Virus Pop-ups!!! - Page 2
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 16 to 30 of 40

Thread: Virus Pop-ups!!!

  1. March 1st, 2008, 11:05 PM #16
    geeksRus
    geeksRus is offline
    Registered User
    Join Date
    Oct 2000
    Posts
    1,569
    Quote Originally Posted by Ferrit
    I just have to say nice protection job there AVG
    well clicking on any link you see duznt help either...or downloading all those free games. a little common sense goes a long way. sorry...just cranky tonite i guess.
    Reply With Quote Reply With Quote
  2. March 2nd, 2008, 12:50 AM #17
    Ferrit
    Ferrit is offline
    Registered User Ferrit's Avatar
    Join Date
    Apr 2001
    Location
    Vancouver Island The Real Canada
    Posts
    4,952
    Quote Originally Posted by geeksRus
    well clicking on any link you see duznt help either...or downloading all those free games. a little common sense goes a long way. sorry...just cranky tonite i guess.
    Seems like we all are lately
    Must be that butthead winter that dont seem to want ot go away
    Gigabyte 990FXA-UD3
    AMD FX 8350 4ghz OCTO-Core
    Windows 8.1 PRO 64
    Adata 256 gig SSD
    Kingston HyperX 1600 16 Gigs
    Sapphire R9 280 2gig
    Enermax Liberty Modular 620
    www.northernaurora.net
    http://www.northernaurora.net/page/chat.html
    Reply With Quote Reply With Quote
  3. March 2nd, 2008, 10:24 AM #18
    shamus
    shamus is offline
    Registered User shamus's Avatar
    Join Date
    Apr 2001
    Location
    Cornish,Maine,USA
    Posts
    3,140
    Quote Originally Posted by Ferrit
    Must be that butthead winter that dont seem to want ot go away
    Tell me about it...my house:
    Reply With Quote Reply With Quote
  4. March 2nd, 2008, 12:28 PM #19
    slgrieb
    slgrieb is offline
    Registered User slgrieb's Avatar
    Join Date
    Feb 2003
    Posts
    4,103
    Yeah, the Northeast really caught it this winter. Here in Bullwind, it was 80 yesterday, and 65 at 11:30 am today, snow predicted for tomorrow.
    Reply With Quote Reply With Quote
  5. March 2nd, 2008, 03:39 PM #20
    classyfashh
    classyfashh is offline
    Registered User
    Join Date
    Feb 2008
    Posts
    37
    Haha crap. I definitely don't download screen savers though or anything of that sort. I'm not that much of an idiot. I'm pretty sure it was the porn downloads. OOPs!
    I get bored sometimes :/

    Anyway, Do I NEED to do the Eset's online scan because everytime I go to it it keeps saying that IE keeps popping up saying I can't install the ActiveX control and I enabled it all. So I don't understand it. Is there just a download for it I can go staight to? I tried looking..
    Reply With Quote Reply With Quote
  6. March 2nd, 2008, 03:46 PM #21
    xpuser357
    xpuser357 is offline
    Registered User xpuser357's Avatar
    Join Date
    Apr 2004
    Location
    Poplar Bluff, Mo.
    Posts
    1,328
    If you have your operating disk, and want to come up clean? Reformat a couple of times.
    Reply With Quote Reply With Quote
  7. March 2nd, 2008, 04:01 PM #22
    classyfashh
    classyfashh is offline
    Registered User
    Join Date
    Feb 2008
    Posts
    37
    Yeah I would but my brother has it and he's an *** and won't give it to me so therefore I'd have to spend around 100-200 dollars for a new one which is NOT happening.
    Reply With Quote Reply With Quote
  8. March 3rd, 2008, 12:17 PM #23
    slgrieb
    slgrieb is offline
    Registered User slgrieb's Avatar
    Join Date
    Feb 2003
    Posts
    4,103
    Interesting that you are having trouble with the online scan. Have you tried any others? TrendMicro Housecall would be my second choice. Alternatively, you can download a fully functional trial of NOD32 and run a scan (you have to disable AVG of course).
    Reply With Quote Reply With Quote
  9. March 3rd, 2008, 12:52 PM #24
    PBase001
    PBase001 is offline
    Registered User
    Join Date
    Jan 2001
    Location
    small dank IT hovel
    Posts
    203
    HijackThis actually creates a text files with all the information that you posted in a picture file, but it also has additional logging that might be worth a look at.

    The file is usually created in the same folder that you run HijackThis from. Copy and paste the text in the log file here.

    Have you try adding the Eset website to your trusted sites?

    In general you might want to delete the contents of all your temporary folders so you could cut down on scan time.
    Reply With Quote Reply With Quote
  10. March 3rd, 2008, 01:01 PM #25
    NooNoo
    NooNoo is offline
    Driver Terrier NooNoo's Avatar
    Join Date
    Dec 2000
    Location
    UK
    Posts
    31,824
    PBase001, Virtumonde can hide from Hijackthis. He needs to run combofix first.
    Never, ever approach a computer saying or even thinking "I will just do this quickly."
    Reply With Quote Reply With Quote
  11. March 3rd, 2008, 06:21 PM #26
    classyfashh
    classyfashh is offline
    Registered User
    Join Date
    Feb 2008
    Posts
    37
    I'm a she. Haha.

    Well !! I ran ComboFix, I'll post the log. I tried running spybot search and destroy afterwards but when I tried installing it it said it couldn't connect or some crap. I went to several sites to download it and it just doesn't. Oh well I'll post the log for ComboFix.
    Reply With Quote Reply With Quote
  12. March 3rd, 2008, 06:23 PM #27
    classyfashh
    classyfashh is offline
    Registered User
    Join Date
    Feb 2008
    Posts
    37
    Here's the one from Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 17:22:47, on 03.03.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Soulseek\slsk.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Documents and Settings\KUMARRRR\Desktop\HiJackThis_v2.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O21 - SSODL: bmlvqkn - {F473A312-06C5-46BA-88FE-0AAA0D2409DB} - C:\WINDOWS\bmlvqkn.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ?????? iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Unknown owner - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 4911 bytes
    Reply With Quote Reply With Quote
  13. March 3rd, 2008, 06:29 PM #28
    classyfashh
    classyfashh is offline
    Registered User
    Join Date
    Feb 2008
    Posts
    37
    And this is the one from ComboFix if it's even needed?:

    Running from: C:\Documents and Settings\KUMARRRR\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Do wnloader\qmgr0.dat
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Do wnloader\qmgr1.dat
    C:\Documents and Settings\james\Desktop\Error Cleaner.url
    C:\Documents and Settings\james\Desktop\Privacy Protector.url
    C:\Documents and Settings\james\Desktop\Spyware&Malware Protection.url
    C:\Documents and Settings\james\Favorites\Error Cleaner.url
    C:\Documents and Settings\james\Favorites\Privacy Protector.url
    C:\Documents and Settings\james\Favorites\Spyware&Malware Protection.url
    C:\Documents and Settings\tts\Application Data\install.dat
    C:\Documents and Settings\tts\Desktop\Error Cleaner.url
    C:\Documents and Settings\tts\Desktop\Privacy Protector.url
    C:\Documents and Settings\tts\Desktop\Spyware&Malware Protection.url
    C:\Documents and Settings\tts\Favorites\Error Cleaner.url
    C:\Documents and Settings\tts\Favorites\Privacy Protector.url
    C:\Documents and Settings\tts\Favorites\Spyware&Malware Protection.url
    C:\Program Files\Common Files\{08123~1
    C:\Program Files\SystemDefender
    C:\Program Files\WinBudget
    C:\WINDOWS\dat.txt
    C:\WINDOWS\privacy_danger
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\index.htm
    C:\WINDOWS\rs.txt
    C:\WINDOWS\search_res.txt
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\wanpacket.dll
    C:\WINDOWS\system32\wpcap.dll

    ----- BITS: Possible infected sites -----

    hxxp://77.91.228.186
    hxxp://softworldnetwork.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_NPF
    -------\NPF


    ((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
    .

    2008-03-03 15:53 . 2008-03-03 16:53 <DIR> d-------- C:\Documents and Settings\KUMARRRR\.housecall6.6
    2008-02-27 16:50 . 2002-11-21 15:07 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
    2008-02-27 16:50 . 2004-02-24 11:08 400,384 --a------ C:\WINDOWS\system32\drivers\ALCXSENS.SYS
    2008-02-27 16:50 . 2003-08-19 19:36 65,536 --a------ C:\WINDOWS\system32\Audio3D.dll
    2008-02-27 16:50 . 2003-08-19 19:36 65,536 --a------ C:\WINDOWS\system32\a3d.dll
    2008-02-23 11:54 . 2008-02-23 11:54 <DIR> d-------- C:\Program Files\Lavalys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2008-03-03 23:04 --------- d-----w C:\Program Files\Soulseek
    2008-03-03 19:57 --------- d-----w C:\Documents and Settings\tts\Application Data\AVG7
    2008-03-02 20:09 --------- d-----w C:\Documents and Settings\tts\Application Data\Apple Computer
    2008-02-27 23:05 --------- d-----w C:\Program Files\AvRack
    2008-02-02 19:01 --------- d-----w C:\Documents and Settings\james\Application Data\AVG7
    2008-01-28 18:10 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
    2008-01-27 02:42 --------- d-----w C:\Program Files\Data Doctor Recovery FAT+NTFS (Demo)
    2008-01-27 02:32 --------- d-----w C:\Program Files\Data Doctor Recovery Digital Camera (Demo)
    2008-01-20 02:40 --------- d-----w C:\Documents and Settings\james\Application Data\MSN6
    2008-01-19 22:16 --------- d-----w C:\Program Files\XP Antivirus
    2008-01-18 23:28 --------- d-----w C:\Program Files\Java
    2008-01-16 13:52 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2008-01-16 12:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-16 12:00 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
    2008-01-16 10:04 --------- d-----w C:\Program Files\SysCleaner
    2008-01-15 17:17 --------- d-----w C:\Documents and Settings\tts\Application Data\Ventrilo
    2008-01-15 16:58 --------- d-----w C:\Program Files\Ventrilo
    2008-01-15 16:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-15 16:41 --------- d-----w C:\Program Files\AV Vcs 6.0
    2008-01-15 08:12 --------- d-----w C:\Program Files\MP4Converter
    2008-01-15 08:07 --------- d-----w C:\Program Files\NCH Swift Sound
    2008-01-15 08:07 --------- d-----w C:\Documents and Settings\tts\Application Data\NCH Swift Sound
    2008-01-15 08:07 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
    2008-01-15 07:47 --------- d-----w C:\Program Files\Easy AVI-MPEG-RM-WMV Joiner
    2008-01-14 01:12 --------- d-----w C:\Documents and Settings\tts\Application Data\Leadertech
    2008-01-13 03:07 --------- d-----w C:\Program Files\iTunes
    2008-01-13 03:00 --------- d-----w C:\Program Files\iPod
    2008-01-13 02:47 --------- d-----w C:\Program Files\QuickTime Alternative
    2008-01-13 02:46 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    2008-01-13 02:44 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-13 02:43 --------- d-----w C:\Program Files\Common Files\Apple
    2008-01-13 02:42 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    .
    Reply With Quote Reply With Quote
  14. March 3rd, 2008, 06:31 PM #29
    classyfashh
    classyfashh is offline
    Registered User
    Join Date
    Feb 2008
    Posts
    37
    ......

    ------- Sigcheck -------

    8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
    -c----w 12,800 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    ------w 14,336 2004-08-04 05:56:58 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    ----a-w 14,336 2004-08-04 05:56:58 C:\WINDOWS\system32\svchost.exe

    b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
    ----a-w 577,024 2005-03-02 18:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
    ----a-w 578,048 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
    -c----w 561,152 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
    -c----w 577,024 2004-08-04 05:56:48 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
    ------w 577,024 2004-08-04 05:56:48 C:\WINDOWS\ServicePackFiles\i386\user32.dll
    ----a-w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\user32.dll
    -c----w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\dllcache\user32.dll

    2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
    -c----w 75,264 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
    ------w 82,944 2004-08-04 05:56:48 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
    ----a-w 82,944 2004-08-04 05:56:48 C:\WINDOWS\system32\ws2_32.dll

    30d1c47e40efbb792ff8d3c3b51ce507 C:\WINDOWS\system32\wininet.dll
    ----a-w 665,088 2007-01-04 14:05:30 C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
    ----a-w 665,600 2007-02-20 09:52:17 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll
    -c----w 593,920 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
    -c----w 656,384 2004-08-04 05:56:48 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
    -c----w 658,944 2007-01-04 13:37:08 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
    ------w 656,384 2004-08-04 05:56:48 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
    ----a-w 658,944 2007-02-20 09:48:18 C:\WINDOWS\system32\wininet.dll
    -c----w 658,944 2007-02-20 09:48:18 C:\WINDOWS\system32\dllcache\wininet.dll

    1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\drivers\tcpip.sys
    ----a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    -c----w 327,168 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
    -c----w 359,040 2004-08-04 04:14:42 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
    ------w 359,040 2004-08-04 04:14:42 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
    -c----w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\dllcache\tcpip.sys
    ----a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\drivers\tcpip.sys

    01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
    -c----w 430,080 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    ------w 502,272 2004-08-04 05:56:58 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    ----a-w 502,272 2004-08-04 05:56:58 C:\WINDOWS\system32\winlogon.exe

    558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
    -c----w 161,536 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
    ------w 182,912 2004-08-04 04:14:30 C:\WINDOWS\ServicePackFiles\i386\ndis.sys
    ----a-w 182,912 2004-08-04 04:14:30 C:\WINDOWS\system32\drivers\ndis.sys

    4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
    ------w 29,056 2004-08-04 04:00:08 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
    ------w 29,056 2004-08-04 04:00:08 C:\WINDOWS\system32\drivers\ip6fw.sys

    515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\ntkrnlpa.exe
    ----a-w 2,056,832 2005-03-02 00:36:40 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    ----a-w 2,059,392 2006-12-19 16:12:16 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
    ----a-w 2,059,392 2007-02-28 09:15:56 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
    -c----w 1,896,704 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
    -c----w 2,056,832 2004-08-04 03:59:00 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
    -c----w 2,057,600 2006-12-19 12:55:39 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
    ------w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
    ------w 2,056,832 2004-08-04 03:59:00 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
    ----a-w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\ntkrnlpa.exe
    -c----w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

    582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\ntoskrnl.exe
    ----a-w 2,179,456 2005-03-02 01:04:22 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
    ----a-w 2,182,016 2006-12-19 16:51:12 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
    ----a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
    -c----w 1,982,208 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
    -c----w 2,180,992 2004-08-04 04:20:00 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
    -c----w 2,180,352 2006-12-19 14:17:19 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
    ------w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
    ------w 2,180,992 2004-08-04 04:20:00 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
    ----a-w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\ntoskrnl.exe
    -c----w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

    a0732187050030ae399b241436565e64 C:\WINDOWS\explorer.exe
    ----a-w 1,032,192 2004-08-04 05:56:50 C:\WINDOWS\explorer.exe
    -c----w 1,000,960 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    ------w 1,032,192 2004-08-04 05:56:50 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))) ))))))))
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 14:29 7561216]
    "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-06-29 06:24 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "SoundMan"="SOUNDMAN.EXE" [2004-07-01 18:23 67584 C:\WINDOWS\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-16 06:01 219136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
    "bmlvqkn"= {F473A312-06C5-46BA-88FE-0AAA0D2409DB} - C:\WINDOWS\bmlvqkn.dll [ ]
    Reply With Quote Reply With Quote
  15. March 3rd, 2008, 06:31 PM #30
    classyfashh
    classyfashh is offline
    Registered User
    Join Date
    Feb 2008
    Posts
    37
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
    avldr.dll 2005-09-27 11:13 45056 C:\WINDOWS\system32\avldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    --a------ 2008-01-16 06:00 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "TPSrv"=2 (0x2)
    "PSIMSVC"=2 (0x2)
    "pmshellsrv"=2 (0x2)
    "PAVSRV"=2 (0x2)
    "PavPrSrv"=2 (0x2)
    "PAVFNSVR"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\Program Files\\Soulseek\\slsk.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

    R0 netflt;Panda Net Driver [NDIS Layer];C:\WINDOWS\system32\Drivers\NETFLT.SYS [2006-08-04 10:58]
    R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2006-08-03 15:37]
    R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2006-08-02 13:08]
    R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2006-06-29 21:50]
    R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2006-08-02 13:10]
    R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2006-05-11 21:26]
    R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-08-29 06:23]
    R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2006-08-02 13:15]
    R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2006-08-02 13:17]
    R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2005-08-12 13:36]
    R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2006-04-25 09:02]
    S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-09-05 10:21]
    S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10]
    S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.s ys []
    S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.s ys []

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e5a34aa7-2ba5-11db-a668-000461789a00}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    .
    ************************************************** ************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-03 17:06:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    ************************************************** ************************
    .
    Completion time: 2008-03-03 17:09:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-03 23:08:58
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. virus in my registry kills me after i format
    By xacebop in forum Spyware & Antivirus - Security
    Replies: 21
    Last Post: April 8th, 2008, 04:45 PM
  2. Pop ups and virus
    By fudge83 in forum Spyware & Antivirus - Security
    Replies: 9
    Last Post: November 29th, 2005, 05:56 PM
  3. XXX pop ups
    By houllier* in forum Windows 95/98/98SE/ME
    Replies: 31
    Last Post: May 4th, 2004, 01:45 PM
  4. pop ups!!???
    By King Grover in forum Other Software Applications
    Replies: 4
    Last Post: September 11th, 2002, 07:06 PM
  5. I love you virus
    By Danrak in forum Tech-To-Tech
    Replies: 21
    Last Post: May 12th, 2000, 07:18 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules