current copy of Combofix, That will also remove folders containing malware.

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Once you have done the above, proceed as follows:

Please download the current version of ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**. Do not download Combofix unless you have followed the instructions above to remove the previous version.

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

BJones557 · 12-May-2008, 08:25 PM **#30**

Thanks for helping me out.

ComboFix 08-05-12.1 - Compaq_Owner 2008-05-14 20:14:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.142 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Compaq_Owner\Application Data\urlredir.cfg
C:\Documents and Settings\Linsdey\Application Data\urlredir.cfg

.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-14 17:11 . 2008-05-14 17:11 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-13 14:55 . 2008-05-13 14:55 <DIR> d-------- C:\Program Files\MSECache
2008-05-10 14:48 . 2008-05-10 14:48 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-08 15:22 . 2008-05-08 15:22 <DIR> d-------- C:\Program Files\DNA
2008-05-08 15:22 . 2008-05-14 20:17 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\DNA
2008-05-06 18:51 . 2008-05-06 18:51 <DIR> d-------- C:\Program Files\VstPlugins
2008-05-06 18:51 . 2002-07-07 17:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-05-06 18:51 . 2006-06-20 03:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-05-06 18:50 . 2008-05-06 18:50 <DIR> d-------- C:\Program Files\Outsim
2008-05-06 18:35 . 2008-05-10 14:21 <DIR> d-------- C:\Program Files\Image-Line
2008-04-26 11:54 . 2008-04-26 11:54 <DIR> d-------- C:\Program Files\Panda Security
2008-04-17 15:31 . 2008-04-17 15:31 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 00:49 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2008-04-19 15:37 --------- d-----w C:\Program Files\World of Warcraft
2008-04-17 00:23 --------- d-----w C:\Program Files\FBrowsingAdvisor
2008-04-14 00:34 --------- d-----w C:\Documents and Settings\Spencer\Application Data\LimeWire
2008-04-10 18:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-09 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave
2008-04-03 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-30 21:09 --------- d-----w C:\Program Files\AOL 9.0a
2008-03-30 21:08 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AOL
2008-03-30 21:06 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-30 21:05 --------- d-----w C:\Program Files\Common Files\aolshare
2008-03-30 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-30 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-30 20:09 --------- d-----w C:\Program Files\AOL 9.1
2008-03-30 20:02 --------- d-----w C:\Program Files\Security Task Manager
2008-03-30 20:00 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Uniblue
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 05:00 --------- d-----w C:\Program Files\iTunes
2008-03-18 05:00 --------- d-----w C:\Program Files\iPod
2008-03-18 04:58 --------- d-----w C:\Program Files\QuickTime
2008-03-15 16:37 --------- d-----w C:\Documents and Settings\Linsdey\Application Data\LimeWire
2008-03-15 16:12 --------- d-----w C:\Documents and Settings\Linsdey\Application Data\EXIT THE SAVE
2008-03-15 03:49 --------- d-----w C:\Program Files\LimeWire
2008-03-15 03:29 --------- d-----w C:\Program Files\Java
2008-02-29 21:40 46,300 ----a-w C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-08-27 20:06 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2006-04-25 19:07 270 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2005-10-11 21:25 1,940 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\ViewerApp.dat
2005-07-08 16:39 284 -c--a-w C:\Documents and Settings\Brian\Application Data\ViewerApp.dat
2005-05-11 19:08 284 -c--a-w C:\Documents and Settings\Spencer\Application Data\ViewerApp.dat
2005-03-28 20:03 561,152 -c--a-w C:\Documents and Settings\Compaq_Owner\chatlnk.exe
2005-02-21 22:56 185 -c-ha-w C:\Documents and Settings\Compaq_Owner\Application Data\hpothb07.dat
2005-02-21 22:56 164 -c-ha-w C:\Documents and Settings\All Users\hpothb07.dat
2005-02-18 04:07 0 -c--a-w C:\Documents and Settings\Spencer\Application Data\wklnhst.dat
2005-02-14 01:52 0 -c--a-w C:\Documents and Settings\Linsdey\Application Data\wklnhst.dat
2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-21_20.11.11.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 02:53:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 01:06:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-05-10 15:25:40 14,677,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNV.EXE
+ 2008-05-15 01:05:20 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-04-26 16:54:34 2,213 -c--a-w C:\WINDOWS\mozver.dat
+ 2008-03-20 00:23:20 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-03-20 00:36:22 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDir.dll
+ 2008-03-20 00:24:02 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-03-19 23:46:26 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-03-20 00:24:04 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-03-19 23:36:14 754,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-03-19 23:36:16 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-03-19 23:36:14 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-03-19 23:42:42 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-03-20 00:22:34 249,856 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-03-20 00:25:36 442,368 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-03-20 00:36:06 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe
+ 2008-03-20 00:26:20 110,592 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-03-20 00:22:22 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-03-19 23:36:14 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 15:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2008-04-09 08:10:55 262,232 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-14 22:13:57 281,336 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
- 2007-06-11 20:34:34 2,115,816 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2007-06-11 20:34:40 190,696 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2007-12-10 01:35:29 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-05-08 23:36:27 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2007-10-22 04:56:04 45,218 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-05-08 23:38:43 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-08-07 19:35:56 585,728 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-15 04:29:22 581,632 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-15 04:12:30 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapiX.dll
- 2007-08-07 19:36:32 24,576 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-15 04:29:58 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-15 04:10:06 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32X.dll
- 2007-08-07 19:35:22 339,968 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-03-15 04:28:48 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
- 2007-08-07 19:35:32 483,328 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-03-15 04:28:56 475,136 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
- 2007-08-07 19:28:38 180,224 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-03-15 04:21:52 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
- 2007-08-07 19:37:56 77,824 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 04:31:28 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 16:38:08 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenuX.dll
- 2007-08-07 19:37:58 98,304 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-03-15 04:31:28 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"AOL Fast Start"="C:\Program Files\AOL 9.1\AOL.exe" [2007-10-27 12:44 50528]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 15:22 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-20 09:25 180269]
"HostManager"="C:\Program Files\Common Files\AOL\1108671103\ee\AOLSoftware.exe" [2007-05-25 12:16 42032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 16:18 443968]

C:\Documents and Settings\Linsdey\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2007-10-20 15:57:22 256000]

C:\Documents and Settings\Spencer\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 16:32:57 147456]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-04-27 18:30:30 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^DING!.lnk]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\DING!.lnk
backup=C:\WINDOWS\pss\DING!.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0a\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 07:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
C:\Program Files\Common Files\AOL\1108671103\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan]
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 C:\Program Files\Common Files\AOL\1108671103\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a--c--- 1998-05-07 18:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-21 00:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-04-17 21:41 196608 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-04-13 15:07 69632 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KlipFolio]
C:\Program Files\KlipFolio\KlipFolio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a--c--- 2004-10-14 23:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFEXE]
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\mcafee.com\antivirus\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2004-04-14 22:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
--a------ 2004-09-24 11:49 49152 C:\WINDOWS\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
C:\Program Files\Common Files\AOL\1108671103\ee\SSCRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-10-20 09:25 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 10:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2004-10-22 12:53 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1108671103\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\1108671103\\EE\\aolsoftware.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\Ad-Aware2007.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AOL 9.0a\\waol.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader
"6999:TCP"= 6999:TCP:Blizzard Downloader

S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 03:06]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 16:14:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 01:09:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 20:17:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
Completion time: 2008-05-14 20:21:05
ComboFix-quarantined-files.txt 2008-05-15 01:20:47
ComboFix2.txt 2008-04-22 01:12:26

Pre-Run: 137,814,929,408 bytes free
Post-Run: 137,808,351,232 bytes free

291 --- E O F --- 2008-05-15 01:05:20

Search
Search in:
Show Threads Show Posts
Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)