Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Help for virus where internet screen pops up
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Help for virus where internet screen pops up  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Help for virus where internet screen pops up
[ << Previous Thread | Next Thread >> ]

bull eye pea
New Member


Date Joined Aug 2008
Total Posts : 13
  		   Posted 8-3-2008 12:19 (GMT +1)    Quote: Help for virus where internet screen pops upAlert an admin about: Help for virus where internet screen pops up
Hi there.
 
Any one has any idea how i can remove this virus/worm or whatever which results in internet explorer screens popping up? Most of these are ads...
 
thanks!
 
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14350
  		   Posted 8-3-2008 1:41 (GMT +1)    Quote: Help for virus where internet screen pops upAlert an admin about: Help for virus where internet screen pops up
Hello smile


Click here - ->>  http://www.bullguard.com/forum/14/Before-posting-a-log_43561.html 
 
 
After You have run the scan tools -
 
Reboot normally
 
Post Hijackthis log along with SuperAntiSpyware log, C: combofix TXT  in this topic
 
Please copy and paste your log. DO NOT add it as an attachment
Kindly do not annotate or format the log with color or font changes.
 
NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.
 


Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

bull eye pea
New Member


Date Joined Aug 2008
Total Posts : 13
  		   Posted 8-12-2008 10:22 (GMT +1)    Quote: Help for virus where internet screen pops upAlert an admin about: Help for virus where internet screen pops up
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:50 PM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU\Utility\ACU.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Program Files\Altiris\AClient\AClntUsr.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ACU_QSB] C:\Program Files\Atheros\ACU\Utility\ACU.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Style For Eggs Idle] C:\Documents and Settings\All Users\Application Data\BROWSE PROGRAM STYLE FOR\Setup knob.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EACHABOUT] C:\DOCUME~1\Amy\APPLIC~1\EXTRAH~1\Ford Once Bash.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ef767953b6dd401c9abd57474a6516d7
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ef767953b6dd401c9abd57474a6516d7
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/29.54/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188076587196
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Insight Web Agent (cpqWebDmi) - Hewlett-Packard Company - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
--
End of file - 11752 bytes
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/11/2008 at 08:31 PM
Application Version : 4.15.1000
Core Rules Database Version : 3533
Trace Rules Database Version: 1522
Scan type       : Complete Scan
Total Scan Time : 00:50:27
Memory items scanned      : 472
Memory threats detected   : 0
Registry items scanned    : 4564
Registry threats detected : 0
File items scanned        : 14527
File threats detected     : 8
Adware.Tracking Cookie
 C:\Documents and Settings\Amy\Cookies\amy@atdmt[2].txt
 C:\Documents and Settings\Amy\Cookies\amy@revsci[2].txt
 C:\Documents and Settings\Amy\Cookies\amy@doubleclick[1].txt
 C:\Documents and Settings\Amy\Cookies\amy@indextools[3].txt
 C:\Documents and Settings\Amy\Cookies\amy@windowsmedia[1].txt
 C:\Documents and Settings\Amy\Cookies\amy@clickbank[1].txt
 C:\Documents and Settings\Amy\Cookies\amy@indextools[2].txt
Trojan.Dropper/Gen-NV
 C:\PROGRAM FILES\3WPLAYER\MINIME.EXE
ComboFix 08-08-10.05 - Amy 2008-08-11 22:22:53.1 - NTFSx86
Running from: C:\Documents and Settings\Amy\Desktop\ComboFix.exe
 * Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible infected sites -----
http://assist.talktalk.net
.
(((((((((((((((((((((((((   Files Created from 2008-07-11 to 2008-08-11  )))))))))))))))))))))))))))))))
.
2008-08-11 19:27 . 2008-08-11 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-11 19:25 . 2008-08-11 19:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-11 19:25 . 2008-08-11 19:25 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\SUPERAntiSpyware.com
2008-08-08 19:14 . 2008-08-08 19:14 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-08 19:14 . 2008-08-08 19:15 <DIR> d-------- C:\Program Files\CCleaner
2008-07-27 19:30 . 2008-07-27 19:30 <DIR> d-------- C:\Program Files\extraholebook
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 21:26 --------- d-----w C:\Documents and Settings\Amy\Application Data\Skype
2008-08-11 18:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 18:02 --------- d-----w C:\Documents and Settings\Amy\Application Data\AVG7
2008-08-08 17:47 --------- d-----w C:\Program Files\BitLord
2008-07-27 18:36 --------- d-----w C:\Documents and Settings\Amy\Application Data\extraholebook
2008-07-27 18:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\BROWSE PROGRAM STYLE FOR
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2007-10-01 19:01 17,920 ----a-w C:\Documents and Settings\Amy\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Mobile Printing"="C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE" [2003-05-23 06:12 630784]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 04:45 23120680]
"EACHABOUT"="C:\DOCUME~1\Amy\APPLIC~1\EXTRAH~1\Ford Once Bash.exe" [2008-07-27 19:30 715264]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU_QSB"="C:\Program Files\Atheros\ACU\Utility\ACU.exe" [2003-09-24 02:53 1716224]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 14:10 335872]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 20:09 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 20:08 618496]
"AClntUsr"="C:\Program Files\Altiris\AClient\AClntUsr.EXE" [2008-08-11 20:36 180224]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 06:05 200766]
"ChkAdmin"="C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE" [2003-05-12 10:33 81920]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-07-15 10:55 274432]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-28 23:24 286720]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 19:59 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 10:33 202016]
"Style For Eggs Idle"="C:\Documents and Settings\All Users\Application Data\BROWSE PROGRAM STYLE FOR\Setup knob.exe" [2008-08-11 20:46 4690944]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-30 17:01 88267 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"CPQDFWAG"="C:\WINDOWS\Cpqdiag\CpqDfwAg.exe" [2003-03-13 09:14 212992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-30 21:44 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-09-12 04:42:00 503869]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-26 09:47:13 67128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 18:01:04 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\TalkTalk\\bin\\sprtsvc.exe"=
"C:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"C:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"C:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ClntMgmt;HP Client Management Driver;C:\WINDOWS\system32\Drivers\ClntMgmt.sys [2003-03-06 02:50]
R2 cpqWebDmi;Insight Web Agent;C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [2003-05-12 10:38]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);C:\Program Files\TalkTalk\bin\sprtsvc.exe [2007-10-12 10:33]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe [2007-08-02 15:42]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 01:49]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 15:50]
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys [2003-07-17 10:06]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7dfe110-bfd8-11dc-8497-000802e86971}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - Flash.10.Setup.exe
\Shell\Open\command - Flash.10.Setup.exe
\Shell\Scan for Viruses\command - Scanner.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-08-11 C:\WINDOWS\Tasks\AC86F6E7918D6927.job
- c:\docume~1\amy\applic~1\extrah~1\Mfcd acid plus.exe [2008-07-27 19:36]
2008-08-11 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitComet - C:\Program Files\BitLord\BitLord.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk/
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.hp.com/
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 -: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ef767953b6dd401c9abd57474a6516d7
O8 -: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ef767953b6dd401c9abd57474a6516d7
O8 -: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 22:26:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?4?2?2??????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-11 22:28:01
ComboFix-quarantined-files.txt  2008-08-11 21:27:58
Pre-Run: 17,729,253,376 bytes free
Post-Run: 17,732,800,512 bytes free
144 --- E O F --- 2008-08-08 18:38:45
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14350
  		   Posted 8-13-2008 6:19 (GMT +1)    Quote: Help for virus where internet screen pops upAlert an admin about: Help for virus where internet screen pops up
Please download Malwarebytes' Anti-Malware:
http://www.besttechie.net/tools/mbam-setup.exe
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch


Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
Copy and Paste that log into your next reply, along with fresh combofix log.
 
 
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

bull eye pea
New Member


Date Joined Aug 2008
Total Posts : 13
  		   Posted 8-16-2008 1:03 (GMT +1)    Quote: Help for virus where internet screen pops upAlert an admin about: Help for virus where internet screen pops up
Malwarebytes' Anti-Malware 1.24
Database version: 1051
Windows 5.1.2600 Service Pack 2
12:47:35 PM 8/16/2008
mbam-log-8-16-2008 (12-47-35).txt
Scan type: Full Scan (C:\|)
Objects scanned: 72098
Time elapsed: 2 hour(s), 56 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3wPlayer_is1 (Trojan.Adware) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\3wPlayer (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\3wPlayer (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\3wPlayer\skins (Trojan.Downloader) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\3wPlayer\3wPlayer.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\3wPlayer\Uninstall 3wPlayer.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\3wPlayer\3wPlayer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\3wPlayer\rsqwww2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\3wPlayer\settings.ini (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\3wPlayer\settings.stp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\3wPlayer\SkinCrafterDll.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\3wPlayer\test.gif (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\3wPlayer\unins000.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\3wPlayer\unins000.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\3wPlayer\skins\PlayerSkin.skf (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy\Desktop\3wPlayer-1.9.0.0-setup-0511.exe (Trojan.Adware) -> Quarantined and deleted successfully.
 
ComboFix 08-08-15.04 - Amy 2008-08-16 12:51:08.2 - NTFSx86
Running from: C:\Documents and Settings\Amy\Desktop\ComboFix.exe
 * Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Amy\Cookies\amy@ad.adtoma[2].txt
C:\Documents and Settings\Amy\Cookies\amy@ehg-tfl.hitbox[2].txt
.
(((((((((((((((((((((((((   Files Created from 2008-07-16 to 2008-08-16  )))))))))))))))))))))))))))))))
.
2008-08-14 09:13 . 2008-08-14 09:13 <DIR> d-------- C:\Program Files\extraholebook
2008-08-13 22:31 . 2008-08-13 22:31 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\Malwarebytes
2008-08-13 22:30 . 2008-08-13 22:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-13 22:30 . 2008-08-13 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-13 22:30 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-13 22:30 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-12 23:25 . 2008-08-14 03:04 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-12 22:16 . 2008-08-12 22:16 401,720 --a------ C:\HiJackThis.exe
2008-08-12 21:51 . 2008-05-01 15:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 19:27 . 2008-08-11 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-11 19:25 . 2008-08-11 19:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-11 19:25 . 2008-08-11 19:25 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\SUPERAntiSpyware.com
2008-08-08 19:14 . 2008-08-08 19:14 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-08 19:14 . 2008-08-08 19:15 <DIR> d-------- C:\Program Files\CCleaner
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 11:55 --------- d-----w C:\Documents and Settings\Amy\Application Data\Skype
2008-08-16 08:38 --------- d-----w C:\Documents and Settings\Amy\Application Data\AVG7
2008-08-14 08:15 --------- d-----w C:\Documents and Settings\Amy\Application Data\extraholebook
2008-08-14 08:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\BROWSE PROGRAM STYLE FOR
2008-08-11 18:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-08 17:47 --------- d-----w C:\Program Files\BitLord
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-10-01 19:01 17,920 ----a-w C:\Documents and Settings\Amy\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((   snapshot@2008-08-11_22.27.37.06   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2008-04-23 04:16:28 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-04-23 21:16:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
- 2008-05-14 18:53:22 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-08-14 02:04:15 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-05-14 18:53:22 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-08-14 02:04:15 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-05-14 18:53:22 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-08-14 02:04:15 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-05-14 18:53:22 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-08-14 02:04:14 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-05-14 18:53:22 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-08-14 02:04:15 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-05-14 18:53:23 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-08-14 02:04:15 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-05-14 18:53:23 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-08-14 02:04:15 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-05-14 18:53:22 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-08-14 02:04:14 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-05-14 18:53:22 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-08-14 02:04:14 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-05-14 18:53:23 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-08-14 02:04:15 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-05-14 18:53:21 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-08-14 02:04:14 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-05-14 18:53:21 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-08-14 02:04:14 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll
- 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-24 16:23:05 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll
- 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-04-23 21:16:30 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-24 09:57:40 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:57:41 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-04-23 04:16:28 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-04-22 07:39:58 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2008-04-23 04:16:28 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-04-23 21:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 09:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:57:39 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:57:40 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:57:40 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
- 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Mobile Printing"="C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE" [2003-05-23 06:12 630784]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 04:45 23120680]
"EACHABOUT"="C:\DOCUME~1\Amy\APPLIC~1\EXTRAH~1\Ford Once Bash.exe" [2008-08-14 09:13 479232]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU_QSB"="C:\Program Files\Atheros\ACU\Utility\ACU.exe" [2003-09-24 02:53 1716224]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 14:10 335872]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 20:09 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 20:08 618496]
"AClntUsr"="C:\Program Files\Altiris\AClient\AClntUsr.EXE" [2008-08-16 09:37 180224]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 06:05 200766]
"ChkAdmin"="C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE" [2003-05-12 10:33 81920]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-07-15 10:55 274432]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-28 23:24 286720]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 19:59 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 10:33 202016]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-30 17:01 88267 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"CPQDFWAG"="C:\WINDOWS\Cpqdiag\CpqDfwAg.exe" [2003-03-13 09:14 212992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-30 21:44 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-09-12 04:42:00 503869]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-26 09:47:13 67128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 18:01:04 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\TalkTalk\\bin\\sprtsvc.exe"=
"C:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"C:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"C:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ClntMgmt;HP Client Management Driver;C:\WINDOWS\system32\Drivers\ClntMgmt.sys [2003-03-06 02:50]
R2 cpqWebDmi;Insight Web Agent;C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [2003-05-12 10:38]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);C:\Program Files\TalkTalk\bin\sprtsvc.exe [2007-10-12 10:33]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe [2007-08-02 15:42]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 01:49]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-07-30 20:07]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 15:50]
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys [2003-07-17 10:06]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7dfe110-bfd8-11dc-8497-000802e86971}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - Flash.10.Setup.exe
\Shell\Open\command - Flash.10.Setup.exe
\Shell\Scan for Viruses\command - Scanner.exe
*Newly Created Service* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
2008-08-16 C:\WINDOWS\Tasks\AC9198F6918E0B42.job
- c:\docume~1\amy\applic~1\extrah~1\Mfcd acid plus.exe [2008-08-14 09:15]
2008-08-16 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk/
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.hp.com/
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 -: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ef767953b6dd401c9abd57474a6516d7
O8 -: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ef767953b6dd401c9abd57474a6516d7
O8 -: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 12:55:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?4?2?2??@???? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-16 12:57:23
ComboFix-quarantined-files.txt  2008-08-16 11:57:17
ComboFix2.txt  2008-08-11 21:28:03
Pre-Run: 5,963,841,536 bytes free
Post-Run: 6,009,384,960 bytes free
348 --- E O F --- 2008-08-14 02:05:05
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14350
  		   Posted 8-17-2008 1:13 (GMT +1)    Quote: Help for virus where internet screen pops upAlert an admin about: Help for virus where internet screen pops up
Open notepad and copy/paste the text in the quotebox below into it:


Quote:
 
Killall::
 
Snapshot::
 
 
File::
C:\WINDOWS\Tasks\AC9198F6918E0B42.job

Folder::
C:\Program Files\extraholebook
C:\Documents and Settings\Amy\Application Data\extraholebook
C:\Documents and Settings\All Users\Application Data\BROWSE PROGRAM STYLE FOR
C:\Program Files\Logitech\Desktop Messenger
 


 
Save this as:
CFScript
 
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe

Then post fresh combofix  log.

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

bull eye pea
New Member


Date Joined Aug 2008
Total Posts : 13
  		   Posted 8-18-2008 10:17 (GMT +1)    Quote: Help for virus where internet screen pops upAlert an admin about: Help for virus where internet screen pops up
ComboFix 08-08-18.01 - Amy 2008-08-18 22:03:30.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.296 [GMT 1:00]
Running from: C:\Documents and Settings\Amy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Amy\My Documents\CFScript.txt
 * Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\Tasks\AC9198F6918E0B42.job
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\BROWSE PROGRAM STYLE FOR
C:\Documents and Settings\All Users\Application Data\BROWSE PROGRAM STYLE FOR\CORN COPY.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Amy\Application Data\extraholebook
C:\Documents and Settings\Amy\Application Data\extraholebook\[u]0[/u]
C:\Documents and Settings\Amy\Application Data\extraholebook\dcjpfsgm.exe
C:\Documents and Settings\Amy\Application Data\extraholebook\Ford Once Bash.exe
C:\Documents and Settings\Amy\Application Data\extraholebook\Mfcd acid plus.exe
C:\Documents and Settings\Amy\Application Data\extraholebook\qmhkxeyt.exe
C:\Documents and Settings\Amy\Application Data\extraholebook\stuurikr.exe
C:\Documents and Settings\Amy\UserData
C:\Documents and Settings\Amy\UserData\index.dat
C:\Program Files\extraholebook
C:\Program Files\Logitech\Desktop Messenger
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Install\bwUnin.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Install\LiteInst.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Install\readme.txt
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Install\win2000.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Plugins\Npavi32.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\backweb.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\backweb.tlb
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\BWCHelpr.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\bwfiles.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\bwlang.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\bwsec.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\bwxtext.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\Cpuinf32.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\ding.wav
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\EN\ClientRc.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\EN\registerRC.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\EN\SpriteRC.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\EN\UninstallRC.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\GAPlugProtocol.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\IAdHide.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\loading.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\pacsupport.js
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\Pre6Import.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\register.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\Restart.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\runner.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\runner.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\Sprite6.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\wtsisctd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\clasid.bak
C:\Program Files\Logitech\Desktop Messenger\8876480\enabled.txt
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\background.gif
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\browser.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\cert.db
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\chandir.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\chandir.idx
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\chn.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\chn.idx
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\DefPrefs.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\desktop-8876480-1327358.ico
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\desktop.ico
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\GenFlash\1\gen.bif
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\GenFlash\1\gen.bis
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\GenFlash\1\info.iad
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\InfoCenter.GIF
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\InfoCenter.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\main.wkg
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\UpgradePubKey.txt
C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\UsrPrefs.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWCHelpr-8876480.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ldmrchs.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ldmrcht.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ldmrdan.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ldmrdeu.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ldmresp.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ldmrfin.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ldmrfra.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ldmrita.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ldmrjpn.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ldmrkor.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ldmrnld.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ldmrnor.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ldmrptb.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ldmrsve.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe.appid.8876480
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\SyncExt.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\readme.txt
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\10e7\BWEvents.txt
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\10e7\chninfo.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\10e7\ChnReg.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\10e7\segrules.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\10e7\Stats.tmp
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\10e7\UserProf.bak
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\10e7\UserProf.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\_bwfindx.zip
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\332MD.ipk
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\action.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\Connect.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\info.iad
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\logiaction.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\MAIN.BIF
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\main.bis
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\Offer.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\Offer1.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\Offer2.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\Offer3.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\Privacy.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\resources.bif
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\resources.bis
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4664\Teaser.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\_bwfindx.zip
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\369TC.ipk
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\action.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\Connect.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\info.iad
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\logiaction.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\MAIN.BIF
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\main.bis
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\Offer.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\Offer1.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\Offer2.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\Offer3.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\Privacy.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\resources.bis
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\10bc4697\Teaser.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\BWEvents.txt
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\chninfo.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\ChnReg.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\segrules.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\Stats.tmp
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\UserProf.bak
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\376d\UserProf.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\a9a3e36\_bwfindx.zip
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\a9a3e36\info.iad
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\a9a3e53\_bwfindx.zip
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\a9a3e53\info.iad
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\a9a3e54\_bwfindx.zip
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\a9a3e54\info.iad
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\a9a3ef0\_bwfindx.zip
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\a9a3ef0\info.iad
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\a9a3f17\_bwfindx.zip
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\a9a3f17\info.iad
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\BWEvents.txt
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\chninfo.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\ChnReg.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\segrules.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\Stats.tmp
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\UserProf.bak
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\3a0d\UserProf.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\58be\BWEvents.txt
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\58be\chninfo.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\58be\ChnReg.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\58be\segrules.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\58be\Stats.tmp
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\58be\UserProf.bak
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\58be\UserProf.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\background.gif
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\browser.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\cache.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\cert.db
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\chandir.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\chandir.idx
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\chn.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\chn.idx
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\D0000000.FCS
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\DefPrefs.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\desktop-8876480-1327358.ico
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\desktop.ico
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\GenFlash\1\gen.bif
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\GenFlash\1\gen.bis
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\GenFlash\1\info.iad
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\HostCache.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\InfoCenter.GIF
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\InfoCenter.htm
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\inuse.txt
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\L0000020.FCS
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\L0000021.FCS
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\L0000022.FCS
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\L0000023.FCS
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\main.log
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\player.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\prs.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\prs.idx
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\prs_die.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\prs_die.idx
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\prs_dnd.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\prs_dnd.idx
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\prs_ext.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\prs_ext.idx
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\prs_rcv.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\prs_rcv.idx
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\S0000000.FCS
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\S0000001.FCS
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\storydb.dat
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\storydb.idx
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\UpgradePubKey.txt
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\UsrPrefs.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Amy\Data\wg1.wkg
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\DataSets.ini
C:\WINDOWS\Tasks\AC9198F6918E0B42.job
----- BITS: Possible infected sites -----
http://assist.talktalk.net
.
(((((((((((((((((((((((((   Files Created from 2008-07-18 to 2008-08-18  )))))))))))))))))))))))))))))))
.
2008-08-13 22:31 . 2008-08-13 22:31 <DIR> d-------- C:\Documents and Settings\Amy\Application Data\Malwarebytes
2008-08-13 22:30 . 2008-08-13 22:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-13 22:30 . 2008-08-13 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2