|
| | | New Member
Group: Forum Members
Last Login: 9/24/2008 6:43 AM
Posts: 0, Visits: 0 |
| SORRY GIA KAPOIA PITHANA LATHH H XAZES ERWTHSEIS POU THA RWTHSW
TO PC MOU EIXE PROBLHMA ME TON VIRUS MICRO AV????
EKANA KATI ME TO COMBOFIX XARH STA FORUM SAS ALAL TWRA TA IDIA
JANAEKNA SCAN ME COMBOFIX KA EXW TO COMBOREPORT
ENTWMETAJY EIXA KATEBASAEI TO MCAFEE KAI MOU TO ESBHSE TO NEO SCAN ME TO COMBOFIC
TWRA EXW STO C ENA FAKELO ME TO ONOMA QOOBOX
TI KANW??
TON SBHNW....
THELW MIA KAI KALH NA ELEYTHERWTHW!!
KAI AN NAI....,
JEREI KANESI KANA TRUST SITE GIA DWREAN ANTIVIRUS
XILIA EUXARISTW
EDW EINAI TO TERASTIO ARXEIO TOU COMBOFIX
AUTH TH FORA EIDA OTI EKANE DELETE MONO ENA ARXEIO
eWebControl.dll.vir
TA ALLA QUARANTEE
ARXEIO COMBOFIX
====================================================================
ComboFix 08-09-19.06 - antonis 2008-09-20 4:01:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.132 [GMT 3:00]
Running from: C:\Documents and Settings\antonis\Desktop\ComboFix.exe
* Created a new restore point
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\antonis\Desktop\Error Cleaner.url
C:\Documents and Settings\antonis\Desktop\Privacy Protector.url
C:\Documents and Settings\antonis\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\antonis\Favorites\Download programs.url
C:\Documents and Settings\antonis\Favorites\Error Cleaner.url
C:\Documents and Settings\antonis\Favorites\Games.url
C:\Documents and Settings\antonis\Favorites\Privacy Protector.url
C:\Documents and Settings\antonis\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\antonis\Favorites\Translator.url
C:\Documents and Settings\antonis\Favorites\Videos.url
C:\Documents and Settings\antonis\Start Menu\Programs\Download programs.url
C:\Documents and Settings\antonis\Start Menu\Programs\Games.url
C:\Documents and Settings\antonis\Start Menu\Programs\Translator.url
C:\Documents and Settings\antonis\Start Menu\Programs\Videos.url
C:\Program Files\MicroAV
C:\Program Files\MicroAV\MicroAV.cpl
C:\Program Files\MicroAV\MicroAV.exe
C:\Program Files\MicroAV\MicroAV.ooo
C:\Program Files\MicroAV\MicroAV1.dat
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\WINDOWS\dtseqrxk.dll
C:\WINDOWS\eflx.exe
C:\WINDOWS\fqbewlna.dll
C:\WINDOWS\mgxfebsq.dll
C:\WINDOWS\mqgldfvo.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\1.ico
C:\WINDOWS\system32\2.ico
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\vmgspntbvlw.dll
C:\x
.
((((((((((((((((((((((((( Files Created from 2008-08-20 to 2008-09-20 )))))))))))))))))))))))))))))))
.
2008-09-20 02:57 . 2008-09-20 02:58d--------C:\Program Files\Fighters
2008-09-20 02:57 . 2008-09-20 02:57d--------C:\Documents and Settings\All Users\Application Data\Fighters
2008-09-20 02:33 . 2008-09-20 02:33d--------C:\Documents and Settings\antonis\Application Data\Malwarebytes
2008-09-20 02:33 . 2008-09-20 02:33d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-20 02:21 . 2008-09-20 02:21d--------C:\Program Files\Panda Security
2008-09-20 02:10 . 2008-09-19 03:06166,400--a------C:\WINDOWS\system32\MicroAV.cpl
2008-09-20 02:09 . 2008-09-20 04:07d--------C:\Program Files\PCHealthCenter
2008-09-20 02:09 . 2008-09-05 01:520--a------C:\WINDOWS\system32\msupdater354.dat
2008-09-20 02:04 . 2008-09-20 02:47d--------C:\WINDOWS\system32\djpclib
2008-09-20 02:04 . 2008-09-20 02:47d--------C:\Program Files\DJ Music Mixer
2008-09-20 00:29 . 2008-09-20 00:29d--------C:\FILMS
2008-09-18 04:54 . 2008-09-18 04:54d--------C:\WINDOWS\Sun
2008-09-18 04:51 . 2008-09-18 04:5148--a------C:\WINDOWS\scmate.ini
2008-09-16 11:53 . 2008-09-16 12:03d--------C:\Documents and Settings\antonis\Application Data\ZoomBrowser EX
2008-09-16 11:51 . 2004-08-04 00:56159,232--a------C:\WINDOWS\system32\ptpusd.dll
2008-09-16 11:51 . 2004-08-03 22:5815,104--a------C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-16 11:51 . 2004-08-03 22:5815,104--a--c---C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-16 11:51 . 2001-08-17 22:365,632--a------C:\WINDOWS\system32\ptpusb.dll
2008-09-15 03:15 . 2008-09-15 03:15d--------C:\Program Files\Trapware Corporation
2008-09-13 18:03 . 2008-09-13 18:03d--------C:\Documents and Settings\antonis\Application Data\AdobeUM
2008-09-10 17:42 . 2008-09-19 16:2554,156--ah-----C:\WINDOWS\QTFont.qfn
2008-09-10 17:42 . 2008-09-10 17:421,409--a------C:\WINDOWS\QTFont.for
2008-09-09 17:01 . 2008-09-09 17:03754--a------C:\WINDOWS\WORDPAD.INI
2008-09-08 17:33 . 2008-09-08 17:33d--------C:\Documents and Settings\antonis\Application Data\InterVideo
2008-09-08 16:25 . 2006-10-04 17:061,197,294-----c---C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-09-08 16:25 . 2006-10-04 17:06764,868-----c---C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-09-08 16:25 . 2006-10-04 17:06217,118-----c---C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-09-08 16:24 . 2008-09-08 16:24d--------C:\Program Files\Windows Media Connect 2
2008-09-08 16:22 . 2008-09-09 11:41d--------C:\WINDOWS\system32\LogFiles
2008-09-08 16:22 . 2008-09-08 16:23d--------C:\WINDOWS\system32\drivers\UMDF
2008-09-08 16:12 . 2008-09-08 16:12d--------C:\Documents and Settings\antonis\Application Data\CyberLink
2008-09-08 16:08 . 2008-09-08 16:08d--------C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-08 14:43 . 2008-07-18 22:07270,880--a------C:\WINDOWS\system32\mucltui.dll
2008-09-08 14:43 . 2008-07-18 22:07210,976--a------C:\WINDOWS\system32\muweb.dll
2008-09-08 14:43 . 2008-07-18 22:0729,728--a------C:\WINDOWS\system32\mucltui.dll.mui
2008-09-08 03:00 . 2008-09-08 03:01d--------C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-07 19:48 . 2008-09-07 19:48d--------C:\Documents and Settings\antonis\Contacts
2008-09-07 19:22 . 2008-09-07 19:44d--hsc---C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-07 19:21 . 2008-09-07 19:46d--------C:\Program Files\Windows Live
2008-09-07 19:21 . 2008-09-08 03:07d--------C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-07 08:25 . 2008-09-08 20:08d--------C:\Documents and Settings\antonis\dwhelper
2008-09-07 02:45 . 2008-09-07 02:45d--------C:\Documents and Settings\antonis\Application Data\Lavasoft
2008-09-07 01:09 . 2004-10-08 14:541,206,272-ra------C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-09-07 01:02 . 2008-09-07 01:02d--------C:\Program Files\Common Files\FotoWire
2008-09-07 01:02 . 2008-09-07 01:02d--------C:\Documents and Settings\antonis\Application Data\FotoWire
2008-09-07 00:59 . 2004-10-08 12:4653,248-ra------C:\WINDOWS\system32\InstMed.exe
2008-09-07 00:58 . 2008-09-07 00:58d--------C:\Program Files\Common Files\Logitech
2008-09-07 00:57 . 2008-09-07 01:02d--------C:\Program Files\Logitech
2008-09-07 00:57 . 2004-10-08 11:00856,064--a------C:\WINDOWS\system32\Ltwvc12n.dll
2008-09-07 00:39 . 2008-09-07 00:39d--------C:\Documents and Settings\antonis\Application Data\Apple Computer
2008-09-07 00:31 . 2008-09-07 09:05d--------C:\WINDOWS\system32\CatRoot_bak
2008-09-07 00:31 . 2008-06-13 16:10272,128---------C:\WINDOWS\system32\drivers\bthport.sys
2008-09-07 00:31 . 2008-06-13 16:10272,128-----c---C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-07 00:09 . 2008-05-01 17:30331,776-----c---C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-07 00:09 . 2008-05-08 15:28202,752-----c---C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-07 00:08 . 2008-04-11 21:50683,520-----c---C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-07 00:02 . 2008-09-08 02:23d--------C:\Program Files\Avanquest update
2008-09-07 00:02 . 2008-09-07 00:02d--------C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-07 00:01 . 2008-09-07 00:011,409--a------C:\WINDOWS\system32\Mgptwn.FOT
2008-09-06 23:58 . 2008-09-07 19:47d----c---C:\WINDOWS\system32\DRVSTORE
2008-09-06 23:58 . 2006-09-25 17:5823,856--a------C:\WINDOWS\system32\spupdsvc.exe
2008-09-06 23:52 . 2008-09-06 23:52d--------C:\Program Files\Sony Ericsson
2008-09-06 23:52 . 2008-09-06 23:52d--------C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-09-06 23:49 . 2008-09-06 23:49d--------C:\Documents and Settings\antonis\Application Data\InstallShield
2008-09-06 23:42 . 2008-09-06 23:43d--------C:\Program Files\QuickTime
2008-09-06 23:41 . 2008-09-06 23:41d--------C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-06 22:49 . 2008-09-06 22:49d--------C:\Documents and Settings\antonis\Application Data\Yahoo!
2008-09-06 22:49 . 2008-09-06 22:49d--------C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-06 22:41 . 2008-09-06 22:41d--------C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-09-06 22:40 . 2008-09-06 22:41d--------C:\Program Files\Winamp Remote
2008-09-06 22:37 . 2008-09-06 22:42d--------C:\Documents and Settings\antonis\Application Data\Winamp
2008-09-06 22:17 . 2008-09-06 22:17d--------C:\Program Files\ConvertHelper
2008-09-06 22:17 . 2008-09-06 22:17d--------C:\Documents and Settings\antonis\Incomplete
2008-09-06 22:16 . 1997-07-01 02:01331,032--a------C:\WINDOWS\system32\Threed20.ocx
2008-09-06 22:16 . 1995-08-24 09:50322,832--a------C:\WINDOWS\system32\Mfc30.dll
2008-09-06 22:16 . 1997-02-05 15:54318,976--a------C:\WINDOWS\system32\gtList32.ocx
2008-09-06 22:16 . 1997-02-05 16:23212,992--a------C:\WINDOWS\system32\gt-ld32.dll
2008-09-06 22:16 . 1997-01-16 00:00195,856--a------C:\WINDOWS\system32\Richtx32.ocx
2008-09-06 22:16 . 1997-01-16 00:00191,248--a------C:\WINDOWS\system32\Tabctl32.ocx
2008-09-06 22:16 . 1996-10-24 10:50108,544--a------C:\WINDOWS\system32\vbis4032.dll
2008-09-06 22:16 . 1995-10-27 11:1646,008--a------C:\WINDOWS\system32\Mgptwn__.ttf
2008-09-06 22:15 . 2008-09-06 22:15d--------C:\Program Files\AviSynth 2.5
2008-09-06 22:15 . 2008-09-06 22:1568--a------C:\WINDOWS\system32\lexiko.ini
2008-09-06 22:10 . 2008-09-13 05:09d--------C:\Documents and Settings\antonis\Application Data\LimeWire
2008-09-06 22:08 . 2008-09-20 02:12d--------C:\Documents and Settings\antonis\Application Data\uTorrent
2008-09-06 22:03 . 2008-09-06 22:0399,965--a------C:\WINDOWS\UninstallFirefox.exe
2008-09-06 22:03 . 2008-09-06 22:032,654--a------C:\WINDOWS\mozver.dat
2008-09-06 22:03 . 2008-09-06 22:030--a------C:\WINDOWSsreg.dat
2008-09-06 22:00 . 2008-09-06 22:00d--------C:\Documents and Settings\antonis\Application Data\Media Player Classic
2008-09-06 22:00 . 2008-09-06 22:00d--------C:\Documents and Settings\antonis\Application Data\DivX
2008-09-06 21:54 . 2008-09-06 21:54d--------C:\Program Files\Yahoo!
2008-09-06 21:52 . 2008-09-06 21:52d--------C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-06 21:51 . 2008-07-23 19:50129,784---------C:\WINDOWS\system32\pxafs.dll
2008-09-06 21:51 . 2008-07-23 19:509,464---------C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-06 21:51 . 2008-07-23 19:509,336---------C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-06 21:43 . 2008-09-06 21:43d--------C:\Program Files\CyberLink
2008-09-06 21:43 . 2001-03-08 18:3024,064---------C:\WINDOWS\system32\msxml3a.dll
2008-09-06 21:41 . 2008-09-06 21:41d--------C:\Documents and Settings\antonis\Application Data\MSN Search Toolbar
2008-09-06 21:40 . 2008-09-06 21:40d--------C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
2008-09-06 21:16 . 2008-09-06 21:160-rahs----C:\WINDOWS\system32\drivers\TOSHIBA_Satellite M70_03540000-GE_PSM70E-01500.MRK
2008-09-06 21:15 . 2005-09-15 12:17d--------C:\Documents and Settings\antonis\WINDOWS
2008-09-06 21:15 . 2005-09-15 12:37d--------C:\Documents and Settings\antonis\Application Data\toshiba
2008-09-06 21:15 . 2005-09-15 12:46d--------C:\Documents and Settings\antonis\Application Data\Sonic
2008-09-06 21:15 . 2008-09-20 04:06d--------C:\Documents and Settings\antonis
2008-09-06 21:14 . 2005-09-15 12:17d--------C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-09-06 21:14 . 2005-09-15 12:17d--------C:\Documents and Settings\Default User\WINDOWS
2008-09-06 21:14 . 2005-06-03 11:2013--a------C:\WINDOWS\system32\drivers\verfile.tic
2008-09-06 20:50 . 2008-05-07 08:181,287,680-----c---C:\WINDOWS\system32\dllcache\quartz.dll
2008-09-06 08:39 . 2008-09-06 08:42d--------C:\Program Files\Canon
2008-09-06 08:39 . 2008-09-16 11:53d--------C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-09-06 08:37 . 2008-09-06 08:37d--------C:\Program Files\Common Files\Canon
2008-09-06 08:19 . 2008-09-06 08:19d--------C:\Program Files\Common Files\Adobe AIR
2008-09-06 08:19 . 2008-09-06 08:19d--------C:\Program Files\Adobe Media Player
2008-09-06 08:19 . 2008-09-07 19:36d--------C:\Documents and Settings\antonis\Application Data\MSNInstaller
2008-08-29 09:36 . 2008-08-29 09:3615,496--a------C:\WINDOWS\system32\drivers\vffilter.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 21:5781,920------rC:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-09-06 21:57---------d--h--wC:\Program Files\InstallShield Installation Information
2008-09-06 18:40---------d-----wC:\Program Files\MSN Toolbar Suite
2008-09-06 18:15---------d-----wC:\Program Files\InterVideo
2008-09-06 18:14---------d-----wC:\Program Files\Intel
2008-07-23 16:5043,528------wC:\WINDOWS\system32\drivers\pxhelp20.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-09-07 20480]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"%AWinUpdate_1"="http://www.okvids.net/" [X]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 114688]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 671744]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 53248]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077329]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"RemoteControl"="D:\PRO-ESTABLISH\PDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="D:\PRO-ESTABLISH\PDVD\Language\Language.exe" [2006-09-29 49152]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"spywarefighterguard"="C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-08-29 180872]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 C:\WINDOWS\agrsmmsg.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-08-11 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-gb\bin\WindowsSearch.exe [2005-06-15 19:59:34 238080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^antonis^Start Menu^Programs^Startup^LimeWire 4.12.6.lnk]
path=C:\Documents and Settings\antonis\Start Menu\Programs\Startup\LimeWire 4.12.6.lnk
backup=C:\WINDOWS\pss\LimeWire 4.12.6.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^antonis^Start Menu^Programs^Startup^µTorrent.lnk]
path=C:\Documents and Settings\antonis\Start Menu\Programs\Startup\µTorrent.lnk
backup=C:\WINDOWS\pss\µTorrent.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 23:42 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-05-12 12:31 118784 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
--a------ 2005-06-06 11:58 24576 C:\WINDOWS\system32\ZoomingHook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\PROGRAMS\\NERO\\installer-43736-19en-Nero-Digital-Audio-English.exe"=
"D:\\PROGRAMS\\SOFTWARE+TORRENTS\\utorrent.exe"=
"D:\\PRO-ESTABLISH\\LIMEWIRE\\LimeWire.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\antonis\\Desktop\\PROGRAMMS\\utorrent.exe"=
R2 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;C:\Program Files\Fighters\licenseservice.exe [2008-08-29 283272]
R2 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;C:\Program Files\Fighters\updateservice.exe [2008-08-29 307848]
R2 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;C:\Program Files\Fighters\ScannerService.exe [2008-08-29 311944]
R2 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;C:\Program Files\Fighters\configservice.exe [2008-08-29 139912]
R3 Vfscan;Vfscan;C:\WINDOWS\system32\DRIVERS\vffilter.sys [2008-08-29 15496]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
2008-09-06 C:\WINDOWS\Tasks\Registration reminder 3.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 15:00]
.
- - - - ORPHANS REMOVED - - - -
BHO-{8B93A89B-7332-4B4B-830C-72EB6323D0DB} - C:\WINDOWS\vmgspntbvlw.dll
Toolbar-{32678B97-2C98-4D22-A8F6-55C35572E946} - C:\WINDOWS\fqbewlna.dll
HKCU-Run-\YUR2E.exe - C:\Windows\system32\YUR2E.exe
HKCU-Run-\YUR2F.exe - C:\Windows\system32\YUR2F.exe
HKCU-Run-\YUR30.exe - C:\Windows\system32\YUR30.exe
HKCU-Run-\YUR31.exe - C:\Windows\system32\YUR31.exe
HKCU-Run-\YUR8.exe - C:\Windows\system32\YUR8.exe
HKCU-Run-\YUR9.exe - C:\Windows\system32\YUR9.exe
HKCU-Run-\YURA.exe - C:\Windows\system32\YURA.exe
HKCU-Run-\YURB.exe - C:\Windows\system32\YURB.exe
HKLM-Run-%AWinUpdate - C:\WINDOWS\svchost.exe
HKLM-Run-\YUR2E.exe - C:\Windows\system32\YUR2E.exe
HKLM-Run-\YUR2F.exe - C:\Windows\system32\YUR2F.exe
HKLM-Run-\YUR30.exe - C:\Windows\system32\YUR30.exe
HKLM-Run-\YUR31.exe - C:\Windows\system32\YUR31.exe
HKLM-Run-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
HKLM-Run-\YUR8.exe - C:\Windows\system32\YUR8.exe
HKLM-Run-\YUR9.exe - C:\Windows\system32\YUR9.exe
HKLM-Run-\YURA.exe - C:\Windows\system32\YURA.exe
HKLM-Run-\YURB.exe - C:\Windows\system32\YURB.exe
HKLM-Run-%AWinUpdate_2 - http://www.wannacum.net
SSODL-mgxfebsq-{79D691DF-8608-43F5-9583-1D090F40B4FB} - C:\WINDOWS\mgxfebsq.dll
SSODL-dtseqrxk-{3A678207-01F8-4BE3-8CBF-394F53365E64} - C:\WINDOWS\dtseqrxk.dll
Notify-PmHooks - C:\WINDOWS\system32\PmHooks.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\antonis\Application Data\Mozilla\Firefox\Profiles\tk5h94kd.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.myspace.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browserppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF -: plugin - D:\PRO-ESTABLISH\DVX\DivX\DivX PlayerpDivxPlayerPlugin.dll
FF -: plugin - D:\PRO-ESTABLISH\DVX\DivX\DivX Web Playerpdivx32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 04:08:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fighters\Spywarefighter\SpywarefighterTray.exe
.
**************************************************************************
.
Completion time: 2008-09-20 4:12:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-20 01:12:11
Pre-Run: 10.970.034.176 bytes free
Post-Run: 11,524,579,328 bytes free
356--- E O F ---2008-09-11 12:00:02
ALWAYS WANTED TO BE SOMEONE SPECIAL
I GUESS I SHOULD HAVE DECIDED WHO!! |
| |
| | | 
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,518, Visits: 54,734 |
| Welcome
Download Trend Micro HijackThis 2.0.2 to your desktop:
Double click on HJTInstall.exe,it will prompt you to extract hijackthis.exe to C:\Program Files\Trend Micro\HijackThis.
When the install is complete,HijackThis will automatically launch.
When the license agreement appears,select "I Accept" and then click on the "Do a system scan only" button.
When the scan is complete,click on the "Save Log" button,then save it to your desktop.
Copy and paste the entire contents of that log into a new topic in the HijackThis Logs forum, not here.
After posting the log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised.
Doing so can result in system changes which may not show in the log you already posted.
Further, any modifications you make may cause confusion and could complicate the malware removal process.
_______________________________________________
ASAP & UNITE member since 2006
 
|
| |
|
|
