Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 2 [3]  All   Go Down

Author Topic: Help Please  (Read 12470 times)

0 Members and 1 Guest are viewing this topic.

HelpMePlz

    Topic Starter


    Rookie

    Re: Help Please
    « Reply #30 on: August 26, 2008, 07:22:54 PM »
    ComboFix 08-08-26.02 - Rebecca 2008-08-26 19:37:36.3 - NTFSx86
    Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.558 [GMT -5:00]
    Running from: C:\Documents and Settings\Rebecca\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Rebecca\Desktop\CFScript.txt
     * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\Documents and Settings\Rebecca\Desktop\VIRUS stuff\VirtumundoBeGone.exe
    C:\Documents and Settings\Rebecca\My Documents\My Music\Setup\Setup.exe
    C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\Groove.x32
    .

    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Rebecca\Desktop\VIRUS stuff\VirtumundoBeGone.exe
    C:\Documents and Settings\Rebecca\My Documents\My Music\Setup\Setup.exe
    C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\Groove.x32

    .
    (((((((((((((((((((((((((   Files Created from 2008-07-27 to 2008-08-27  )))))))))))))))))))))))))))))))
    .

    2008-08-26 17:04 . 2008-06-19 17:24   28,544   --a------   C:\WINDOWS\system32\drivers\pavboot.sys
    2008-08-26 04:28 . 2008-08-26 04:28   <DIR>   d--------   C:\Program Files\Trend Micro
    2008-08-26 04:07 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
    2008-08-26 03:35 . 2008-08-26 03:35   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-26 03:35 . 2008-08-17 15:01   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-26 03:35 . 2008-08-17 15:01   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
    2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\SUPERAntiSpyware.com
    2008-08-25 23:06 . 2008-08-25 23:06   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-08-25 22:46 . 2008-08-25 22:46   <DIR>   d--------   C:\WINDOWS\Speeditup Free
    2008-08-25 22:46 . 2008-08-25 22:46   <DIR>   d--------   C:\Program Files\Speeditup Free
    2008-08-25 13:19 . 2008-08-25 13:19   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-08-25 11:42 . 2008-08-25 12:53   <DIR>   d--------   C:\WINDOWS\system32\CatRoot_bak
    2008-08-24 00:52 . 2008-08-24 00:55   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\SecondLife
    2008-08-21 00:35 . 2008-08-25 22:25   <DIR>   d--------   C:\Program Files\Enigma Software Group
    2008-08-20 18:52 . 2008-08-20 18:52   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\Malwarebytes
    2008-08-20 18:52 . 2008-08-20 18:52   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-20 12:20 . 2008-08-20 12:21   <DIR>   d--------   C:\Program Files\Windows Live Safety Center
    2008-08-20 11:49 . 2008-08-20 11:49   <DIR>   d--------   C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2008-08-20 11:27 . 2000-12-08 21:59   122,880   --a------   C:\WINDOWS\UnGins.exe
    2008-08-20 00:19 . 2008-08-20 00:54   <DIR>   d----c---   C:\1Cleanup
    2008-08-19 01:58 . 2008-08-19 01:58   <DIR>   d----c---   C:\2eb227843e394d64ce79fdad320ef0
    2008-08-19 01:35 . 2008-08-19 01:35   2,335,270   --a------   C:\WINDOWS\system32\73d25A.mht
    2008-08-18 23:10 . 2008-08-26 17:03   <DIR>   d--------   C:\Program Files\Panda Security
    2008-08-18 13:23 . 2008-08-18 13:23   <DIR>   d--------   C:\Documents and Settings\Rebecca\Application Data\McAfee
    2008-08-18 11:54 . 2008-08-18 13:13   <DIR>   d--------   C:\Program Files\a-squared Anti-Malware
    2008-08-18 02:10 . 2008-08-18 02:10   <DIR>   d--------   C:\Temp\epr1
    2008-08-13 11:07 . 2008-08-13 11:07   <DIR>   d--------   C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-08-12 14:01 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
    2008-08-12 14:01 . 2007-07-30 19:19   207,736   --a------   C:\WINDOWS\system32\muweb.dll
    2008-08-12 14:01 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
    2008-08-11 20:25 . 2008-08-11 20:25   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
    2008-08-11 20:25 . 2008-08-12 16:59   <DIR>   d--------   C:\Documents and Settings\Rebecca\Contacts
    2008-08-11 20:17 . 2008-08-24 18:54   <DIR>   d--------   C:\Program Files\Windows Live
    2008-08-11 20:17 . 2008-08-11 20:24   <DIR>   d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
    2008-08-11 20:16 . 2008-08-11 20:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-08-08 12:35 . 2008-08-22 00:44   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
    2008-08-08 12:35 . 2008-08-08 12:35   1,409   --a------   C:\WINDOWS\QTFont.for
    2008-08-06 21:37 . 2008-08-06 21:37   <DIR>   d--------   C:\Program Files\LucasArts
    2008-08-06 21:21 . 2008-06-23 11:57   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-08-06 21:21 . 2007-04-17 04:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-08-06 21:21 . 2007-03-08 00:10   991,232   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-08-06 21:21 . 2008-06-23 11:57   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-08-06 21:21 . 2008-06-23 11:57   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-08-06 21:21 . 2008-06-23 11:57   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-08-06 21:21 . 2008-06-23 11:57   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
    2008-08-06 21:21 . 2008-06-23 11:57   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-08-06 21:21 . 2008-06-23 04:20   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe

    Logged

    HelpMePlz

      Topic Starter


      Rookie

      Re: Help Please
      « Reply #31 on: August 26, 2008, 07:23:22 PM »
      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-08-26 09:21   ---------   d-----w   C:\Program Files\Java
      2008-08-26 04:04   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
      2008-08-26 03:53   ---------   d-----w   C:\Program Files\CCleaner
      2008-08-26 03:34   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
      2008-08-26 03:20   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\Lavasoft
      2008-08-26 03:14   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
      2008-08-26 03:14   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-08-25 18:15   ---------   d--h--w   C:\Documents and Settings\All Users\Application Data\yahoo!
      2008-08-25 18:15   ---------   d-----w   C:\Program Files\Yahoo!
      2008-08-25 16:52   ---------   d--h--w   C:\Documents and Settings\Rebecca\Application Data\yahoo!
      2008-08-20 18:01   ---------   d-----w   C:\Program Files\RegistryFix
      2008-08-18 21:36   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\Ahead
      2008-08-18 18:38   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
      2008-08-18 18:36   ---------   d-----w   C:\Program Files\Canon
      2008-08-18 18:25   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\McAfee
      2008-08-18 01:36   ---------   d-----w   C:\Documents and Settings\Rebecca\Application Data\SiteAdvisor
      2008-08-11 00:24   ---------   d-----w   C:\Program Files\McAfee
      2008-08-10 05:58   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Zylom
      2008-08-07 00:29   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
      2008-05-21 21:45   20   -c-h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
      2008-05-21 21:45   20   -c-h--w   C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
      2004-06-25 02:25   2,094   -c--a-w   C:\Program Files\V4Hardware_1.xml
      2003-10-28 01:54   169   -c-ha-w   C:\Documents and Settings\Cliff\hpothb07.dat
      2002-03-16 01:09   24   -c--a-w   C:\Documents and Settings\Cliff\18DF93B7.BIN
      2004-10-22 01:19   56   -csh--r   C:\WINDOWS\system32\E2850458D2.sys
      2005-04-07 01:34   1,786   -csha-w   C:\WINDOWS\system32\KGyGaAvL.sys
      .

      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
      "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
      "SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [2008-06-09 04:34 2275328]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 03:51 172032]
      "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50 204800]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-03 15:16 180269]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-07 23:42 176128]
      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
      "ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 17:07 617984]
      "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-10-02 14:09 35928]
      "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-18 20:44 286720]
      "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

      C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
      Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
      HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-09-19 13:16:30 282624]
      HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
      NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-10-16 16:26:16 118784]
      Photags AutoDetect.lnk - C:\Program Files\PhoTags Express\Photags AutoDetect.exe [2007-10-08 19:39:11 368640]
      QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 14:21:00 815104]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "vidc.iv41"= ir41_32.dll
      "VIDC.XVID"= xvid.dll
      "VIDC.3iv2"= 3ivxVfWCodec.dll
      "VIDC.VP31"= vp31vfw.dll
      "msacm.l3fhg"= mp3fhg.acm
      "vidc.DIV3"= DivXc32.dll
      "vidc.DIV4"= DivXc32f.dll
      "msacm.divxa32"= divxa32.acm

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders   msapsspc.dllschannel.dlldigest.dllmsnss pc.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
      path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
      backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
      HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05
      HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
      --a------ 2002-12-06 17:07 617984 C:\Program Files\ASUS\Probe\AsusProb.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
      --a--c--- 2004-02-24 21:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
      --a--c--- 2005-01-10 10:35 73728 C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
      --------- 2004-12-02 19:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
      --a--c--- 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
      --a------ 2005-05-11 23:12 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
      --a--c--- 2004-05-04 19:51 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
      --a--c--- 2001-08-23 07:00 44032 C:\WINDOWS\ime\imkr6_1\imekrmig.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
      --a--c--- 2004-08-04 00:31 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      -ra--c--- 2001-07-09 04:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
      --a--c--- 2004-11-15 12:49 98304 C:\PROGRA~1\PESTPA~1\PPControl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
      -----c--- 2003-04-19 07:53 148480 C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2007-10-18 20:44 286720 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResModify]
      -r---c--- 2003-12-29 04:16 65536 C:\Program Files\USBToolbox\Res.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
      --a--c--- 2003-07-30 11:08 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      --a------ 2005-02-03 15:16 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
      --a--c--- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
      --a--c--- 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
      --a--c--- 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\WINDOWS\\system32\\java.exe"=
      "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
      "C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
      "C:\\WINDOWS\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
      "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
      "C:\\Program Files\\McAfee\\MSC\\mcuimgr.exe"=

      R0 gxc122b;gxc122b;C:\WINDOWS\system32\DRIVERS\gxc122b.sys [2004-03-12 23:41]
      R0 gxc122p;gxc122p;C:\WINDOWS\system32\Drivers\gxc122p.sys [2004-03-12 23:41]
      R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
      R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 00:59]
      R3 rdsdrv;rdsdrv;C:\WINDOWS\system32\DRIVERS\rdsdrv.sys [2003-10-21 10:19]
      R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]
      S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS\System32\drivers\ASUSHWIO.sys []
      S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\Cliff\LOCALS~1\Temp\DMSKSSRh.sys []
      S3 GearAspiWDM_BackUp;GEAR CDRom Filter;C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2003-08-25 10:40]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
      \Shell\AutoRun\command - D:\dvdcheck.exe
      \Shell\directx\command - DirectX9\dxsetup.exe
      \Shell\setup\command - D:\setup.exe
      .
      Contents of the 'Scheduled Tasks' folder

      2008-08-27 C:\WINDOWS\Tasks\AF2C5CCA9B8BCF3E.job
      - c:\docume~1\rebecca\applic~1\plansi~1\winholdless.exe []

      2008-08-24 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CLIFF-HA8LIBYJX-Cliff).job
      - c:\program files\mcafee.com\vso\mcmnhdlr.exe []

      2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job
      - C:\WINDOWS\system32\defrag.exe [2004-08-04 02:56]

      2008-07-01 C:\WINDOWS\Tasks\McQcTask.job
      - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-08-26 19:59:13
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...


      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\system32\winlogon.exe
      -> C:\WINDOWS\system32\Ati2evxx.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\ati2evxx.exe
      C:\WINDOWS\system32\CTSVCCDA.EXE
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
      C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\McAfee\MPF\MpfSrv.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
      C:\WINDOWS\system32\ati2evxx.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\Speeditup Free\Data\CheckUp.dat
      C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
      .
      **************************************************************************
      .
      Completion time: 2008-08-26 20:14:37 - machine was rebooted [Rebecca]
      ComboFix-quarantined-files.txt  2008-08-27 01:13:28
      ComboFix2.txt  2008-08-26 19:21:34

      Pre-Run: 19,201,478,656 bytes free
      Post-Run: 19,236,388,864 bytes free

      271   --- E O F ---   2008-08-26 16:02:31
      Logged

      evilfantasy

      • Malware Removal Specialist
      • Moderator


        • Genius
      • Calm like a bomb
        • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: Help Please
      « Reply #32 on: August 26, 2008, 07:27:48 PM »
      *Fingers crossed....How is everything now?
      Logged

      HelpMePlz

        Topic Starter


        Rookie

        Re: Help Please
        « Reply #33 on: August 26, 2008, 07:50:26 PM »
        Thank you so so much, I am bowing to you :) It seems to be working great now!!
        Becca
        Logged

        evilfantasy

        • Malware Removal Specialist
        • Moderator


          • Genius
        • Calm like a bomb
          • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: Help Please
        « Reply #34 on: August 26, 2008, 07:57:48 PM »
        Took a while but we got it done. Good job!!

        If you have any questions just let me know.

        Run ATF Cleaner.

        Download OTCleanIt.exe and save it to your Desktop.
        • Double-click OTCleanIt.exe.
        • Click the CleanUp! button.
        • Select Yes when the "Begin cleanup Process?" prompt appears.
        • If you are prompted to Reboot during the cleanup, select Yes.
        • The tool will delete itself once it finishes, if not delete it yourself.
        .
        ----------

        Set a New Restore Point to prevent possible reinfection from an old one
        Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
        • Go to Start > Programs > Accessories > System Tools and click System Restore
        • Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
        • The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
        • Next go to Start > Run and type Cleanmgr
        • Click OK
        • Click the More Options Tab.
        • Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
        You can find instructions on how to enable and re-enable system restore here:

        Windows XP System Restore Guide or Windows Vista System Restore Guide
        .
        ----------

        Use the Secunia Software Inspector to check for out of date software.
        • Click Start Now
        • Check the box next to Enable thorough system inspection.
        • Click Start
        • Allow the scan to finish and scroll down to see if any updates are needed.
        • Update anything listed.
        .
        ----------

        Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates.

        ----------

        To prevent unknown applications from being installed on your computer install WinPatrol 2008
        * Using Winpatrol to protect your computer from malicious software

        I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

        SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
        * Using SpywareBlaster to protect your computer from Spyware and Malware
        * If you don't know what ActiveX controls are, see here

        Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

        Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.



        Safe surfing.....
        Logged
        Pages: 1 2 [3]  All   Go Up
        « previous next »