|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!
|
|
#1
March 24th, 2008, 06:21 PM
|
|||
|
|||
|
Unable to install an Anti-Virus (Resolved)
Hi,...
I have been following "Porthos" suggestions in other threats in how to deal with the error message "not a valid win32 application". It happened when I could not update my AVG 7.5 free edition. I uninstall the program to installed after but this error message kept showing up. I tried several other antivirus, but during installation it would stop and the files would roll back. My PC has been unprotected and by now I don't know how many viruses and spy prograns my computer must have,..please help. I have done the Combo fix step,...here is the result: ComboFix 08-03-21.1 - Djohny Silva 2008-03-24 21:03:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.490 [GMT 0:00] Running from: C:\Documents and Settings\Djohny Silva\Desktop\MyCombo.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM2b698272.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\ban_list.txt C:\WINDOWS\system32\drivers\down C:\WINDOWS\system32\drivers\down\100687.exe C:\WINDOWS\system32\drivers\down\100765.exe C:\WINDOWS\system32\drivers\down\101671.exe C:\WINDOWS\system32\drivers\down\101906.exe C:\WINDOWS\system32\drivers\down\102671.exe C:\WINDOWS\system32\drivers\down\102906.exe C:\WINDOWS\system32\drivers\down\103453.exe C:\WINDOWS\system32\drivers\down\104015.exe C:\WINDOWS\system32\drivers\down\10497015.exe C:\WINDOWS\system32\drivers\down\10497609.exe C:\WINDOWS\system32\drivers\down\10500921.exe C:\WINDOWS\system32\drivers\down\10502187.exe C:\WINDOWS\system32\drivers\down\10503968.exe C:\WINDOWS\system32\drivers\down\10506031.exe C:\WINDOWS\system32\drivers\down\10506796.exe C:\WINDOWS\system32\drivers\down\10510640.exe C:\WINDOWS\system32\drivers\down\10538187.exe C:\WINDOWS\system32\drivers\down\10545515.exe C:\WINDOWS\system32\drivers\down\10550359.exe C:\WINDOWS\system32\drivers\down\10554203.exe C:\WINDOWS\system32\drivers\down\10557718.exe C:\WINDOWS\system32\drivers\down\10559031.exe C:\WINDOWS\system32\drivers\down\10566640.exe C:\WINDOWS\system32\drivers\down\10571828.exe C:\WINDOWS\system32\drivers\down\10573593.exe C:\WINDOWS\system32\drivers\down\10580828.exe C:\WINDOWS\system32\drivers\down\10584140.exe C:\WINDOWS\system32\drivers\down\106281.exe C:\WINDOWS\system32\drivers\down\106968.exe C:\WINDOWS\system32\drivers\down\107703.exe C:\WINDOWS\system32\drivers\down\108062.exe C:\WINDOWS\system32\drivers\down\108687.exe C:\WINDOWS\system32\drivers\down\110640.exe C:\WINDOWS\system32\drivers\down\110906.exe C:\WINDOWS\system32\drivers\down\111140.exe C:\WINDOWS\system32\drivers\down\111812.exe C:\WINDOWS\system32\drivers\down\113265.exe C:\WINDOWS\system32\drivers\down\114343.exe C:\WINDOWS\system32\drivers\down\115203.exe C:\WINDOWS\system32\drivers\down\115250.exe C:\WINDOWS\system32\drivers\down\115343.exe C:\WINDOWS\system32\drivers\down\115593.exe C:\WINDOWS\system32\drivers\down\116343.exe C:\WINDOWS\system32\drivers\down\116515.exe C:\WINDOWS\system32\drivers\down\116937.exe C:\WINDOWS\system32\drivers\down\120453.exe C:\WINDOWS\system32\drivers\down\120843.exe C:\WINDOWS\system32\drivers\down\120875.exe C:\WINDOWS\system32\drivers\down\121921.exe C:\WINDOWS\system32\drivers\down\122406.exe C:\WINDOWS\system32\drivers\down\122546.exe C:\WINDOWS\system32\drivers\down\123640.exe C:\WINDOWS\system32\drivers\down\123906.exe C:\WINDOWS\system32\drivers\down\125250.exe C:\WINDOWS\system32\drivers\down\125343.exe C:\WINDOWS\system32\drivers\down\125906.exe C:\WINDOWS\system32\drivers\down\127234.exe C:\WINDOWS\system32\drivers\down\129343.exe C:\WINDOWS\system32\drivers\down\131296.exe C:\WINDOWS\system32\drivers\down\132015.exe C:\WINDOWS\system32\drivers\down\133046.exe C:\WINDOWS\system32\drivers\down\133125.exe C:\WINDOWS\system32\drivers\down\134062.exe C:\WINDOWS\system32\drivers\down\135218.exe C:\WINDOWS\system32\drivers\down\135875.exe C:\WINDOWS\system32\drivers\down\136109.exe C:\WINDOWS\system32\drivers\down\136546.exe C:\WINDOWS\system32\drivers\down\136906.exe C:\WINDOWS\system32\drivers\down\137828.exe C:\WINDOWS\system32\drivers\down\138140.exe C:\WINDOWS\system32\drivers\down\139203.exe C:\WINDOWS\system32\drivers\down\141078.exe C:\WINDOWS\system32\drivers\down\142234.exe C:\WINDOWS\system32\drivers\down\142500.exe C:\WINDOWS\system32\drivers\down\142531.exe C:\WINDOWS\system32\drivers\down\142703.exe C:\WINDOWS\system32\drivers\down\143093.exe C:\WINDOWS\system32\drivers\down\143921.exe C:\WINDOWS\system32\drivers\down\144000.exe C:\WINDOWS\system32\drivers\down\144250.exe C:\WINDOWS\system32\drivers\down\144312.exe C:\WINDOWS\system32\drivers\down\144593.exe C:\WINDOWS\system32\drivers\down\144968.exe C:\WINDOWS\system32\drivers\down\145046.exe C:\WINDOWS\system32\drivers\down\145265.exe C:\WINDOWS\system32\drivers\down\146375.exe C:\WINDOWS\system32\drivers\down\147750.exe C:\WINDOWS\system32\drivers\down\147859.exe C:\WINDOWS\system32\drivers\down\148125.exe C:\WINDOWS\system32\drivers\down\148765.exe C:\WINDOWS\system32\drivers\down\149625.exe C:\WINDOWS\system32\drivers\down\150359.exe C:\WINDOWS\system32\drivers\down\150531.exe C:\WINDOWS\system32\drivers\down\150718.exe C:\WINDOWS\system32\drivers\down\150765.exe C:\WINDOWS\system32\drivers\down\150984.exe C:\WINDOWS\system32\drivers\down\151000.exe C:\WINDOWS\system32\drivers\down\151031.exe C:\WINDOWS\system32\drivers\down\151062.exe C:\WINDOWS\system32\drivers\down\151593.exe C:\WINDOWS\system32\drivers\down\151625.exe C:\WINDOWS\system32\drivers\down\151921.exe C:\WINDOWS\system32\drivers\down\151953.exe C:\WINDOWS\system32\drivers\down\152343.exe C:\WINDOWS\system32\drivers\down\153203.exe C:\WINDOWS\system32\drivers\down\153218.exe C:\WINDOWS\system32\drivers\down\153765.exe C:\WINDOWS\system32\drivers\down\154250.exe C:\WINDOWS\system32\drivers\down\154265.exe C:\WINDOWS\system32\drivers\down\154296.exe C:\WINDOWS\system32\drivers\down\154343.exe C:\WINDOWS\system32\drivers\down\155171.exe C:\WINDOWS\system32\drivers\down\156750.exe C:\WINDOWS\system32\drivers\down\156765.exe C:\WINDOWS\system32\drivers\down\157609.exe C:\WINDOWS\system32\drivers\down\157843.exe C:\WINDOWS\system32\drivers\down\157968.exe C:\WINDOWS\system32\drivers\down\158000.exe C:\WINDOWS\system32\drivers\down\158453.exe C:\WINDOWS\system32\drivers\down\158953.exe C:\WINDOWS\system32\drivers\down\159281.exe C:\WINDOWS\system32\drivers\down\160125.exe C:\WINDOWS\system32\drivers\down\160218.exe C:\WINDOWS\system32\drivers\down\161609.exe C:\WINDOWS\system32\drivers\down\161781.exe C:\WINDOWS\system32\drivers\down\161968.exe C:\WINDOWS\system32\drivers\down\162921.exe C:\WINDOWS\system32\drivers\down\163640.exe C:\WINDOWS\system32\drivers\down\163765.exe C:\WINDOWS\system32\drivers\down\164812.exe C:\WINDOWS\system32\drivers\down\165015.exe C:\WINDOWS\system32\drivers\down\165296.exe C:\WINDOWS\system32\drivers\down\165421.exe C:\WINDOWS\system32\drivers\down\166468.exe C:\WINDOWS\system32\drivers\down\166687.exe C:\WINDOWS\system32\drivers\down\167859.exe C:\WINDOWS\system32\drivers\down\167906.exe C:\WINDOWS\system32\drivers\down\168109.exe C:\WINDOWS\system32\drivers\down\168484.exe C:\WINDOWS\system32\drivers\down\168781.exe C:\WINDOWS\system32\drivers\down\170421.exe C:\WINDOWS\system32\drivers\down\170625.exe C:\WINDOWS\system32\drivers\down\170953.exe C:\WINDOWS\system32\drivers\down\171765.exe C:\WINDOWS\system32\drivers\down\172984.exe C:\WINDOWS\system32\drivers\down\173234.exe C:\WINDOWS\system32\drivers\down\173828.exe C:\WINDOWS\system32\drivers\down\174703.exe C:\WINDOWS\system32\drivers\down\174781.exe C:\WINDOWS\system32\drivers\down\175640.exe C:\WINDOWS\system32\drivers\down\175687.exe C:\WINDOWS\system32\drivers\down\176406.exe C:\WINDOWS\system32\drivers\down\176453.exe C:\WINDOWS\system32\drivers\down\177234.exe C:\WINDOWS\system32\drivers\down\177812.exe C:\WINDOWS\system32\drivers\down\178140.exe C:\WINDOWS\system32\drivers\down\178781.exe C:\WINDOWS\system32\drivers\down\179140.exe C:\WINDOWS\system32\drivers\down\179203.exe C:\WINDOWS\system32\drivers\down\180000.exe C:\WINDOWS\system32\drivers\down\180781.exe C:\WINDOWS\system32\drivers\down\181265.exe C:\WINDOWS\system32\drivers\down\181390.exe C:\WINDOWS\system32\drivers\down\181734.exe C:\WINDOWS\system32\drivers\down\182343.exe C:\WINDOWS\system32\drivers\down\182453.exe C:\WINDOWS\system32\drivers\down\183312.exe C:\WINDOWS\system32\drivers\down\183390.exe C:\WINDOWS\system32\drivers\down\183453.exe C:\WINDOWS\system32\drivers\down\183828.exe C:\WINDOWS\system32\drivers\down\183906.exe C:\WINDOWS\system32\drivers\down\184281.exe C:\WINDOWS\system32\drivers\down\184750.exe C:\WINDOWS\system32\drivers\down\185968.exe C:\WINDOWS\system32\drivers\down\186093.exe C:\WINDOWS\system32\drivers\down\186312.exe C:\WINDOWS\system32\drivers\down\186562.exe C:\WINDOWS\system32\drivers\down\187296.exe C:\WINDOWS\system32\drivers\down\187500.exe C:\WINDOWS\system32\drivers\down\188046.exe C:\WINDOWS\system32\drivers\down\189250.exe C:\WINDOWS\system32\drivers\down\189796.exe C:\WINDOWS\system32\drivers\down\190343.exe C:\WINDOWS\system32\drivers\down\191078.exe C:\WINDOWS\system32\drivers\down\191187.exe C:\WINDOWS\system32\drivers\down\191718.exe C:\WINDOWS\system32\drivers\down\191750.exe C:\WINDOWS\system32\drivers\down\192140.exe C:\WINDOWS\system32\drivers\down\193265.exe C:\WINDOWS\system32\drivers\down\193375.exe C:\WINDOWS\system32\drivers\down\194406.exe C:\WINDOWS\system32\drivers\down\194921.exe C:\WINDOWS\system32\drivers\down\197140.exe C:\WINDOWS\system32\drivers\down\198703.exe C:\WINDOWS\system32\drivers\down\198812.exe C:\WINDOWS\system32\drivers\down\200078.exe C:\WINDOWS\system32\drivers\down\200265.exe C:\WINDOWS\system32\drivers\down\201265.exe C:\WINDOWS\system32\drivers\down\201343.exe C:\WINDOWS\system32\drivers\down\202515.exe C:\WINDOWS\system32\drivers\down\202578.exe C:\WINDOWS\system32\drivers\down\203546.exe C:\WINDOWS\system32\drivers\down\204265.exe C:\WINDOWS\system32\drivers\down\205203.exe C:\WINDOWS\system32\drivers\down\205546.exe C:\WINDOWS\system32\drivers\down\205953.exe C:\WINDOWS\system32\drivers\down\206187.exe C:\WINDOWS\system32\drivers\down\206515.exe C:\WINDOWS\system32\drivers\down\206531.exe C:\WINDOWS\system32\drivers\down\207046.exe C:\WINDOWS\system32\drivers\down\207171.exe C:\WINDOWS\system32\drivers\down\207312.exe C:\WINDOWS\system32\drivers\down\207640.exe C:\WINDOWS\system32\drivers\down\207828.exe C:\WINDOWS\system32\drivers\down\209531.exe C:\WINDOWS\system32\drivers\down\210125.exe C:\WINDOWS\system32\drivers\down\210171.exe C:\WINDOWS\system32\drivers\down\211421.exe C:\WINDOWS\system32\drivers\down\211953.exe C:\WINDOWS\system32\drivers\down\212078.exe C:\WINDOWS\system32\drivers\down\212609.exe C:\WINDOWS\system32\drivers\down\213187.exe C:\WINDOWS\system32\drivers\down\213265.exe C:\WINDOWS\system32\drivers\down\214343.exe C:\WINDOWS\system32\drivers\down\214687.exe C:\WINDOWS\system32\drivers\down\215437.exe C:\WINDOWS\system32\drivers\down\217484.exe C:\WINDOWS\system32\drivers\down\217859.exe C:\WINDOWS\system32\drivers\down\218843.exe C:\WINDOWS\system32\drivers\down\219000.exe C:\WINDOWS\system32\drivers\down\219500.exe C:\WINDOWS\system32\drivers\down\220296.exe C:\WINDOWS\system32\drivers\down\220390.exe C:\WINDOWS\system32\drivers\down\221234.exe C:\WINDOWS\system32\drivers\down\221875.exe C:\WINDOWS\system32\drivers\down\222218.exe C:\WINDOWS\system32\drivers\down\222953.exe C:\WINDOWS\system32\drivers\down\223562.exe C:\WINDOWS\system32\drivers\down\224265.exe C:\WINDOWS\system32\drivers\down\224531.exe C:\WINDOWS\system32\drivers\down\226218.exe C:\WINDOWS\system32\drivers\down\226296.exe C:\WINDOWS\system32\drivers\down\226796.exe C:\WINDOWS\system32\drivers\down\227156.exe C:\WINDOWS\system32\drivers\down\227875.exe C:\WINDOWS\system32\drivers\down\227953.exe C:\WINDOWS\system32\drivers\down\228640.exe C:\WINDOWS\system32\drivers\down\229390.exe C:\WINDOWS\system32\drivers\down\229750.exe C:\WINDOWS\system32\drivers\down\229765.exe C:\WINDOWS\system32\drivers\down\229906.exe C:\WINDOWS\system32\drivers\down\230343.exe C:\WINDOWS\system32\drivers\down\231390.exe C:\WINDOWS\system32\drivers\down\231421.exe C:\WINDOWS\system32\drivers\down\233703.exe C:\WINDOWS\system32\drivers\down\233875.exe C:\WINDOWS\system32\drivers\down\234453.exe C:\WINDOWS\system32\drivers\down\235875.exe C:\WINDOWS\system32\drivers\down\237078.exe C:\WINDOWS\system32\drivers\down\238328.exe C:\WINDOWS\system32\drivers\down\239687.exe C:\WINDOWS\system32\drivers\down\240140.exe C:\WINDOWS\system32\drivers\down\240296.exe C:\WINDOWS\system32\drivers\down\240984.exe C:\WINDOWS\system32\drivers\down\242093.exe C:\WINDOWS\system32\drivers\down\243265.exe C:\WINDOWS\system32\drivers\down\243437.exe C:\WINDOWS\system32\drivers\down\244312.exe C:\WINDOWS\system32\drivers\down\245156.exe C:\WINDOWS\system32\drivers\down\246671.exe C:\WINDOWS\system32\drivers\down\247765.exe C:\WINDOWS\system32\drivers\down\248843.exe C:\WINDOWS\system32\drivers\down\249562.exe C:\WINDOWS\system32\drivers\down\250781.exe C:\WINDOWS\system32\drivers\down\251062.exe C:\WINDOWS\system32\drivers\down\251906.exe C:\WINDOWS\system32\drivers\down\252421.exe C:\WINDOWS\system32\drivers\down\253484.exe C:\WINDOWS\system32\drivers\down\253875.exe C:\WINDOWS\system32\drivers\down\254578.exe C:\WINDOWS\system32\drivers\down\255609.exe C:\WINDOWS\system32\drivers\down\255781.exe C:\WINDOWS\system32\drivers\down\256437.exe C:\WINDOWS\system32\drivers\down\258109.exe C:\WINDOWS\system32\drivers\down\259203.exe C:\WINDOWS\system32\drivers\down\259687.exe C:\WINDOWS\system32\drivers\down\259703.exe C:\WINDOWS\system32\drivers\down\261546.exe C:\WINDOWS\system32\drivers\down\267062.exe C:\WINDOWS\system32\drivers\down\268921.exe C:\WINDOWS\system32\drivers\down\273593.exe C:\WINDOWS\system32\drivers\down\273718.exe C:\WINDOWS\system32\drivers\down\274718.exe C:\WINDOWS\system32\drivers\down\275156.exe C:\WINDOWS\system32\drivers\down\276734.exe C:\WINDOWS\system32\drivers\down\279031.exe C:\WINDOWS\system32\drivers\down\280859.exe C:\WINDOWS\system32\drivers\down\285546.exe C:\WINDOWS\system32\drivers\down\287734.exe C:\WINDOWS\system32\drivers\down\293906.exe C:\WINDOWS\system32\drivers\down\294281.exe C:\WINDOWS\system32\drivers\down\298343.exe C:\WINDOWS\system32\drivers\down\299531.exe C:\WINDOWS\system32\drivers\down\300093.exe C:\WINDOWS\system32\drivers\down\305640.exe C:\WINDOWS\system32\drivers\down\311234.exe C:\WINDOWS\system32\drivers\down\312625.exe C:\WINDOWS\system32\drivers\down\317937.exe C:\WINDOWS\system32\drivers\down\321406.exe C:\WINDOWS\system32\drivers\down\328109.exe C:\WINDOWS\system32\drivers\down\366484.exe C:\WINDOWS\system32\drivers\down\375953.exe C:\WINDOWS\system32\drivers\down\5329531.exe C:\WINDOWS\system32\drivers\down\5333234.exe C:\WINDOWS\system32\drivers\down\5337078.exe C:\WINDOWS\system32\drivers\down\5337906.exe C:\WINDOWS\system32\drivers\down\5341109.exe C:\WINDOWS\system32\drivers\down\5355125.exe C:\WINDOWS\system32\drivers\down\5376656.exe C:\WINDOWS\system32\drivers\down\5382484.exe C:\WINDOWS\system32\drivers\down\5385437.exe C:\WINDOWS\system32\drivers\down\5388140.exe C:\WINDOWS\system32\drivers\down\5391562.exe C:\WINDOWS\system32\drivers\down\5392984.exe C:\WINDOWS\system32\drivers\down\5403125.exe C:\WINDOWS\system32\drivers\down\5427156.exe C:\WINDOWS\system32\drivers\down\5428468.exe C:\WINDOWS\system32\drivers\down\5438140.exe C:\WINDOWS\system32\drivers\down\5442312.exe C:\WINDOWS\system32\drivers\down\5476812.exe C:\WINDOWS\system32\drivers\down\5482031.exe C:\WINDOWS\system32\drivers\down\92015.exe C:\WINDOWS\system32\drivers\down\92828.exe C:\WINDOWS\system32\drivers\down\96968.exe C:\WINDOWS\system32\drivers\down\97875.exe C:\WINDOWS\system32\drivers\hldrrr.exe C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\ghkmp.ini C:\WINDOWS\system32\ghkmp.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mdelk.exe C:\WINDOWS\system32\nqstv.ini C:\WINDOWS\system32\nqstv.ini2 C:\WINDOWS\system32\nvsvcd.exe C:\WINDOWS\system32\wintems.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA -------\Legacy_WINDOWS_LOG ((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))) . 2008-03-24 20:55 . 2008-03-24 20:55 3,631 --a------ C:\7.tmp 2008-03-24 19:51 . 2008-03-24 19:51 <DIR> d-------- C:\Program Files\Common Files\PC Tools 2008-03-24 19:15 . 2008-03-24 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-24 14:06 . 2008-03-24 14:06 <DIR> d-------- C:\Documents and Settings\Djohny Silva\Application Data\MacroVirus 2008-03-24 12:47 . 2008-03-24 12:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-24 12:47 . 2008-03-24 12:47 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-24 12:25 . 2008-03-24 12:25 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab 2008-03-23 20:56 . 2008-03-23 23:04 <DIR> d-------- C:\Program Files\RegCure 2008-03-23 20:52 . 2008-03-24 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-03-11 22:50 . 2008-03-11 22:50 127 --a------ C:\WINDOWS\system32\MRT.INI 2008-03-10 23:02 . 2008-03-17 16:01 2,634 ---hs---- C:\WINDOWS\system32\rbrfyodh.ini 2008-03-09 21:55 . 2008-03-10 22:58 2,274 --ahs---- C:\WINDOWS\system32\bnggykai.ini 2008-03-08 21:53 . 2008-03-09 21:54 2,034 --ahs---- C:\WINDOWS\system32\onxclxxh.ini 2008-03-08 21:52 . 2008-03-08 21:52 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-08 21:51 . 2008-03-08 21:54 <DIR> d-------- C:\Program Files\Windows Live 2008-03-08 21:51 . 2008-03-08 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-07 21:49 . 2008-03-08 21:49 1,674 --ahs---- C:\WINDOWS\system32\kgnqwyhs.ini 2008-03-06 17:27 . 2008-03-07 21:48 1,374 --ahs---- C:\WINDOWS\system32\lfutkxlm.ini 2008-03-05 22:21 . 2008-03-06 17:18 1,074 --ahs---- C:\WINDOWS\system32\rqkdpbne.ini 2008-03-04 21:23 . 2008-03-05 21:54 714 --ahs---- C:\WINDOWS\system32\mrdeqcnp.ini 2008-03-03 12:07 . 2008-03-04 21:16 2,337,710 --ahs---- C:\WINDOWS\system32\atapsuuj.ini 2008-03-02 12:44 . 2008-03-02 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-27 20:37 . 2008-02-27 20:37 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-02-25 16:32 . 2008-02-25 16:38 <DIR> d-------- C:\WINDOWS\SxsCaPendDel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-20 17:54 --------- d-----w C:\Program Files\Eraser 2008-04-20 15:24 --------- d-----w C:\Documents and Settings\Djohny Silva\Application Data\ErrorSmart 2008-04-20 13:46 --------- d-----w C:\Program Files\exPressit S.E. 2.1 2008-04-19 14:36 --------- d-----w C:\Documents and Settings\Djohny Silva\Application Data\Vso 2008-03-24 14:09 --------- d-----w C:\Program Files\eMule 2008-03-19 23:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-03-17 22:00 --------- d-----w C:\Program Files\iTunes 2008-03-17 22:00 --------- d-----w C:\Program Files\iPod 2008-03-07 22:08 --------- d-----w C:\Program Files\Common Files\Real 2008-02-23 21:12 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-21 23:23 --------- d-----w C:\Program Files\AVI MPEG RM WMV Joiner 2008-02-21 20:41 --------- d-----w C:\Program Files\QuickTime 2008-02-21 20:35 --------- d-----w C:\Program Files\Common Files\Apple 2008-02-20 21:57 --------- d-----w C:\Program Files\Xilisoft 2008-02-20 21:02 --------- d-----w C:\Documents and Settings\Djohny Silva\Application Data\Pegasys Inc 2008-02-20 21:00 33,408 ----a-w C:\WINDOWS\system32\drivers\CDRBSDRV.SYS 2008-02-10 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk 2008-02-09 23:39 87,608 ----a-w C:\Documents and Settings\Djohny Silva\Application Data\inst.exe 2008-02-09 23:39 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-02-09 23:39 47,360 ----a-w C:\Documents and Settings\Djohny Silva\Application Data\pcouffin.sys 2008-02-09 23:39 --------- d-----w C:\Program Files\VSO 2008-02-09 23:39 --------- d-----w C:\Program Files\Common Files\Download Manager 2008-02-01 01:02 --------- d-----w C:\Program Files\Microsoft.NET 2008-02-01 01:01 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-02-01 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-29 01:19 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd9469.sys 2008-01-28 20:53 --------- d-----w C:\Program Files\Intel Desktop Board 2008-01-28 16:52 --------- d-----w C:\Program Files\VIA Technologies, INC 2007-04-13 22:47 22,928 -c--a-w C:\Documents and Settings\Djohny Silva\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2245EF57-BC48-4416-A9C3-CAE5A2B49C62}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72D497E-5C07-48E3-8A77-AEE1A282268B}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyxvu] fccyxvu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomnm] opnomnm.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 07:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C44 Series] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] --a------ 2007-12-22 23:03 916240 C:\Program Files\Eraser\eraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-02-19 01:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 02:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-07-31 18:54 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] -ra------ 2003-05-07 15:32 36864 C:\WINDOWS\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\VoipBuster.com\\VoipBuster\\voipbuster.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "15274:TCP"= 15274:TCP:BitComet 15274 TCP "15274:UDP"= 15274:UDP:BitComet 15274 UDP S1 srosa;Megadrv3;C:\WINDOWS\system32\drivers\srosa.sys [] S2 ousbehci;%OWC_USBEHCD.DeviceDesc%;C:\WINDOWS\system32\Drivers\ousbehci.sys [2002-03-01 03:22] . Contents of the 'Scheduled Tasks' folder "2008-02-21 11:57:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-05 03:30:01 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job" - C:\Program Files\ErrorKiller\ErrorKiller.ex - C:\Program Files\ErrorKiller "2008-03-24 00:12:41 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Program Files\ErrorSmart\ErrorSmart.ex - C:\Program Files\ErrorSmart "2008-03-24 14:06:24 C:\WINDOWS\Tasks\MacroVirus Scheduled Scan.job" - C:\Program Files\MacroVirus\MacroVirus.ex - C:\Program Files\MacroVirus "2008-03-24 21:20:30 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2008-03-23 20:57:34 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-24 21:21:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\wdfmgr.exe . ************************************************************************** . Completion time: 2008-03-24 21:33:04 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-24 21:33:01 . 2008-03-11 22:57:25 --- E O F ---
|
|
#2
March 24th, 2008, 06:31 PM
|
|||
|
|||
|
here's also my malware bytes results
Malwarebytes' Anti-Malware 1.09 Database version: 534 Scan type: Quick Scan Objects scanned: 30399 Time elapsed: 6 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
|
|
#3
March 24th, 2008, 08:03 PM
|
||||
|
||||
|
* Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the Quote box below:
Quote:
* Save this as CFScript.txt and place it on your desktop.  * Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. * ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. * When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. Next Please download ATF Cleaner HERE by Atribune. It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s). * Double-click ATF-Cleaner.exe to run the program. * Under Main choose: Select All * Click the Empty Selected button. If you use Firefox browser * Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS * Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser * Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS * Click the Empty Selected button. * NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Next Please download and install SUPERAntiSpyware from HERE Load SUPERAntiSpyware and click the Check for Updates button. Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet! IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process. Open SUPERAntiSpyware and click the Scan your Computer button. Check Perform Complete Scan and then click Next. SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them, and then click Next. Click Finish and you will be taken back to the main interface. It could be possible that it will ask you to reboot your computer in order to delete some files after reboot. I'll need a log afterwards of what has been found. To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear. Please post the results of the SUPERAntiSpyware login your next reply. After all of that. Run this online virus scan: Active Scan * You will need to download an ActiveX Control to run the scan. Should you encounter a prompt saying "Click here to use this control", click there. * After scanning, you'll see an option to create a log afer the scan has finished. Click the See Report button then click the Save Report button. It will be saved with the name activescan.txt . When done post another combo fix log superantispyware log and the activescan.txt
__________________
O'Neill: "So, we basically saved your whole planet, right?" Chancellor: "Yes." O'Neill: "Are you, therefore, indebted to us in any modest way?" Chancellor: "I suppose that is the case." O'Neill: "So how 'bout the blueprints to build one of those ion cannons?" Chancellor: "You have been told our policy. That has not changed."
|
|
#4
March 24th, 2008, 09:27 PM
|
|||
|
|||
|
ComboFix 08-03-21.1 - Djohny Silva 2008-03-25 2:13:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.359 [GMT 0:00] Running from: C:\Documents and Settings\Djohny Silva\Desktop\MyCombo.exe Command switches used :: C:\Documents and Settings\Djohny Silva\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\7.tmp C:\Documents and Settings\Djohny Silva\Application Data\MacroVirus C:\WINDOWS\system32\atapsuuj.ini C:\WINDOWS\system32\bnggykai.ini C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\kgnqwyhs.ini C:\WINDOWS\system32\lfutkxlm.ini C:\WINDOWS\system32\mrdeqcnp.ini C:\WINDOWS\system32\onxclxxh.ini C:\WINDOWS\system32\rbrfyodh.ini C:\WINDOWS\system32\rqkdpbne.ini C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job C:\WINDOWS\Tasks\MacroVirus Scheduled Scan.job C:\WINDOWS\Tasks\RegCure Program Check.job C:\WINDOWS\Tasks\RegCure.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\7.tmp C:\Documents and Settings\Djohny Silva\Application Data\inst.exe C:\Program Files\RegCure C:\Program Files\RegCure\0_days.htm C:\Program Files\RegCure\1_days.htm C:\Program Files\RegCure\15_days.htm C:\Program Files\RegCure\2_days.htm C:\Program Files\RegCure\30_days.htm C:\Program Files\RegCure\5_days.htm C:\Program Files\RegCure\Animated-Bar.gif C:\Program Files\RegCure\AutoUpdate.dll C:\Program Files\RegCure\Backup\RegCureBak_March_23_08_23_04_43.bak C:\Program Files\RegCure\Backup\RegCureBak_March_23_08_23_04_43.reg C:\Program Files\RegCure\Backup\RegCureBak_March_23_08_23_04_43\Activation Key.lnk C:\Program Files\RegCure\Backup\RegCureBak_March_23_08_23_04_43\autorun.lnk C:\Program Files\RegCure\Backup\RegCureBak_March_23_08_23_04_43\CD Drive.lnk C:\Program Files\RegCure\Backup\RegCureBak_March_23_08_23_04_43\ESET NOD32 Antivirus v3.0.563.0 (Full Retail) + Activation Key + FiX 3.0 nsane.lnk C:\Program Files\RegCure\Backup\RegCureBak_March_23_08_23_04_43\license_us.lnk C:\Program Files\RegCure\Backup\RegCureBak_March_24_08_13_40_44.bak C:\Program Files\RegCure\Backup\RegCureBak_March_24_08_13_40_44.reg C:\Program Files\RegCure\Backup\RegCureBak_March_24_08_13_40_44\a2scan_080309-011705.lnk C:\Program Files\RegCure\Backup\RegCureBak_March_24_08_13_40_44\Avg.Anti-Virus.Professional.Edition.7.5.431.Build.848.lnk C:\Program Files\RegCure\Backup\RegCureBak_March_24_08_13_40_44\avg7.5.lnk C:\Program Files\RegCure\Backup\RegCureBak_March_24_08_13_40_44\AVG7.lnk C:\Program Files\RegCure\Backup\RegCureBak_March_24_08_13_40_44\Reports.lnk C:\Program Files\RegCure\buttonfill.jpg C:\Program Files\RegCure\buttonfill_expire.jpg C:\Program Files\RegCure\buttonfill_mo.jpg C:\Program Files\RegCure\buttonfill_mo_expire.jpg C:\Program Files\RegCure\config.xml C:\Program Files\RegCure\contentwrapper.gif C:\Program Files\RegCure\expire.css C:\Program Files\RegCure\footerbar.gif C:\Program Files\RegCure\help.chm C:\Program Files\RegCure\info_bubble.jpg C:\Program Files\RegCure\Logs\Regcure-23-03-08-23-05-30.zip C:\Program Files\RegCure\Logs\Regcure-24-03-08-13-41-20.zip C:\Program Files\RegCure\Logs\SystemInfo.zip C:\Program Files\RegCure\LogSettings.xml C:\Program Files\RegCure\main.css C:\Program Files\RegCure\process-animation.gif C:\Program Files\RegCure\RegCure.exe C:\Program Files\RegCure\settings.xml C:\Program Files\RegCure\subtitlebar.gif C:\Program Files\RegCure\tile_titlebar.jpg C:\Program Files\RegCure\Tip1.html C:\Program Files\RegCure\Tip10.html C:\Program Files\RegCure\Tip11.html C:\Program Files\RegCure\Tip12.html C:\Program Files\RegCure\Tip13.html C:\Program Files\RegCure\Tip14.html C:\Program Files\RegCure\Tip15.html C:\Program Files\RegCure\Tip2.html C:\Program Files\RegCure\Tip3.html C:\Program Files\RegCure\Tip4.html C:\Program Files\RegCure\Tip5.html C:\Program Files\RegCure\Tip6.html C:\Program Files\RegCure\Tip7.html C:\Program Files\RegCure\Tip8.html C:\Program Files\RegCure\Tip9.html C:\Program Files\RegCure\uninst.exe C:\Program Files\RegCure\whitelist.dat C:\Program Files\RegCure\zlibwapi.dll C:\WINDOWS\system32\atapsuuj.ini C:\WINDOWS\system32\bnggykai.ini C:\WINDOWS\system32\drivers\hldrrr.exe C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\kgnqwyhs.ini C:\WINDOWS\system32\lfutkxlm.ini C:\WINDOWS\system32\mrdeqcnp.ini C:\WINDOWS\system32\onxclxxh.ini C:\WINDOWS\system32\rbrfyodh.ini C:\WINDOWS\system32\rqkdpbne.ini C:\WINDOWS\system32\WgaTray.exe.exe C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job C:\WINDOWS\Tasks\MacroVirus Scheduled Scan.job C:\WINDOWS\Tasks\RegCure Program Check.job C:\WINDOWS\Tasks\RegCure.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_srosa ((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))) . 2008-03-25 02:12 . 2008-03-25 02:12 3,631 --a------ C:\3A.tmp 2008-03-24 22:54 . 2008-03-25 02:06 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-03-24 22:34 . 2008-03-24 22:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-03-24 22:34 . 2008-03-24 22:34 <DIR> d-------- C:\Documents and Settings\Djohny Silva\Application Data\Malwarebytes 2008-03-24 22:34 . 2008-03-24 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-03-24 19:51 . 2008-03-24 19:51 <DIR> d-------- C:\Program Files\Common Files\PC Tools 2008-03-24 19:15 . 2008-03-24 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-24 14:06 . 2008-03-24 14:06 <DIR> d-------- C:\Documents and Settings\Djohny Silva\Application Data\MacroVirus 2008-03-24 12:47 . 2008-03-24 12:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-24 12:47 . 2008-03-24 12:47 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-24 12:25 . 2008-03-24 12:25 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab 2008-03-23 20:52 . 2008-03-24 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-03-11 22:50 . 2008-03-11 22:50 127 --a------ C:\WINDOWS\system32\MRT.INI 2008-03-08 21:52 . 2008-03-08 21:52 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-08 21:51 . 2008-03-08 21:54 <DIR> d-------- C:\Program Files\Windows Live 2008-03-08 21:51 . 2008-03-08 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-02 12:44 . 2008-03-02 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-27 20:37 . 2008-02-27 20:37 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-02-25 16:32 . 2008-02-25 16:38 <DIR> d-------- C:\WINDOWS\SxsCaPendDel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-20 15:24 --------- d-----w C:\Documents and Settings\Djohny Silva\Application Data\ErrorSmart 2008-04-20 13:46 --------- d-----w C:\Program Files\exPressit S.E. 2.1 2008-04-19 14:36 --------- d-----w C:\Documents and Settings\Djohny Silva\Application Data\Vso 2008-03-24 23:58 --------- d-----w C:\Program Files\Eraser 2008-03-24 14:09 --------- d-----w C:\Program Files\eMule 2008-03-19 23:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-03-17 22:00 --------- d-----w C:\Program Files\iTunes 2008-03-17 22:00 --------- d-----w C:\Program Files\iPod 2008-03-07 22:08 --------- d-----w C:\Program Files\Common Files\Real 2008-02-23 21:12 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-21 23:23 --------- d-----w C:\Program Files\AVI MPEG RM WMV Joiner 2008-02-21 20:41 --------- d-----w C:\Program Files\QuickTime 2008-02-21 20:35 --------- d-----w C:\Program Files\Common Files\Apple 2008-02-20 21:57 --------- d-----w C:\Program Files\Xilisoft 2008-02-20 21:02 --------- d-----w C:\Documents and Settings\Djohny Silva\Application Data\Pegasys Inc 2008-02-20 21:00 33,408 ----a-w C:\WINDOWS\system32\drivers\CDRBSDRV.SYS 2008-02-10 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk 2008-02-09 23:39 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-02-09 23:39 47,360 ----a-w C:\Documents and Settings\Djohny Silva\Application Data\pcouffin.sys 2008-02-09 23:39 --------- d-----w C:\Program Files\VSO 2008-02-09 23:39 --------- d-----w C:\Program Files\Common Files\Download Manager 2008-02-01 01:02 --------- d-----w C:\Program Files\Microsoft.NET 2008-02-01 01:01 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-02-01 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-29 01:19 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd9469.sys 2008-01-28 20:53 --------- d-----w C:\Program Files\Intel Desktop Board 2008-01-28 16:52 --------- d-----w C:\Program Files\VIA Technologies, INC 2008-01-09 15:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe 2007-04-13 22:47 22,928 -c--a-w C:\Documents and Settings\Djohny Silva\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-03-24_21.26.40.75 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-24 22:54:16 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll + 2008-03-24 22:54:16 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll + 2008-03-24 22:54:16 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll + 2008-03-24 22:54:17 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll + 2008-01-09 15:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll + 2008-01-09 15:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll + 2008-03-24 22:54:18 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll + 2008-03-24 22:54:16 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll + 2008-01-09 15:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll + 2008-01-09 15:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 07:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C44 Series] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] --a------ 2007-12-22 23:03 916240 C:\Program Files\Eraser\eraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-02-19 01:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 02:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-07-31 18:54 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] -ra------ 2003-05-07 15:32 36864 C:\WINDOWS\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\VoipBuster.com\\VoipBuster\\voipbuster.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "15274:TCP"= 15274:TCP:BitComet 15274 TCP "15274:UDP"= 15274:UDP:BitComet 15274 UDP S2 ousbehci;%OWC_USBEHCD.DeviceDesc%;C:\WINDOWS\system32\Drivers\ousbehci.sys [2002-03-01 03:22] . Contents of the 'Scheduled Tasks' folder "2008-02-21 11:57:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-25 02:20:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-03-25 2:24:56 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-25 02:24:52 ComboFix2.txt 2008-03-24 21:33:05 . 2008-03-11 22:57:25 --- E O F ---
|
|
#5
March 25th, 2008, 03:33 AM
|
|||
|
|||
|
SUPERAntiSpyware Scan Log
http://www.superantispyware.com Generated 03/25/2008 at 03:24 AM Application Version : 4.0.1154 Core Rules Database Version : 3424 Trace Rules Database Version: 1416 Scan type : Quick Scan Total Scan Time : 00:47:48 Memory items scanned : 284 Memory threats detected : 0 Registry items scanned : 341 Registry threats detected : 0 File items scanned : 17527 File threats detected : 79 Adware.Tracking Cookie D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@112.2o7[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@247realmedia[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@2o7[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@adopt.euroclick[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@ads.pointroll[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@advertising[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@adviva[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@apmebf[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@as1.falkag[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@atdmt[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@belnk[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@bluestreak[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@centrica.usertracking[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@citi.bridgetrack[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@dealtime.co[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@dist.belnk[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@doubleclick[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfk4chazwbp.stats.esomniture[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfk4egd5wkq.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfk4sndzkep.stats.esomniture[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfkicgc5wep.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfkikhajkdo.stats.esomniture[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfkisocpiho.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfkiwpdzgdo.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfkoaocjmlp.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfkoencjwdp.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfkyupdzoeq.stats.esomniture[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfl4kic5odo.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfl4skdpigp.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfl4wgdzmko.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfliknc5ado.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wflionazelo.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wflocgajeko.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfloundjado.stats.esomniture[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfmikhdjcfq.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfmykhc5cgq.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wfmyqgcjscq.stats.esomniture[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wgkiagcpacp.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wgkygodzwdp.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wgkyunczccp.stats.esomniture[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wjk4oid5ado.stats.esomniture[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wjk4smajafo.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wjk4spdjoep.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wjk4ugdzwko.stats.esomniture[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wjkygiczwlq.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wjkyugcpcap.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wjl4spajaeo.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wjlisic5ekp.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wjlispdjcdp.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wjmigocjiho.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wjmyuidpoko.stats.esomniture[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wjmyumajicq.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@e-2dj6wjny-1lcjof.stats.esomniture[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@ehg-fifa.hitbox[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@ehg-usoc.hitbox[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@fastclick[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@finders.telegraph.co[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@hitbox[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@hypertracker[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@m1.webstats4u[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@mediaplex[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@nextag[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@nrstats.1anetworks[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@questionmarket[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@servedby.advertising[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@server.iad.liveperson[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@serving-sys[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@stat.dealtime[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@statse.webtrendslive[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@tradedoubler[1].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@www.stopzilla[2].txt D:\Documents and Settings\Djohny Silva\Cookies\djohny silva@xxxbookies[1].txt Worm.Alcra Variant D:\WINDOWS\SYSTEM32\CMD.COM D:\WINDOWS\SYSTEM32\NETSTAT.COM D:\WINDOWS\SYSTEM32\PING.COM D:\WINDOWS\SYSTEM32\REGEDIT.COM D:\WINDOWS\SYSTEM32\TASKKILL.COM D:\WINDOWS\SYSTEM32\TASKLIST.COM D:\WINDOWS\SYSTEM32\TRACERT.COM
|
|
#6
March 25th, 2008, 08:52 AM
|
||||
|
||||
|
This D drive seems to have a lot of crap on it. What is it?
Also waiting on panda. Make sure the D drive gets scanned also. 
|
|
#7
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
