We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Need Help To Remove a Virus
Options
Comments
-
(((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-19 2002160]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"MtdAcq"="c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE" [2002-10-16 118862]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-11 185896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-06-05 574720]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-04-21 56064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Chris\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-13 16:22 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 ----a-w- c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-15 14:03 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *sprestrt\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389CP"= 3389CP:Remote Desktop
"65533CP"= 65533CP:Services
"52344CP"= 52344CP:Services
"2479CP"= 2479CP:Services
"3246CP"= 3246CP:Services
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/20/2009 11:17 AM 64288]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [11/11/2009 9:13 PM 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [11/11/2009 9:23 PM 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [11/11/2009 9:24 PM 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [11/11/2009 9:23 PM 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [11/11/2009 9:24 PM 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [11/11/2009 9:23 PM 158848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 10:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 10:33 AM 74480]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [11/11/2009 9:13 PM 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [11/11/2009 9:24 PM 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 1:19 PM 1181328]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [11/11/2009 9:13 PM 177416]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2010\psksvc.exe [11/11/2009 9:18 PM 28928]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [5/9/2009 8:45 PM 197888]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [11/10/2007 3:20 AM 29728]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 10:33 AM 7408]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/29/2009 9:19 AM 721904]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]
S4 SessionLauncher;SessionLauncher;c:\docume~1\Chris\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Chris\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Supplementary Scan
.
uStart Page = hxxp://bt.yahoo.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090729114115
DPF: {71057C18-0507-4747-86BC-E11CE7512C5F}
.
.
File Associations
.
JSEFile=c:\progra~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
.
- - - - ORPHANS REMOVED - - - -
BHO-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file)
HKLM-Run-Mdoti - c:\windows\ivaxilexexe.dll
AddRemove-DVDVideoSoft Toolbar - c:\progra~1\DVDVID~1\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 14:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="c:\\WINDOWS\\system32\\likibefi.dll,c:\\windows\\system32\\fabokenu.dll"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1124)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\avldr.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
- - - - - - - > 'explorer.exe'(920)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\program files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
c:\program files\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
c:\program files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE
c:\program files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
c:\program files\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Panda Security\Panda Antivirus Pro 2010\psimreal.exe
c:\program files\Panda Security\Panda Antivirus Pro 2010\avciman.exe
.
**************************************************************************
.
Completion time: 2009-12-22 14:22:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-22 14:22
Pre-Run: 408,456,224,768 bytes free
Post-Run: 410,362,036,224 bytes free
- - End Of File - - 3967F7F7809C0B86D0B6E0AB2E19C1380 -
There are times when Trojans are quite sneaky they install themselves into system restore, so when you run a virus check and it doesn’t matter which one you use they will not find it because system restore is protected. So turn off system restore then run the virus checker and if it’s in there it will be able to find it. PS make sure you switch back on after the virus check.Low Carb High Fat is the way forward I lost 80 lbs
Since first using Martins I have saved thousands0 -
There are times when Trojans are quite sneaky they install themselves into system restore, so when you run a virus check and it doesn’t matter which one you use they will not find it because system restore is protected. So turn off system restore then run the virus checker and if it’s in there it will be able to find it. PS make sure you switch back on after the virus check.
Both malwarebytes and combfix check the restore points as do many other programs
The only thing I would personally suggest is never restore when your computers infected:idea:0 -
Thanks aliEnRIK looks like our computers ok now can use google without getting redirected to something else you say about panda firewall not being very good whats the best AV software i could get to protect our computer what would you recommend0
-
Often a contentious issuewhats the best AV software i could get to protect our computer what would you recommend
. I swear by Avast, absolutely love it; and in addition to AV protection make sure you install an anti-malware program such as Windows Defender :cool: 0 -
My bad, forgot to check the log
Your still infected ~
Open notepad and copy/paste the text in RED below
File::
c:\windows\Rduvoci.bin
c:\windows\Gwodeyilu.dat
c:\windows\system32\PavCPL.dat
c:\windows\system32\emptyregdb.dat
c:\\WINDOWS\\system32\\likibefi.dll
c:\\windows\\system32\\fabokenu.dll
Save this as "CFScript" (FULL file will be 'CFScript.txt')
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
Thanks aliEnRIK looks like our computers ok now can use google without getting redirected to something else you say about panda firewall not being very good whats the best AV software i could get to protect our computer what would you recommend
You really need to follow post #17 before attempting to change security
As for that ~ as you have the full suite id advise uninstalling the lot (Simply disabling the firewall could easily create other problems as its designed to be all used together)
Then its upto you really. I highly recommend PC TOOLS FIREWALL (free - I use it)
Then you still need an av so choose from ~
Avira - Light no email scanning ~ its what I use
Avast - not as good detection as Avira but has email scanning
AVG - theres been a lot of problems with this so id personally sugegst against it
Microsoft security Essentials ~ lot of praise, but until I see concrete tests I cant suggest using it
Panda Cloud ~ same as security essentials:idea:0 -
Here are the results of the Combofix.txt scan
ComboFix 09-12-21.04 - Chris 23/12/2009 21:24:32.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.452 [GMT 0:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\My Documents\CFScript.txt
AV: Panda Antivirus Pro 2010 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\\windows\\system32\\fabokenu.dll"
"c:\\WINDOWS\\system32\\likibefi.dll"
"c:\windows\Gwodeyilu.dat"
"c:\windows\Rduvoci.bin"
"c:\windows\system32\emptyregdb.dat"
"c:\windows\system32\PavCPL.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc2A.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc58.tmp
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mcc9.tmp
c:\windows\Gwodeyilu.dat
c:\windows\Rduvoci.bin
c:\windows\system32\emptyregdb.dat
c:\windows\system32\PavCPL.dat
.
((((((((((((((((((((((((( Files Created from 2009-11-23 to 2009-12-23 )))))))))))))))))))))))))))))))
.
2009-12-21 16:20 . 2009-12-21 16:20 388096 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-21 16:20 . 2009-12-21 16:20
d
w- c:\program files\TrendMicro
2009-12-21 14:13 . 2009-12-21 14:13
d
w- c:\documents and settings\Chris\Local Settings\Application Data\{0A0E9DB1-DA2A-44B8-8949-CB39CB9D298B}
2009-12-20 13:24 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-20 11:17 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-20 11:17 . 2009-12-20 11:17 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-20 11:17 . 2009-12-20 11:17 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-20 11:17 . 2009-12-20 11:17 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-20 11:17 . 2009-12-20 11:17 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-20 11:17 . 2009-12-20 11:17 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-20 11:17 . 2009-12-20 11:17 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-20 11:16 . 2009-12-20 11:16 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-20 11:16 . 2009-12-20 11:16 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-20 11:16 . 2009-12-20 11:16 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-20 11:16 . 2009-12-20 11:16 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-20 11:16 . 2009-12-20 11:16 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-20 11:16 . 2009-12-20 11:16 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-20 11:15 . 2009-12-20 11:16 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-20 11:14 . 2009-12-20 11:14
dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-20 11:14 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-20 11:14 . 2009-12-20 11:14
d
w- c:\program files\Lavasoft
2009-12-20 11:14 . 2009-12-20 11:14
d
w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-19 15:30 . 2009-12-23 09:20 52224 ----a-w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-19 14:24 . 2009-12-19 14:24
d
w- c:\windows\system32\wbem\Repository
2009-12-01 17:52 . 2009-12-01 17:52
d
w- C:\Output
2009-12-01 17:41 . 2009-12-01 17:41
d
w- c:\documents and settings\Lisa\Application Data\Ahead
2009-12-01 17:06 . 2009-12-01 17:07
d
w- c:\documents and settings\Lisa\Local Settings\Application Data\Adobe
2009-12-01 16:59 . 2009-12-01 16:59
d
w- c:\documents and settings\All Users\Application Data\SlySoft
2009-12-01 16:06 . 2009-12-01 16:06
d
w- c:\documents and settings\Chris\Application Data\SlySoft
2009-12-01 15:58 . 2009-12-01 15:58
d
w- c:\program files\AviSynth 2.5
2009-12-01 15:32 . 2009-12-01 15:32
d
w- c:\program files\Conduit
2009-12-01 15:32 . 2009-12-01 15:32
d
w- c:\documents and settings\Chris\Local Settings\Application Data\Conduit
2009-12-01 15:32 . 2009-12-01 15:32
d
w- c:\documents and settings\Chris\Local Settings\Application Data\DVDVideoSoft
2009-12-01 12:36 . 2009-12-01 12:36
d
w- C:\ConverterOutput
2009-11-30 21:21 . 2009-11-30 21:21
d
w- c:\documents and settings\Lisa\Application Data\U3
2009-11-30 19:39 . 2009-11-30 19:39 84680 ----a-w- c:\documents and settings\Lisa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-26 15:34 . 2009-11-26 15:34
d
w- c:\program files\iPod
2009-11-26 15:34 . 2009-11-26 15:35
d
w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-26 15:34 . 2009-11-26 15:35
d
w- c:\program files\iTunes
2009-11-26 15:32 . 2009-11-26 15:33
d
w- c:\program files\QuickTime
2009-11-26 15:20 . 2009-11-26 15:20 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 21:34 . 2009-03-28 13:51
d
w- c:\documents and settings\Chris\Application Data\Skype
2009-12-23 21:18 . 2009-11-11 21:24 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-12-23 21:18 . 2009-11-11 21:24 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-12-23 09:17 . 2009-03-27 15:28 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-23 06:12 . 2009-11-11 21:24 286260 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-12-23 06:12 . 2009-11-11 21:24 286260 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-12-19 15:30 . 2009-05-10 21:04 117760 ----a-w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-19 15:28 . 2009-05-10 20:59
d
w- c:\program files\SUPERAntiSpyware
2009-12-14 14:58 . 2009-03-27 13:54
d
w- c:\documents and settings\Chris\Application Data\Vso
2009-12-14 14:53 . 2009-05-18 13:05
d
w- c:\documents and settings\Lisa\Application Data\Apple Computer
2009-12-14 08:00 . 2009-05-12 06:50
d
w- c:\documents and settings\Chris\Application Data\U3
2009-12-04 16:29 . 2009-05-01 14:47
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 16:28 . 2009-06-10 11:31 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 16:14 . 2009-05-01 14:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-05-01 14:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 22:16 . 2009-05-10 21:18
d
w- c:\program files\Spybot - Search & Destroy
2009-12-01 19:55 . 2009-05-08 12:55 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-01 18:08 . 2009-03-27 16:20
d
w- c:\program files\SlySoft
2009-11-26 15:39 . 2009-04-20 19:12
d
w- c:\documents and settings\Chris\Application Data\Apple Computer
2009-11-26 15:34 . 2009-04-20 19:11
d
w- c:\program files\Common Files\Apple
2009-11-11 21:18 . 2009-11-11 21:17
d
w- c:\program files\Panda Security
2009-11-11 21:17 . 2009-11-11 20:26
d
w- c:\documents and settings\Chris\Application Data\Panda Security
2009-11-11 21:17 . 2009-11-11 20:26
d
w- c:\documents and settings\All Users\Application Data\Panda Security
2009-11-11 21:13 . 2009-11-11 20:26
d
w- c:\program files\Common Files\Panda Security
2009-11-11 20:26 . 2009-03-25 10:46
d--h--w- c:\program files\InstallShield Installation Information
2009-11-11 20:26 . 2009-11-11 16:38
d
w- c:\documents and settings\All Users\Application Data\Panda Security(2)
2009-11-03 20:55 . 2009-03-31 22:18 84680 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-01 21:28 . 2009-11-01 21:28 1961720 ----a-w- c:\documents and settings\Chris\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-09-29 09:19 . 2009-09-29 09:19 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-12-22_14.12.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-23 09:19 . 2009-12-23 09:19 16384 c:\windows\Temp\Perflib_Perfdata_3b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-19 2002160]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"MtdAcq"="c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE" [2002-10-16 118862]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-11 185896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-06-05 574720]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-04-21 56064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Chris\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-13 16:22 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 ----a-w- c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-15 14:03 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *sprestrt\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389CP"= 3389CP:Remote Desktop
"65533CP"= 65533CP:Services
"52344CP"= 52344CP:Services
"2479CP"= 2479CP:Services
"3246CP"= 3246CP:Services
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/20/2009 11:17 AM 64288]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [11/11/2009 9:13 PM 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [11/11/2009 9:23 PM 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [11/11/2009 9:24 PM 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [11/11/2009 9:23 PM 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [11/11/2009 9:24 PM 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [11/11/2009 9:23 PM 158848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 10:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 10:33 AM 74480]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [11/11/2009 9:13 PM 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [11/11/2009 9:24 PM 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [11/11/2009 9:13 PM 177416]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2010\psksvc.exe [11/11/2009 9:18 PM 28928]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [5/9/2009 8:45 PM 197888]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [11/10/2007 3:20 AM 29728]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 10:33 AM 7408]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/29/2009 9:19 AM 721904]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 1:19 PM 1181328]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]
S4 SessionLauncher;SessionLauncher;c:\docume~1\Chris\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Chris\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Supplementary Scan
.
uStart Page = hxxp://bt.yahoo.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090729114115
DPF: {71057C18-0507-4747-86BC-E11CE7512C5F}0 -
- - - - ORPHANS REMOVED - - - -
BHO-{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 21:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="c:\\WINDOWS\\system32\\likibefi.dll,c:\\windows\\system32\\fabokenu.dll"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1124)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\avldr.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
.
Completion time: 2009-12-23 21:37:07
ComboFix-quarantined-files.txt 2009-12-23 21:37
ComboFix2.txt 2009-12-22 14:22
Pre-Run: 408,228,630,528 bytes free
Post-Run: 408,286,912,512 bytes free
- - End Of File - - EBA0E923E61A65ACEA8171D4D70A3F8A0 -
Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon
***DO NOT UPGRADE TO FULL VERSION***:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards