Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfix And Em.gad-network


  • Please log in to reply
4 replies to this topic

#1 sumospim

sumospim

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 05 November 2006 - 03:46 AM

Hi all.

In the last few days i have been apparantly infected with the above which is driving me mad :thumbsup:

em.gad seems to be the worst but i am also get the winfix installer regualarly also.

I have run all the suggested programmes, each saying i am clean but alass not....

I am on Xp home,IE7 and use NOD32.....

I have ran combofix and the following is the result....

Any help would be greatly appreciated...

user - 06-11-05 8:27:25.07 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\user\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\scvhost.exe


((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 ))))))))))))))))))))))))))))))))))


2006-11-04 09:22 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-11-04 09:22 274,432 --a------ C:\WINDOWS\system32\imon.dll
2006-11-04 01:28 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2006-11-04 01:28 28,160 --a------ C:\WINDOWS\system32\anim.dll
2006-11-04 01:28 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2006-10-29 22:59 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2006-10-29 15:13 145,408 --a------ C:\WINDOWS\CustoMess_Uninstall.exe
2006-10-17 13:33 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-17 13:33 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 13:33 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-17 13:33 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-17 13:05 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:58 61,952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 266,752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:27 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-16 18:22 81,920 --a------ C:\WINDOWS\system32\W32N50.dll
2006-10-16 18:22 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2006-10-16 18:22 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.sys
2006-10-14 12:18 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2006-10-14 12:13 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2006-10-14 12:13 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll
2006-10-14 12:13 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2006-10-14 12:13 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2006-10-14 12:13 211,712 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2006-10-14 12:13 204,800 --a------ C:\WINDOWS\system32\LVCodec2.dll
2006-10-14 12:13 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2006-10-14 12:12 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
2006-10-14 12:12 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll
2006-10-14 12:12 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
2006-10-14 12:12 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll
2006-10-14 12:12 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
2006-10-14 12:12 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2006-10-14 12:12 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2006-10-14 12:12 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2006-10-14 12:12 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll
2006-10-14 12:12 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll
2006-10-14 12:12 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll
2006-10-14 12:12 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
2006-10-13 16:55 5,632 --a------ C:\WINDOWS\system32\drivers\fixustor.sys
2006-10-13 16:53 89,057 --a------ C:\WINDOWS\system32\tppun.exe
2006-10-13 16:53 43,269 --a------ C:\WINDOWS\system32\drivers\tpp725.sys
2006-10-13 16:53 35,541 --a------ C:\WINDOWS\system32\drivers\tpp200.sys
2006-10-13 16:53 33,669 --a------ C:\WINDOWS\system32\drivers\tpp300.sys
2006-10-13 16:53 212,992 --a------ C:\WINDOWS\tppnttry.exe
2006-10-13 16:53 17,077 --a------ C:\WINDOWS\system32\tppui32.dll
2006-10-13 16:53 118,784 --a------ C:\WINDOWS\tppaldr.exe
2006-10-13 05:02 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2006-10-13 05:02 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2006-10-12 16:26 144 ---hs---- C:\WINDOWS\WSYS049.SYS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-05 08:27 276918 --a------ C:\Program Files\combofix.exe
2006-11-05 08:12 -------- d-------- C:\Documents and Settings\user\Application Data\uTorrent
2006-11-05 08:11 -------- d-------- C:\Program Files\Common Files
2006-11-05 08:09 -------- d-------- C:\Program Files\RegDoctor
2006-11-04 12:57 -------- d-------- C:\Program Files\ESET
2006-11-04 09:21 11336512 --a------ C:\Program Files\nentenst.exe
2006-11-04 01:43 1904544 --a------ C:\Program Files\XoftSpySE429_209.exe
2006-11-04 01:40 212849 --a------ C:\Program Files\hijackthis.zip
2006-11-04 01:33 -------- d-------- C:\Program Files\All in one Cleaner
2006-11-04 01:30 -------- d-------- C:\Documents and Settings\user\Application Data\LimeWire
2006-11-04 01:30 -------- d-------- C:\Documents and Settings\user\Application Data\Azureus
2006-11-04 01:22 -------- d-------- C:\Program Files\Adware Spyware Be Gone
2006-11-03 20:34 -------- d-------- C:\Program Files\LimeWire
2006-11-03 19:40 -------- d-------- C:\Program Files\STOPzilla!
2006-11-03 19:12 -------- d-------- C:\Program Files\MessengerSkinner
2006-11-03 19:07 -------- d-------- C:\Program Files\Common Files\iS3
2006-11-03 19:05 66984 --a------ C:\Program Files\STOPzilla_Setup.exe
2006-10-31 22:13 942093 --a------ C:\Program Files\messengerskinner.exe
2006-10-31 21:41 -------- d-------- C:\Documents and Settings\user\Application Data\MessengerSkinner
2006-10-31 02:07 -------- d-------- C:\Program Files\Internet Explorer
2006-10-30 17:31 -------- d-------- C:\Documents and Settings\user\Application Data\AdobeUM
2006-10-29 22:58 4583258 --a------ C:\Program Files\rwsb3000.exe
2006-10-29 21:46 1496208 --a------ C:\Program Files\ccsetup134.exe
2006-10-29 19:44 -------- d-------- C:\Documents and Settings\user\Application Data\Adobe
2006-10-29 19:38 -------- d-------- C:\Program Files\Paltalk Messenger
2006-10-29 19:28 20794 --a------ C:\Program Files\MsgrEx.zip
2006-10-29 19:28 -------- d-------- C:\Program Files\MsgrEx
2006-10-29 15:26 9261824 --a------ C:\Program Files\pal_install_qt_a105_r42158_p115.exe
2006-10-29 15:14 -------- d-------- C:\Program Files\customess1.0-rc2(www.mess.be)
2006-10-29 15:13 132847 --a------ C:\Program Files\customess1.0-rc2(www.mess.be).zip
2006-10-28 18:45 -------- d---s---- C:\Documents and Settings\user\Application Data\Microsoft
2006-10-22 09:16 -------- d-------- C:\Documents and Settings\user\Application Data\Registry Booster
2006-10-17 18:43 888832 --a------ C:\Program Files\tedv075.exe
2006-10-17 17:54 752340 --a------ C:\Program Files\TVTAD-2.00-w32install.exe
2006-10-17 13:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-17 13:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-17 13:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 13:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-17 13:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-17 13:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 13:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-17 13:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-17 13:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 13:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 13:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-17 13:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-16 19:41 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-16 19:41 -------- d-------- C:\Program Files\Thomson
2006-10-16 17:53 -------- d-------- C:\Program Files\Adobe
2006-10-15 15:51 5359064 --a------ C:\Program Files\RecoverMyFiles-Setup.exe
2006-10-14 12:35 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-14 12:13 -------- d-------- C:\Program Files\Common Files\Logitech
2006-10-14 12:10 34556560 --a------ C:\Program Files\qc848enu.exe
2006-10-13 22:14 -------- d-------- C:\Program Files\Windows Desktop Search
2006-10-13 22:07 7177578 --a------ C:\Program Files\OOCleverCache6ProfessionalEnu.exe
2006-10-13 21:52 4276048 --a------ C:\Program Files\AWCSetup.exe
2006-10-13 21:52 -------- d-------- C:\Program Files\IObit
2006-10-13 21:45 -------- d-------- C:\Program Files\CachemanXP
2006-10-13 21:41 1313028 --a------ C:\Program Files\cmxp112.exe
2006-10-13 19:54 -------- d-------- C:\Documents and Settings\user\Application Data\Windows Live Safety Center
2006-10-13 18:25 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-10-13 18:02 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-10-13 18:02 -------- d-------- C:\Program Files\Windows Live Favorites
2006-10-13 17:58 1365280 --a------ C:\Program Files\WLToolbarSetup_en.exe
2006-10-13 17:33 -------- d-------- C:\Program Files\MSN Messenger
2006-10-13 17:32 16332072 --a------ C:\Program Files\Install_Messenger_nous.exe
2006-10-13 17:28 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-10-13 16:54 58880 --a------ C:\Program Files\13280_02.exe
2006-10-13 16:51 1641472 --a------ C:\Program Files\13278_01.exe
2006-10-13 00:22 -------- d-------- C:\Program Files\Logitech
2006-10-06 18:15 1158670 --a------ C:\Program Files\sarsfx.exe
2006-10-02 20:00 -------- d-------- C:\Program Files\NewsLeecher
2006-10-02 19:55 4806034 --a------ C:\Program Files\nl_setup_beta.exe
2006-10-02 19:30 4037653 --a------ C:\Program Files\nl_setup.exe
2006-10-01 21:13 869110 --a------ C:\Program Files\frui.exe
2006-09-29 01:29 -------- d-------- C:\Documents and Settings\user\Application Data\Uniblue
2006-09-28 21:42 -------- d-------- C:\Program Files\Windows Media Player
2006-09-25 21:59 5037072 --a------ C:\Program Files\spybotsd14.exe
2006-09-25 21:44 1493848 --a------ C:\Program Files\ccsetup133.exe
2006-09-25 21:44 -------- d-------- C:\Program Files\Yahoo!
2006-09-24 18:55 -------- d-------- C:\Program Files\AutoIt3
2006-09-24 18:53 -------- d-------- C:\Program Files\PartyGaming
2006-09-24 13:24 -------- d-------- C:\Documents and Settings\user\Application Data\Palo Alto Software
2006-09-24 13:19 -------- d-------- C:\Program Files\Common Files\Intuit
2006-09-21 08:01 2229 --a------ C:\Program Files\sg_backup_2006-09-21-0901.spg
2006-09-21 08:01 2229 --a------ C:\Program Files\FirstBackup.spg
2006-09-21 08:00 610304 --a------ C:\Program Files\TCPOptimizer.exe
2006-09-20 22:41 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-20 22:02 -------- d-------- C:\Program Files\utorrent
2006-09-20 22:00 228647 --a------ C:\Program Files\webui_v0.300_beta_1.zip
2006-09-20 21:53 891224 --a------ C:\Program Files\optimize-setup-0003.exe
2006-09-18 17:13 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-09-18 17:11 39957 --a------ C:\Program Files\EvID4226Patch223d-en.zip
2006-09-18 17:11 -------- d-------- C:\Program Files\EvID4226Patch223d-en
2006-09-18 16:51 -------- d-------- C:\Program Files\Java
2006-09-18 16:48 -------- d-------- C:\Program Files\Common Files\Java
2006-09-17 17:44 103 --a------ C:\Program Files\AddInFeatureEnabled.reg
2006-09-17 17:16 -------- d-------- C:\Program Files\Common Files\Real
2006-09-17 16:22 -------- d-------- C:\Documents and Settings\user\Application Data\Pokerwize
2006-09-17 07:33 -------- d-------- C:\Program Files\WinAce
2006-09-17 07:27 3800811 --a------ C:\Program Files\wace265i.exe
2006-09-16 18:00 4270672 --a------ C:\Program Files\logitechvcinstall_enu.exe
2006-09-16 17:35 81920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2006-09-16 08:42 -------- d-------- C:\Program Files\Messenger
2006-09-16 07:45 -------- d-------- C:\Program Files\Microsoft Office
2006-09-16 07:45 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-15 21:31 -------- d-------- C:\Documents and Settings\user\Application Data\Grisbi
2006-09-15 20:15 4548184 --a------ C:\Program Files\MsgPlusLive-401.exe
2006-09-15 19:23 -------- d-------- C:\Documents and Settings\user\Application Data\Sun
2006-09-15 16:19 -------- d-------- C:\Program Files\OfficeUpdate11
2006-09-15 14:06 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-15 14:01 23608632 --a------ C:\Program Files\wmp11-windowsxp-x86-enu.exe
2006-09-14 22:00 -------- d-------- C:\Program Files\CCleaner
2006-09-14 21:59 1468464 --a------ C:\Program Files\ccsetup132.exe
2006-09-14 21:36 13912 --a------ C:\Program Files\setie7defaultsearch.exe
2006-09-14 18:43 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-14 18:29 15302448 --a------ C:\Program Files\IE7RC1-WindowsXP-x86-enu.exe
2006-09-14 15:13 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-14 15:09 -------- d-------- C:\Program Files\Outlook Express
2006-09-14 15:09 -------- d-------- C:\Program Files\Common Files\System
2006-09-14 14:54 -------- d-------- C:\Program Files\Ahead
2006-09-14 14:52 -------- d-------- C:\Documents and Settings\user\Application Data\AOL
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-05 09:23 -------- d-------- C:\Program Files\Common Files\aolback
2006-09-05 09:20 -------- d-------- C:\Program Files\Viewpoint
2006-09-05 09:20 -------- d-------- C:\Program Files\Learn2.com
2006-09-05 09:20 -------- d-------- C:\Documents and Settings\user\Application Data\You've Got Pictures Screensaver
2006-09-05 09:19 -------- d-------- C:\Program Files\QuickTime
2006-09-05 09:19 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-25 11:23 56742 --a------ C:\Program Files\vdl.dat
2006-08-25 09:38 8126 --a------ C:\Program Files\SARGUI.HLP
2006-08-25 09:38 61440 --a------ C:\Program Files\sarcli.exe
2006-08-25 09:38 5760 --a------ C:\Program Files\MEMSWEEP.sys
2006-08-25 09:38 401408 --a------ C:\Program Files\sargui.exe
2006-08-25 09:38 147456 --a------ C:\Program Files\sar2.dll
2006-08-25 09:38 126976 --a------ C:\Program Files\sar3.dll
2006-08-25 09:38 110592 --a------ C:\Program Files\sar4.dll
2006-08-25 09:37 806912 --a------ C:\Program Files\sar5.dll
2006-08-25 09:37 69632 --a------ C:\Program Files\sar6.dll
2006-08-25 09:37 35840 --a------ C:\Program Files\helper.exe
2006-08-25 09:37 15872 --a------ C:\Program Files\SophosBootTasksR.exe
2006-08-25 09:37 126976 --a------ C:\Program Files\sar1.dll
2006-08-25 09:30 452719 --a------ C:\Program Files\sarman.pdf
2006-08-25 09:28 181 --a------ C:\Program Files\sargui.cnt
2006-08-24 21:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 21:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-08-24 21:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 21:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 21:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 21:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 21:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 21:30 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-08-24 21:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 21:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 21:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 21:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 21:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 21:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 21:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 21:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 21:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 21:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 21:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 21:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 21:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 21:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 21:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 21:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 21:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 21:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 21:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 21:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 21:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 21:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 21:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 21:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 21:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 21:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 21:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 21:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 21:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 21:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 21:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 21:30 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-08-24 21:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 21:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 21:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 21:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 21:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 21:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 21:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 21:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 21:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 21:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 21:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 21:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 21:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 21:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 21:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 21:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 21:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 21:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 21:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 21:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 19:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 19:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe
2006-08-24 19:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 19:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 18:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-08-24 18:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
2006-08-24 18:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 18:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-08-24 13:51 2862 --a------ C:\Program Files\readsar.txt
2006-08-21 12:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-18 12:45 43189034 --a------ C:\Program Files\PC_Suite_1.20.237.exe
2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active\not active]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active\not active\not active]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"TPP Auto Loader"="C:\\WINDOWS\\TPPALDR.EXE"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PRONoMgr.exe"="C:\\Program Files\\Intel\\PROSetWireless\\NCS\\PROSet\\PRONoMgr.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active\not active]
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoCall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VIDEOC~1"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Logitech\\VIDEOC~1\\VIDEOC~1.EXE\" -minimized"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{A3011DBF-92AA-4308-9518-FEF801B9BFF2}.job

Completion time: 06-11-05 8:28:07.70
C:\ComboFix.txt ... 06-11-05 08:28

BC AdBot (Login to Remove)

 


#2 sumospim

sumospim
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 05 November 2006 - 04:42 AM

And other ******* pop ups!!

#3 SpiritWind

SpiritWind

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 05 November 2006 - 12:30 PM

Hi :

WHY did you run "ComboFix" !? I did notice from its "log" that you apparently
have 1 or 2 "P2P" programs ( Limewire and/or uTorrent ) and using those
INCREASE your RISK of getting malware on your computer . You have an
Excellent antiVIRUS program; however, the only antiSPYWARE/antiTROJAN
program I saw was Spybot, which has fallen in quality recently. At a minimum,
you should use "SUPERantispyware" from http://www.superantispyware.com . It is
listed as one of the "Trustworthy Products" by antiSPYWARE Expert Eric Howes
at http://www.spywarewarrior.com/rogue_anti-s...htm#trustworthy ; you
will notice there that Spybot is listed below the "others", with "find useful" .

Your Sun Java is 3 Updates behind, a serious security problem. Should uninstall
it ASAP, then go to http://www.majorgeeks.com/download4648.html
to obtain the latest version .

#4 sumospim

sumospim
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 05 November 2006 - 01:23 PM

Hi,

Many thanks for your reply..

Have done as you suggested but Superantispyware only found Adware tracking cookie...

??

Simon

#5 sumospim

sumospim
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 08 November 2006 - 03:46 PM

Hi,


Could any kind person give me any further advice on this as i am still having major probelms.....!

Many thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users