Micro virus AV

Swampbat · Sep 23, 2008

Hi,
Yesterday I became infected with something Called Micro Virus AV.
There were a large number of pop ups telling me to buy their software to clean my PC, and shortcuts for dodgy sites kept appearing on the desktop!

I have tried running Combofix and this removed a number of files but i am still getting my Virus scanner comming up with popups tekking me that something is trying to alter the registry.

Here is the combofix log. I have also done a HJT log But it told me the post was too long. I can post this later if you want.

I hope you can help, thankyou in advance.

matt.

ComboFix 08-09-22.03 - Matt 2008-09-23 18:42:56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1357 [GMT 1:00]
Running from: F:\Documents and Settings\Matt\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
F:\Documents and Settings\Matt\Application Data\Adobe\crc.dat
F:\Program Files\MicroAV
F:\Program Files\MicroAV\MicroAV.cpl
F:\Program Files\MicroAV\MicroAV.exe
F:\Program Files\MicroAV\MicroAV.ooo
F:\Program Files\MicroAV\MicroAV0.dat
F:\Program Files\MicroAV\MicroAV1.dat
F:\Program Files\PCHealthCenter\0.exe
F:\Program Files\PCHealthCenter\0.gif
F:\Program Files\PCHealthCenter\1.exe
F:\Program Files\PCHealthCenter\1.gif
F:\Program Files\PCHealthCenter\1.ico
F:\Program Files\PCHealthCenter\2.exe
F:\Program Files\PCHealthCenter\2.gif
F:\Program Files\PCHealthCenter\2.ico
F:\Program Files\PCHealthCenter\3.exe
F:\Program Files\PCHealthCenter\3.gif
F:\Program Files\PCHealthCenter\4.exe
F:\Program Files\PCHealthCenter\5.exe
F:\Program Files\PCHealthCenter\7.exe
F:\Program Files\PCHealthCenter\e
F:\Program Files\PCHealthCenter\sc.html
F:\WINDOWS\system32\_003590_.tmp.dll
F:\WINDOWS\system32\_003598_.tmp.dll
F:\WINDOWS\system32\_003622_.tmp.dll
F:\WINDOWS\system32\_003630_.tmp.dll
F:\WINDOWS\system32\_003638_.tmp.dll
F:\WINDOWS\system32\_003646_.tmp.dll
F:\WINDOWS\system32\_003654_.tmp.dll
F:\WINDOWS\system32\_003662_.tmp.dll
F:\WINDOWS\system32\_003678_.tmp.dll
F:\WINDOWS\system32\_003694_.tmp.dll
F:\WINDOWS\system32\_003710_.tmp.dll
F:\WINDOWS\system32\_003718_.tmp.dll
F:\WINDOWS\system32\_003734_.tmp.dll
F:\WINDOWS\system32\_003742_.tmp.dll
F:\WINDOWS\system32\_003750_.tmp.dll
F:\WINDOWS\system32\_003758_.tmp.dll
F:\WINDOWS\system32\_003769_.tmp.dll
F:\WINDOWS\system32\_003770_.tmp.dll
F:\WINDOWS\system32\_003771_.tmp.dll
F:\WINDOWS\system32\_003772_.tmp.dll
F:\WINDOWS\system32\_003779_.tmp.dll
F:\WINDOWS\system32\_003780_.tmp.dll
F:\WINDOWS\system32\_003781_.tmp.dll
F:\WINDOWS\system32\_003783_.tmp.dll
F:\WINDOWS\system32\_003784_.tmp.dll
F:\WINDOWS\system32\_003785_.tmp.dll
F:\WINDOWS\system32\_003786_.tmp.dll
F:\WINDOWS\system32\_003787_.tmp.dll
F:\WINDOWS\system32\_003788_.tmp.dll
F:\WINDOWS\system32\_003791_.tmp.dll
F:\WINDOWS\system32\_003792_.tmp.dll
F:\WINDOWS\system32\_003793_.tmp.dll
F:\WINDOWS\system32\_003794_.tmp.dll
F:\WINDOWS\system32\_003795_.tmp.dll
F:\WINDOWS\system32\_003796_.tmp.dll
F:\WINDOWS\system32\_003798_.tmp.dll
F:\WINDOWS\system32\_003799_.tmp.dll
F:\WINDOWS\system32\_003800_.tmp.dll
F:\WINDOWS\system32\_003801_.tmp.dll
F:\WINDOWS\system32\_003802_.tmp.dll
F:\WINDOWS\system32\_003803_.tmp.dll
F:\WINDOWS\system32\_003804_.tmp.dll
F:\WINDOWS\system32\_003806_.tmp.dll
F:\WINDOWS\system32\_003809_.tmp.dll
F:\WINDOWS\system32\_003810_.tmp.dll
F:\WINDOWS\system32\_003811_.tmp.dll
F:\WINDOWS\system32\_003812_.tmp.dll
F:\WINDOWS\system32\_003813_.tmp.dll
F:\WINDOWS\system32\_003814_.tmp.dll
F:\WINDOWS\system32\_003817_.tmp.dll
F:\WINDOWS\system32\_003818_.tmp.dll
F:\WINDOWS\system32\_003819_.tmp.dll
F:\WINDOWS\system32\_003820_.tmp.dll
F:\WINDOWS\system32\_003822_.tmp.dll
F:\WINDOWS\system32\_003823_.tmp.dll
F:\WINDOWS\system32\_003825_.tmp.dll
F:\WINDOWS\system32\_003826_.tmp.dll
F:\WINDOWS\system32\_003827_.tmp.dll
F:\WINDOWS\system32\_003828_.tmp.dll
F:\WINDOWS\system32\_003829_.tmp.dll
F:\WINDOWS\system32\_003832_.tmp.dll
F:\WINDOWS\system32\_003833_.tmp.dll
F:\WINDOWS\system32\_003834_.tmp.dll
F:\WINDOWS\system32\_003835_.tmp.dll
F:\WINDOWS\system32\_003836_.tmp.dll
F:\WINDOWS\system32\_003838_.tmp.dll
F:\WINDOWS\system32\_003839_.tmp.dll
F:\WINDOWS\system32\_003840_.tmp.dll
F:\WINDOWS\system32\_003841_.tmp.dll
F:\WINDOWS\system32\_003842_.tmp.dll
F:\WINDOWS\system32\_003843_.tmp.dll
F:\WINDOWS\system32\_003844_.tmp.dll
F:\WINDOWS\system32\_003845_.tmp.dll
F:\WINDOWS\system32\_003848_.tmp.dll
F:\WINDOWS\system32\_003849_.tmp.dll
F:\WINDOWS\system32\_003850_.tmp.dll
F:\WINDOWS\system32\_003851_.tmp.dll
F:\WINDOWS\system32\_003852_.tmp.dll
F:\WINDOWS\system32\_003853_.tmp.dll
F:\WINDOWS\system32\_003854_.tmp.dll
F:\WINDOWS\system32\_003855_.tmp.dll
F:\WINDOWS\system32\_003856_.tmp.dll
F:\WINDOWS\system32\_003857_.tmp.dll
F:\WINDOWS\system32\_003858_.tmp.dll
F:\WINDOWS\system32\_003859_.tmp.dll
F:\WINDOWS\system32\_003860_.tmp.dll
F:\WINDOWS\system32\_003865_.tmp.dll
F:\WINDOWS\system32\_003866_.tmp.dll
F:\WINDOWS\system32\_003867_.tmp.dll
F:\WINDOWS\system32\_003868_.tmp.dll
F:\WINDOWS\system32\_003869_.tmp.dll
F:\WINDOWS\system32\_003871_.tmp.dll
F:\WINDOWS\system32\_003872_.tmp.dll
F:\WINDOWS\system32\_003873_.tmp.dll
F:\WINDOWS\system32\_003874_.tmp.dll
F:\WINDOWS\system32\_003875_.tmp.dll
F:\WINDOWS\system32\_003876_.tmp.dll
F:\WINDOWS\system32\_003881_.tmp.dll
F:\WINDOWS\system32\_003882_.tmp.dll
F:\WINDOWS\system32\_003883_.tmp.dll
F:\WINDOWS\system32\_003884_.tmp.dll
F:\WINDOWS\system32\_003889_.tmp.dll
F:\WINDOWS\system32\_003890_.tmp.dll
F:\WINDOWS\system32\_003891_.tmp.dll
F:\WINDOWS\system32\_003892_.tmp.dll
F:\WINDOWS\system32\_003897_.tmp.dll
F:\WINDOWS\system32\_003898_.tmp.dll
F:\WINDOWS\system32\_003899_.tmp.dll
F:\WINDOWS\system32\_003900_.tmp.dll
F:\WINDOWS\system32\_003905_.tmp.dll
F:\WINDOWS\system32\_003906_.tmp.dll
F:\WINDOWS\system32\_003907_.tmp.dll
F:\WINDOWS\system32\_003908_.tmp.dll
F:\WINDOWS\system32\_003913_.tmp.dll
F:\WINDOWS\system32\_003914_.tmp.dll
F:\WINDOWS\system32\_003915_.tmp.dll
F:\WINDOWS\system32\_003916_.tmp.dll
F:\WINDOWS\system32\_003921_.tmp.dll
F:\WINDOWS\system32\_003922_.tmp.dll
F:\WINDOWS\system32\_003923_.tmp.dll
F:\WINDOWS\system32\_003924_.tmp.dll
F:\WINDOWS\system32\_003929_.tmp.dll
F:\WINDOWS\system32\_003930_.tmp.dll
F:\WINDOWS\system32\_003931_.tmp.dll
F:\WINDOWS\system32\_003932_.tmp.dll
F:\WINDOWS\system32\_006136_.tmp.dll
F:\WINDOWS\system32\_006137_.tmp.dll
F:\WINDOWS\system32\_006138_.tmp.dll
F:\WINDOWS\system32\_006139_.tmp.dll
F:\WINDOWS\system32\_006146_.tmp.dll
F:\WINDOWS\system32\_006147_.tmp.dll
F:\WINDOWS\system32\_006148_.tmp.dll
F:\WINDOWS\system32\_006149_.tmp.dll
F:\WINDOWS\system32\_006151_.tmp.dll
F:\WINDOWS\system32\_006152_.tmp.dll
F:\WINDOWS\system32\_006155_.tmp.dll
F:\WINDOWS\system32\_006156_.tmp.dll
F:\WINDOWS\system32\_006158_.tmp.dll
F:\WINDOWS\system32\_006159_.tmp.dll
F:\WINDOWS\system32\_006160_.tmp.dll
F:\WINDOWS\system32\_006162_.tmp.dll
F:\WINDOWS\system32\_006165_.tmp.dll
F:\WINDOWS\system32\_006166_.tmp.dll
F:\WINDOWS\system32\_006170_.tmp.dll
F:\WINDOWS\system32\_006171_.tmp.dll
F:\WINDOWS\system32\_006173_.tmp.dll
F:\WINDOWS\system32\_006176_.tmp.dll
F:\WINDOWS\system32\_006178_.tmp.dll
F:\WINDOWS\system32\_006179_.tmp.dll
F:\WINDOWS\system32\_006180_.tmp.dll
F:\WINDOWS\system32\_006181_.tmp.dll
F:\WINDOWS\system32\_006182_.tmp.dll
F:\WINDOWS\system32\_006185_.tmp.dll
F:\WINDOWS\system32\_006186_.tmp.dll
F:\WINDOWS\system32\_006187_.tmp.dll
F:\WINDOWS\system32\_006188_.tmp.dll
F:\WINDOWS\system32\_006189_.tmp.dll
F:\WINDOWS\system32\_006194_.tmp.dll
F:\WINDOWS\system32\_006196_.tmp.dll
F:\WINDOWS\system32\_006197_.tmp.dll
F:\WINDOWS\system32\1.ico
F:\WINDOWS\system32\2.ico
F:\WINDOWS\system32\mlJAsPfd.dll
F:\WINDOWS\system32\mlJdccAr.dll
F:\WINDOWS\system32\rtl60.bpl

----- BITS: Possible infected sites -----

http://78.157.143.163
.
((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-22 22:42 . 2008-09-22 03:15 166,400 --a------ F:\WINDOWS\system32\MicroAV.cpl
2008-09-22 22:41 . 2008-09-23 18:55 <DIR> d-------- F:\Program Files\PCHealthCenter
2008-09-21 18:32 . 2008-09-21 18:32 <DIR> d-------- F:\Program Files\Kontiki
2008-09-21 18:32 . 2008-09-23 18:59 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Kontiki
2008-09-20 20:19 . 2008-09-20 20:19 <DIR> d-------- F:\Program Files\Projity Inc
2008-09-19 22:00 . 2008-09-19 22:00 <DIR> d-------- F:\Program Files\Microsoft Silverlight
2008-09-03 21:29 . 2008-09-03 21:29 <DIR> d-------- F:\Program Files\Microsoft ActiveSync
2008-08-26 21:03 . 2008-08-26 21:07 10,752 --a------ F:\WINDOWS\DCEBoot.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 17:39 --------- d---a-w F:\Documents and Settings\All Users\Application Data\TEMP
2008-09-22 21:46 --------- d-----w F:\Documents and Settings\Matt\Application Data\Azureus
2008-09-22 20:14 --------- d-----w F:\Program Files\Mozilla Thunderbird
2008-09-11 20:36 --------- d-----w F:\Documents and Settings\Matt\Application Data\Canon
2008-09-07 16:20 --------- d-----w F:\Documents and Settings\Matt\Application Data\Shareaza
2008-09-07 09:28 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-09-06 17:45 --------- d-----w F:\Program Files\THQ
2008-09-05 13:49 --------- d-----w F:\Program Files\Mozilla Sunbird
2008-09-03 20:29 --------- d-----w F:\Program Files\Common Files\L&H
2008-08-27 17:00 --------- d-----w F:\Program Files\SpywareBlaster
2008-08-14 20:42 --------- d-----w F:\Program Files\Microsoft Works
2008-08-14 20:42 --------- d-----w F:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-10 18:58 --------- d-----w F:\Program Files\Windows Media Connect 2
2008-08-10 18:54 0 ---ha-w F:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-10 18:54 0 ---ha-w F:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-08-10 08:22 --------- d-----w F:\Program Files\Windows Resource Kits
2008-07-23 18:37 --------- d-----w F:\Program Files\WA-T1
2008-07-19 19:26 43,520 ----a-w F:\WINDOWS\system32\CmdLineExt03.dll
2008-07-18 21:10 94,920 ----a-w F:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w F:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w F:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w F:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w F:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w F:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w F:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w F:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w F:\WINDOWS\system32\es.dll
2008-06-24 17:12 295,936 ----a-w F:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:43 74,240 ----a-w F:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w F:\WINDOWS\system32\wininet.dll
2007-06-24 13:57 3,129,344 ----a-w F:\Program Files\disgomykey.exe
2007-08-12 11:30 56 --sha-r F:\WINDOWS\system32\0D0FA6C844.sys
2002-04-16 10:27 5 --sha-w F:\WINDOWS\system32\CdI5T.drv
2007-08-12 21:10 1,890 --sha-w F:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888SOFTWARE\Microsoft\Windows\CurrentVersion\Run"="8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888SOFTWARE\Microsoft\Windows\CurrentVersion\Run" [X]
"NBJ"="F:\Program Files\Ahead\Nero\Nero BackItUp\NBJ.exe" [2004-08-25 1871872]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="F:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888SOFTWARE\Microsoft\Windows\CurrentVersion\Run"="8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888SOFTWARE\Microsoft\Windows\CurrentVersion\Run" [X]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"OpwareSE2"="F:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"IgfxTray"="F:\WINDOWS\system32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="F:\WINDOWS\system32\hkcmd.exe" [2003-03-11 114688]
"CTSysVol"="F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"ASUS Probe"="f:\AsusProb.exe" [2002-12-06 617984]
"itype"="F:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-06-16 555816]
"IntelliPoint"="F:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-06-16 568096]
"btbb_wcm_McciTrayApp"="F:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-11-30 935936]
"Motive SmartBridge"="F:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe" [2006-05-24 458839]
"pccguide.exe"="F:\PROGRA~1\TRENDM~1\INTERN~3\pccguide.exe" [2007-03-07 3429904]
"tsnp2std"="F:\WINDOWS\tsnp2std.exe" [2005-11-14 110592]
"snp2std"="F:\WINDOWS\vsnp2std.exe" [2005-11-16 344064]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSScheduler"="F:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"StartCCC"="F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="F:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 44544]

F:\Documents and Settings\Matt\Start Menu\Programs\Startup\
Adobe Gamma.lnk - F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=F:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^CONNECTAUTrayApp.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\CONNECTAUTrayApp.lnk
backup=F:\WINDOWS\pss\CONNECTAUTrayApp.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^Matt^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=F:\Documents and Settings\Matt\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=F:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\F:^Documents and Settings^Matt^Start Menu^Programs^Startup^WordWeb.lnk]
path=F:\Documents and Settings\Matt\Start Menu\Programs\Startup\WordWeb.lnk
backup=F:\WINDOWS\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 F:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 F:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"F:\\WINDOWS\\system32\\sessmgr.exe"=
"F:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"F:\\Program Files\\Messenger\\msmsgs.exe"=
"F:\\Program Files\\Valve\\Steam\\Steam.exe"=
"F:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"F:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"F:\\Program Files\\Valve\\Steam\\SteamApps\\swampbat\\half-life 2\\hl2.exe"=
"F:\\Program Files\\Valve\\Steam\\SteamApps\\swampbat\\counter-strike source\\hl2.exe"=
"F:\\Program Files\\Outlook Express\\msimn.exe"=
"F:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"F:\\Program Files\\Azureus\\Azureus.exe"=
"F:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"F:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"F:\\WINDOWS\\system32\\mmc.exe"=
"F:\\Program Files\\Kontiki\\KService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"49253:UDP"= 49253:UDP:azureus
"49253:TCP"= 49253:TCP:azureus

R1 LUMDriver;LUMDriver;F:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 14912]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT);F:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;F:\WINDOWS\system32\Drivers\ousbehci.sys [2006-03-01 46080]
S3 ASUSHWIO;ASUSHWIO;F:\WINDOWS\system32\drivers\ASUSHWIO.sys [ ]
S3 gkmixern;gkmixern;F:\DOCUME~1\MORGAN\LOCALS~1\Temp\gkmixern.sys [ ]
S3 hdlSrv;hdlSrv;F:\Documents and Settings\Matt\Start Menu\Programs\CleverStuff\Service-for-Non-admin\hdlSrv.exe [ ]
S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;F:\WINDOWS\system32\DRIVERS\MRVW23B.sys [2006-12-22 231040]
S3 MRVW225;54M Wireless USB Adapter Dirver for Windows XP;F:\WINDOWS\system32\DRIVERS\MRVW225.sys [2005-12-21 299776]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;F:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2006-03-01 56960]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);F:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 10192896]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{1F5FDA83-4379-4C6A-94AD-CC7BC688505A} - F:\WINDOWS\system32\mlJAsPfd.dll
SharedTaskScheduler-{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} - (no file)
ShellExecuteHooks-{1F5FDA83-4379-4C6A-94AD-CC7BC688505A} - F:\WINDOWS\system32\mlJAsPfd.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - F:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\7h3of5h2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk/
FF -: plugin - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - F:\Program Files\OpenOffice.org 2.0\program\npsoplugin.dll
FF -: plugin - F:\Program Files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 18:57:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
F:\WINDOWS\system32\ati2evxx.exe
F:\WINDOWS\system32\ati2evxx.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
F:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\CTSVCCDA.EXE
F:\Program Files\Kontiki\KService.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
F:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
F:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
F:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
F:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
F:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
F:\Program Files\Windows Media Player\wmpnetwk.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-09-23 19:17:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-23 18:16:35
ComboFix2.txt 2008-06-06 21:23:31

Pre-Run: 18,444,709,888 bytes free
Post-Run: 18,216,615,936 bytes free

409 --- E O F --- 2008-09-15 17:44:58

Log in or Sign up

Micro virus AV

Swampbat Thread Starter

Welcome to Tech Support Guy!

New virus

In Progress Trojan Virus Worry

In Progress Virus removal tool

Solved Virus or Malware????

In Progress Attacked by virus all files encrypted to kvag

Log in or Sign up

Micro virus AV

Swampbat Thread Starter

Welcome to Tech Support Guy!

New virus

In Progress Trojan Virus Worry

In Progress Virus removal tool

Solved Virus or Malware????

In Progress Attacked by virus all files encrypted to kvag

Useful Searches