-
March 1st, 2008, 11:05 PM
#16
Originally Posted by Ferrit
I just have to say nice protection job there AVG
well clicking on any link you see duznt help either...or downloading all those free games. a little common sense goes a long way. sorry...just cranky tonite i guess.
-
March 2nd, 2008, 12:50 AM
#17
Registered User
Originally Posted by geeksRus
well clicking on any link you see duznt help either...or downloading all those free games. a little common sense goes a long way. sorry...just cranky tonite i guess.
Seems like we all are lately
Must be that butthead winter that dont seem to want ot go away
-
March 2nd, 2008, 10:24 AM
#18
Registered User
Originally Posted by Ferrit
Must be that butthead winter that dont seem to want ot go away
Tell me about it...my house:
-
March 2nd, 2008, 12:28 PM
#19
Registered User
Yeah, the Northeast really caught it this winter. Here in Bullwind, it was 80 yesterday, and 65 at 11:30 am today, snow predicted for tomorrow.
-
March 2nd, 2008, 03:39 PM
#20
Haha crap. I definitely don't download screen savers though or anything of that sort. I'm not that much of an idiot. I'm pretty sure it was the porn downloads. OOPs!
I get bored sometimes :/
Anyway, Do I NEED to do the Eset's online scan because everytime I go to it it keeps saying that IE keeps popping up saying I can't install the ActiveX control and I enabled it all. So I don't understand it. Is there just a download for it I can go staight to? I tried looking..
-
March 2nd, 2008, 03:46 PM
#21
Registered User
If you have your operating disk, and want to come up clean? Reformat a couple of times.
-
March 2nd, 2008, 04:01 PM
#22
Yeah I would but my brother has it and he's an *** and won't give it to me so therefore I'd have to spend around 100-200 dollars for a new one which is NOT happening.
-
March 3rd, 2008, 12:17 PM
#23
Registered User
Interesting that you are having trouble with the online scan. Have you tried any others? TrendMicro Housecall would be my second choice. Alternatively, you can download a fully functional trial of NOD32 and run a scan (you have to disable AVG of course).
-
March 3rd, 2008, 12:52 PM
#24
HijackThis actually creates a text files with all the information that you posted in a picture file, but it also has additional logging that might be worth a look at.
The file is usually created in the same folder that you run HijackThis from. Copy and paste the text in the log file here.
Have you try adding the Eset website to your trusted sites?
In general you might want to delete the contents of all your temporary folders so you could cut down on scan time.
-
March 3rd, 2008, 01:01 PM
#25
Driver Terrier
PBase001, Virtumonde can hide from Hijackthis. He needs to run combofix first.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
March 3rd, 2008, 06:21 PM
#26
I'm a she. Haha.
Well !! I ran ComboFix, I'll post the log. I tried running spybot search and destroy afterwards but when I tried installing it it said it couldn't connect or some crap. I went to several sites to download it and it just doesn't. Oh well I'll post the log for ComboFix.
-
March 3rd, 2008, 06:23 PM
#27
Here's the one from Hijackthis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:22:47, on 03.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\KUMARRRR\Desktop\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O21 - SSODL: bmlvqkn - {F473A312-06C5-46BA-88FE-0AAA0D2409DB} - C:\WINDOWS\bmlvqkn.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ?????? iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Network Manager (PNMSRV) - Unknown owner - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 4911 bytes
-
March 3rd, 2008, 06:29 PM
#28
And this is the one from ComboFix if it's even needed?:
Running from: C:\Documents and Settings\KUMARRRR\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Do wnloader\qmgr0.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Do wnloader\qmgr1.dat
C:\Documents and Settings\james\Desktop\Error Cleaner.url
C:\Documents and Settings\james\Desktop\Privacy Protector.url
C:\Documents and Settings\james\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\james\Favorites\Error Cleaner.url
C:\Documents and Settings\james\Favorites\Privacy Protector.url
C:\Documents and Settings\james\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\tts\Application Data\install.dat
C:\Documents and Settings\tts\Desktop\Error Cleaner.url
C:\Documents and Settings\tts\Desktop\Privacy Protector.url
C:\Documents and Settings\tts\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\tts\Favorites\Error Cleaner.url
C:\Documents and Settings\tts\Favorites\Privacy Protector.url
C:\Documents and Settings\tts\Favorites\Spyware&Malware Protection.url
C:\Program Files\Common Files\{08123~1
C:\Program Files\SystemDefender
C:\Program Files\WinBudget
C:\WINDOWS\dat.txt
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
----- BITS: Possible infected sites -----
hxxp://77.91.228.186
hxxp://softworldnetwork.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NPF
-------\NPF
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.
2008-03-03 15:53 . 2008-03-03 16:53 <DIR> d-------- C:\Documents and Settings\KUMARRRR\.housecall6.6
2008-02-27 16:50 . 2002-11-21 15:07 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2008-02-27 16:50 . 2004-02-24 11:08 400,384 --a------ C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2008-02-27 16:50 . 2003-08-19 19:36 65,536 --a------ C:\WINDOWS\system32\Audio3D.dll
2008-02-27 16:50 . 2003-08-19 19:36 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2008-02-23 11:54 . 2008-02-23 11:54 <DIR> d-------- C:\Program Files\Lavalys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-03 23:04 --------- d-----w C:\Program Files\Soulseek
2008-03-03 19:57 --------- d-----w C:\Documents and Settings\tts\Application Data\AVG7
2008-03-02 20:09 --------- d-----w C:\Documents and Settings\tts\Application Data\Apple Computer
2008-02-27 23:05 --------- d-----w C:\Program Files\AvRack
2008-02-02 19:01 --------- d-----w C:\Documents and Settings\james\Application Data\AVG7
2008-01-28 18:10 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
2008-01-27 02:42 --------- d-----w C:\Program Files\Data Doctor Recovery FAT+NTFS (Demo)
2008-01-27 02:32 --------- d-----w C:\Program Files\Data Doctor Recovery Digital Camera (Demo)
2008-01-20 02:40 --------- d-----w C:\Documents and Settings\james\Application Data\MSN6
2008-01-19 22:16 --------- d-----w C:\Program Files\XP Antivirus
2008-01-18 23:28 --------- d-----w C:\Program Files\Java
2008-01-16 13:52 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-01-16 12:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-16 12:00 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-01-16 10:04 --------- d-----w C:\Program Files\SysCleaner
2008-01-15 17:17 --------- d-----w C:\Documents and Settings\tts\Application Data\Ventrilo
2008-01-15 16:58 --------- d-----w C:\Program Files\Ventrilo
2008-01-15 16:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-15 16:41 --------- d-----w C:\Program Files\AV Vcs 6.0
2008-01-15 08:12 --------- d-----w C:\Program Files\MP4Converter
2008-01-15 08:07 --------- d-----w C:\Program Files\NCH Swift Sound
2008-01-15 08:07 --------- d-----w C:\Documents and Settings\tts\Application Data\NCH Swift Sound
2008-01-15 08:07 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
2008-01-15 07:47 --------- d-----w C:\Program Files\Easy AVI-MPEG-RM-WMV Joiner
2008-01-14 01:12 --------- d-----w C:\Documents and Settings\tts\Application Data\Leadertech
2008-01-13 03:07 --------- d-----w C:\Program Files\iTunes
2008-01-13 03:00 --------- d-----w C:\Program Files\iPod
2008-01-13 02:47 --------- d-----w C:\Program Files\QuickTime Alternative
2008-01-13 02:46 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2008-01-13 02:44 --------- d-----w C:\Program Files\Apple Software Update
2008-01-13 02:43 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-13 02:42 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
.
-
March 3rd, 2008, 06:31 PM
#29
......
------- Sigcheck -------
8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
-c----w 12,800 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
------w 14,336 2004-08-04 05:56:58 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
----a-w 14,336 2004-08-04 05:56:58 C:\WINDOWS\system32\svchost.exe
b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
----a-w 577,024 2005-03-02 18:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
----a-w 578,048 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
-c----w 561,152 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
-c----w 577,024 2004-08-04 05:56:48 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
------w 577,024 2004-08-04 05:56:48 C:\WINDOWS\ServicePackFiles\i386\user32.dll
----a-w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\user32.dll
-c----w 577,536 2007-03-08 15:36:28 C:\WINDOWS\system32\dllcache\user32.dll
2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
-c----w 75,264 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
------w 82,944 2004-08-04 05:56:48 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
----a-w 82,944 2004-08-04 05:56:48 C:\WINDOWS\system32\ws2_32.dll
30d1c47e40efbb792ff8d3c3b51ce507 C:\WINDOWS\system32\wininet.dll
----a-w 665,088 2007-01-04 14:05:30 C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
----a-w 665,600 2007-02-20 09:52:17 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll
-c----w 593,920 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
-c----w 656,384 2004-08-04 05:56:48 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
-c----w 658,944 2007-01-04 13:37:08 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
------w 656,384 2004-08-04 05:56:48 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
----a-w 658,944 2007-02-20 09:48:18 C:\WINDOWS\system32\wininet.dll
-c----w 658,944 2007-02-20 09:48:18 C:\WINDOWS\system32\dllcache\wininet.dll
1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
-c----w 327,168 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
-c----w 359,040 2004-08-04 04:14:42 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
------w 359,040 2004-08-04 04:14:42 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
-c----w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\drivers\tcpip.sys
01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
-c----w 430,080 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
------w 502,272 2004-08-04 05:56:58 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
----a-w 502,272 2004-08-04 05:56:58 C:\WINDOWS\system32\winlogon.exe
558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
-c----w 161,536 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
------w 182,912 2004-08-04 04:14:30 C:\WINDOWS\ServicePackFiles\i386\ndis.sys
----a-w 182,912 2004-08-04 04:14:30 C:\WINDOWS\system32\drivers\ndis.sys
4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
------w 29,056 2004-08-04 04:00:08 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
------w 29,056 2004-08-04 04:00:08 C:\WINDOWS\system32\drivers\ip6fw.sys
515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,056,832 2005-03-02 00:36:40 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
----a-w 2,059,392 2006-12-19 16:12:16 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
----a-w 2,059,392 2007-02-28 09:15:56 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
-c----w 1,896,704 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
-c----w 2,056,832 2004-08-04 03:59:00 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
-c----w 2,057,600 2006-12-19 12:55:39 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
------w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
------w 2,056,832 2004-08-04 03:59:00 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
----a-w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\ntkrnlpa.exe
-c----w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,179,456 2005-03-02 01:04:22 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
----a-w 2,182,016 2006-12-19 16:51:12 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
----a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
-c----w 1,982,208 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
-c----w 2,180,992 2004-08-04 04:20:00 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
-c----w 2,180,352 2006-12-19 14:17:19 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
------w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
------w 2,180,992 2004-08-04 04:20:00 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
----a-w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\ntoskrnl.exe
-c----w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
a0732187050030ae399b241436565e64 C:\WINDOWS\explorer.exe
----a-w 1,032,192 2004-08-04 05:56:50 C:\WINDOWS\explorer.exe
-c----w 1,000,960 2001-08-23 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
------w 1,032,192 2004-08-04 05:56:50 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))) ))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 14:29 7561216]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 18:23 67584 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-16 06:01 219136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"bmlvqkn"= {F473A312-06C5-46BA-88FE-0AAA0D2409DB} - C:\WINDOWS\bmlvqkn.dll [ ]
-
March 3rd, 2008, 06:31 PM
#30
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 11:13 45056 C:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-01-16 06:00 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TPSrv"=2 (0x2)
"PSIMSVC"=2 (0x2)
"pmshellsrv"=2 (0x2)
"PAVSRV"=2 (0x2)
"PavPrSrv"=2 (0x2)
"PAVFNSVR"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R0 netflt;Panda Net Driver [NDIS Layer];C:\WINDOWS\system32\Drivers\NETFLT.SYS [2006-08-04 10:58]
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2006-08-03 15:37]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2006-08-02 13:08]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2006-06-29 21:50]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2006-08-02 13:10]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2006-05-11 21:26]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-08-29 06:23]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2006-08-02 13:15]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2006-08-02 13:17]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2005-08-12 13:36]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2006-04-25 09:02]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-09-05 10:21]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.s ys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.s ys []
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e5a34aa7-2ba5-11db-a668-000461789a00}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 17:06:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2008-03-03 17:09:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-03 23:08:58
Similar Threads
-
By xacebop in forum Spyware & Antivirus - Security
Replies: 21
Last Post: April 8th, 2008, 04:45 PM
-
By fudge83 in forum Spyware & Antivirus - Security
Replies: 9
Last Post: November 29th, 2005, 05:56 PM
-
By houllier* in forum Windows 95/98/98SE/ME
Replies: 31
Last Post: May 4th, 2004, 01:45 PM
-
By King Grover in forum Other Software Applications
Replies: 4
Last Post: September 11th, 2002, 07:06 PM
-
By Danrak in forum Tech-To-Tech
Replies: 21
Last Post: May 12th, 2000, 07:18 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks