 |
 |
| Trojan horse SHeur2.FO help :( |
| 
bizzaro
New Member
Date Joined Nov 2008
Total Posts : 16
| Posted 11-20-2008 4:28 (GMT +1) |   | avg keeps saying it deletes it but it keeps coming back when i scan again heres my hijackthis report
Logfile of HijackThis v1.99.1
Scan saved at 10:25:41 PM, on 11/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorerbaker.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\NoAdware\NoAdware5.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorerbaker.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3873A5A5-C3F8-4830-ABF5-9C83C8347B09} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {8AAE1BCA-A973-423F-9232-7007D8CED2C7} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm021YYUS
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172598100889
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\Program,Files\PermissionResearch\prai.dll,C:\Program Files\PermissionResearch\prai.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 14325
| Posted 11-20-2008 5:32 (GMT +1) | | Hello 
Please download Malwarebytes' Anti-Malware:
Or here:
to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Copy and Paste that log into your next reply, along with fresh hijackthis log.
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
| | Back to Top | | |
|
bizzaro
New Member
Date Joined Nov 2008
Total Posts : 16
| Posted 11-20-2008 9:52 (GMT +1) | | Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 2
11/20/2008 3:50:28 PM
mbam-log-2008-11-20 (15-50-28).txt
Scan type: Full Scan (C:\|H:\|)
Objects scanned: 182180
Time elapsed: 1 hour(s), 3 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 18
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}
(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a
523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a
523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-0
72e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6
ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch)
-> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch)
-> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined
and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
(Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New
Windows\Allow\netsearchsoft.com (Malware.Trace) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New
Windows\Allow\www.netsearchsoft.com (Malware.Trace) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\
(Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\3wPlayer (Trojan.Downloader) -> Quarantined and deleted
successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\gadcom (Trojan.Agent) ->
Quarantined and deleted successfully.
Files Infected:
C:\System Volume
Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1043\A0248716.exe
(Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1043\A0248717.exe
(Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1043\A0248718.exe
(Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1043\A0248719.exe
(Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1043\A0248791.exe
(Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1043\A0248792.el
(Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1043\A0248793.dll
(Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1043\A0248794.exe
(Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1097\A0249256.dll
(Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1097\A0249353.dll
(Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1097\A0249354.sys
(Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1099\A0249484.dll
(Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1113\A0250433.dll
(Spyware.Nucals) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1113\A0250432.exe
(Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvrsol32.dll (Trojan.Downloader) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\rs32net.exe (Rootkit.Agent) -> Quarantined and deleted
successfully.
now for hijackthis report
Logfile of HijackThis v1.99.1
Scan saved at 3:52:09 PM, on 11/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\Explorerbaker.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX00.000\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorerbaker.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3873A5A5-C3F8-4830-ABF5-9C83C8347B09} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {8AAE1BCA-A973-423F-9232-7007D8CED2C7} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172598100889
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\Program,Files\PermissionResearch\prai.dll,C:\Program Files\PermissionResearch\prai.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) | | Back to Top | | |
|
bizzaro
New Member
Date Joined Nov 2008
Total Posts : 16
| Posted 11-20-2008 10:23 (GMT +1) | | | avg claims i still have the SHeur2.FO trojan horse | | Back to Top | | |
|
bizzaro
New Member
Date Joined Nov 2008
Total Posts : 16
| Posted 11-21-2008 1:58 (GMT +1) | | well i just got rid of avg and got avast pro i heard its better heres my new hijackthis reports
Logfile of HijackThis v1.99.1
Scan saved at 7:58:40 PM, on 11/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorerbaker.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX00.594\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorerbaker.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3873A5A5-C3F8-4830-ABF5-9C83C8347B09} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {8AAE1BCA-A973-423F-9232-7007D8CED2C7} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172598100889
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\Program,Files\PermissionResearch\prai.dll,C:\Program Files\PermissionResearch\prai.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) | | Back to Top | | |
|
bizzaro
New Member
Date Joined Nov 2008
Total Posts : 16
| Posted 11-21-2008 5:45 (GMT +1) | | | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 14325
| Posted 11-21-2008 5:54 (GMT +1) | | | Thought so - Nice one
Used Resource Hacker ?
Please download Combofix:
And save to the desktop.
Close all other browser windows.
Please connect all your external hard drive/flash drive before running Combofix
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
Double-click on the combofix icon found on your desktop.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When finished, it will produce a logfile located at C:\combofix.txt.
Post the contents of that log in your next reply
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
| | Back to Top | | |
|
bizzaro
New Member
Date Joined Nov 2008
Total Posts : 16
| Posted 11-21-2008 6:19 (GMT +1) | | | yup resource hack is sexy lol ill brb doing what you just told me to do | | Back to Top | | |
|
bizzaro
New Member
Date Joined Nov 2008
Total Posts : 16
| Posted 11-21-2008 6:38 (GMT +1) | | ComboFix 08-11-20.02 - Compaq_Owner 2008-11-21 12:26:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2071 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 24 bytes in 2 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\{3A701~1
c:\program files\Common Files\companion wizard
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\_000217_.tmp.dll
c:\windows\system32\MSINET.oca
c:\windows\system32\unsvchosts.lzma
H:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 )))))))))))))))))))))))))))))))
.
2008-11-20 16:26 . 2008-11-20 16:26 <DIR> d-------- c:\program files\Alwil Software
2008-11-20 14:44 . 2008-11-20 14:44 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2008-11-20 14:44 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-20 14:44 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-20 14:43 . 2008-11-20 14:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-20 14:43 . 2008-11-20 14:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-19 22:12 . 2008-11-19 22:46 <DIR> d-------- c:\program files\NoAdware
2008-11-12 18:57 . 2008-11-12 18:58 <DIR> d-------- c:\program files\DVD Decrypter
2008-11-12 18:56 . 2008-11-12 18:56 <DIR> d-------- c:\program files\DVD Shrink
2008-11-12 18:56 . 2008-11-15 17:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-12 18:22 . 2008-11-12 18:22 <DIR> d-------- c:\program files\WinAVI Video Converter
2008-11-12 03:04 . 2008-11-12 03:04 118 --a------ c:\windows\system32\MRT.INI
2008-11-10 16:34 . 2008-11-10 16:34 108,144 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-10 16:32 . 2008-11-10 16:32 <DIR> d-------- c:\program files\Hasbro
2008-11-09 16:36 . 2008-11-10 16:25 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Nero
2008-11-08 23:09 . 2008-11-08 23:09 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-08 22:53 . 2008-11-08 23:12 <DIR> d-------- c:\program files\Nero
2008-11-08 22:52 . 2008-11-08 23:01 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-08 22:52 . 2008-11-08 23:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-11-08 22:08 . 2007-08-21 03:12 21,760 --a------ c:\windows\system32\drivers\point32.sys
2008-11-08 22:07 . 2008-11-08 22:07 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-08 22:07 . 2008-11-08 22:08 <DIR> d-------- c:\program files\Microsoft IntelliPoint
2008-11-07 15:45 . 2008-11-07 15:45 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\SpinTop
2008-11-06 15:27 . 2008-11-06 15:27 63,488 --a------ c:\windows\system32\rgv.xl
2008-11-06 15:27 . 2008-11-06 15:27 32,768 --a------ c:\windows\system32\fes.ra
2008-11-06 15:27 . 2008-11-06 15:27 32,768 --a------ c:\windows\system32\fe.sp
2008-11-06 15:27 . 2008-11-06 15:27 28,672 --a------ c:\windows\system32\def.help
2008-11-06 15:27 . 2008-11-06 15:27 28,672 --a------ c:\windows\system32\ceg.sdr
2008-11-06 15:27 . 2008-11-06 15:27 527 --a------ c:\windows\system32\TDSSsrat.dat
2008-11-06 15:27 . 2008-11-06 15:27 2 --a------ C:\1248859750
2008-11-06 15:26 . 2008-11-06 17:01 <DIR> d-------- c:\windows\system32\QI19
2008-11-06 15:26 . 2008-11-06 15:26 <DIR> d-------- c:\temp\NT32
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 . 2008-10-28 17:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 . 2008-10-28 17:35 802,816 --a------ c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\DivX.dll
2008-10-27 15:41 . 2008-10-27 15:41 <DIR> d-------- C:\Logs
2008-10-27 15:12 . 2008-11-06 15:27 <DIR> d-------- c:\program files\Net Tools
2008-10-27 15:04 . 2008-10-27 15:05 <DIR> d-------- c:\program files\Accessdiver
2008-10-22 10:51 . 2008-10-22 10:51 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\WinBatch
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 17:26 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\X-Chat 2
2008-11-21 17:21 --------- d-----w c:\program files\Trillian
2008-11-20 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-20 23:13 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\AVG7
2008-11-20 21:08 --------- d-----w c:\program files\Steam
2008-11-19 01:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 01:05 --------- d-----w c:\program files\Common Files\Adobe
2008-11-14 03:11 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2008-11-13 20:28 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\LimeWire
2008-11-08 16:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-07 03:26 --------- d-----w c:\program files\DivX
2008-11-06 20:42 --------- d-----w c:\program files\Yahoo!
2008-10-26 04:26 9,906 ----a-w c:\windows\system32\drivers\cv2k1.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-10 20:53 --------- d-----w c:\program files\iTunes
2008-10-10 20:53 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-10 20:52 --------- d-----w c:\program files\iPod
2008-10-03 16:53 --------- d-----w c:\program files\VALVe
2008-10-01 18:58 --------- d-----w c:\program files\Counter-Strike 1.6
2002-07-26 21:02 153,088 ----a-w c:\program files\UNWISE.EXE
2006-08-04 02:57 22 --sha-w c:\windows\SMINST\HPCD.sys
2007-07-16 04:42 39,773,472 --sha-w c:\windows\system32\drivers\fidbox.dat
2007-07-16 04:42 797,472 --sha-w c:\windows\system32\drivers\fidbox2.dat
.
file copied: c:\windows\system32\user32.dll -> c:\qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir ( 577536 bytes )
Infected c:\windows\system32\user32.dll hex repaired
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-04-06 61440]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 c:\windows\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 c:\windows\ALCWZRD.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-18 8720384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-11-18 12:39 81000 c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
--a------ 2004-02-28 12:12 144896 c:\progra~1\AIM\DeadAIM.ocm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-11-03 14:22 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2004-03-10 14:26 406016 c:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-07 18:09 1410296 c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]
--a------ 2006-12-06 17:58 1392640 c:\program files\Uniblue\Registry Booster\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
--a------ 2004-04-23 14:00 192512 c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2]
--a------ 2006-10-18 21:58 8704 c:\program files\Windows Media Connect 2\WMCCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-09-21 09:24 86016 c:\windows\SOUNDMAN.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\steamapps\\t2bskater\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Net Tools\\nettools5.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:limewire1
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-20 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-20 20560]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
S3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2006-01-20 203264]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2007-03-22 9906]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\GPU-Z.sys []
S3 tgiul50;tgiul50;c:\windows\system32\DRIVERS\tgiulnt5.sys [2008-10-13 138528]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
2008-11-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe []
2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-21 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
2006-06-30 c:\windows\Tasks\XoftSpy.job
- c:\program files\XoftSpy\XoftSpy.exe []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AIMPro - c:\program files\AIM\AIM Pro\aimpro.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\egpiqcvy.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 12:31:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\aswUpdSum.ini 107 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
.
**************************************************************************
.
Completion time: 2008-11-21 12:35:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-21 17:35:02
Pre-Run: 32,239,861,760 bytes free
Post-Run: 32,476,672,000 bytes free
224 --- E O F --- 2008-11-21 08:00:19 | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 14325
| Posted 11-21-2008 7:23 (GMT +1) | | |
Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
Copy the entire contents of the Quote Box below to Notepad.
Name the file as CFScript
and Save it on the desktop
Killall::
Snapshot::
File::
c:\windows\system32\rgv.xl
c:\windows\system32\fes.ra
c:\windows\system32\fe.sp
c:\windows\system32\def.help
c:\windows\system32\ceg.sdr
c:\windows\system32\TDSSsrat.dat
c:\windows\Tasks\1-Click Maintenance.job
c:\windows\Tasks\rpc.job
c:\windows\Tasks\XoftSpy.job
FileLook::
c:\windows\system32\drivers\cv2k1.sys
Folder::
c:\windows\system32\QI19
c:\temp\NT32
Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
| | Back to Top | | |
|
bizzaro
New Member
Date Joined Nov 2008
Total Posts : 16
| Posted 11-21-2008 9:50 (GMT +1) | | ComboFix 08-11-21.03 - Compaq_Owner 2008-11-21 15:19:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2087 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFscript.txt
* Created a new restore point
FILE ::
c:\windows\system32\ceg.sdr
c:\windows\system32\def.help
c:\windows\system32\fe.sp
c:\windows\system32\fes.ra
c:\windows\system32\rgv.xl
c:\windows\system32\TDSSsrat.dat
c:\windows\Tasks\1-Click Maintenance.job
c:\windows\Tasks\rpc.job
c:\windows\Tasks\XoftSpy.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\NT32
c:\windows\system32\ceg.sdr
c:\windows\system32\def.help
c:\windows\system32\fe.sp
c:\windows\system32\fes.ra
c:\windows\system32\QI19
c:\windows\system32\rgv.xl
c:\windows\system32\TDSSsrat.dat
c:\windows\Tasks\1-Click Maintenance.job
c:\windows\Tasks\rpc.job
c:\windows\Tasks\XoftSpy.job
.
((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 )))))))))))))))))))))))))))))))
.
2008-11-20 16:26 . 2008-11-20 16:26 <DIR> d-------- c:\program files\Alwil Software
2008-11-20 14:44 . 2008-11-20 14:44 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2008-11-20 14:44 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-20 14:44 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-20 14:43 . 2008-11-20 14:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-20 14:43 . 2008-11-20 14:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-19 22:12 . 2008-11-19 22:46 <DIR> d-------- c:\program files\NoAdware
2008-11-12 18:57 . 2008-11-12 18:58 <DIR> d-------- c:\program files\DVD Decrypter
2008-11-12 18:56 . 2008-11-12 18:56 <DIR> d-------- c:\program files\DVD Shrink
2008-11-12 18:56 . 2008-11-15 17:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-12 18:22 . 2008-11-12 18:22 <DIR> d-------- c:\program files\WinAVI Video Converter
2008-11-12 03:04 . 2008-11-12 03:04 118 --a------ c:\windows\system32\MRT.INI
2008-11-10 16:34 . 2008-11-10 16:34 108,144 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-10 16:32 . 2008-11-10 16:32 <DIR> d-------- c:\program files\Hasbro
2008-11-09 16:36 . 2008-11-10 16:25 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Nero
2008-11-08 23:09 . 2008-11-08 23:09 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-08 22:53 . 2008-11-08 23:12 <DIR> d-------- c:\program files\Nero
2008-11-08 22:52 . 2008-11-08 23:01 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-08 22:52 . 2008-11-08 23:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-11-08 22:08 . 2007-08-21 03:12 21,760 --a------ c:\windows\system32\drivers\point32.sys
2008-11-08 22:07 . 2008-11-08 22:07 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-08 22:07 . 2008-11-08 22:08 <DIR> d-------- c:\program files\Microsoft IntelliPoint
2008-11-07 15:45 . 2008-11-07 15:45 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\SpinTop
2008-11-06 15:27 . 2008-11-06 15:27 2 --a------ C:\1248859750
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 . 2008-10-28 17:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 . 2008-10-28 17:35 802,816 --a------ c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\DivX.dll
2008-10-27 15:41 . 2008-10-27 15:41 <DIR> d-------- C:\Logs
2008-10-27 15:12 . 2008-11-06 15:27 <DIR> d-------- c:\program files\Net Tools
2008-10-27 15:04 . 2008-10-27 15:05 <DIR> d-------- c:\program files\Accessdiver
2008-10-22 10:51 . 2008-10-22 10:51 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\WinBatch
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 17:26 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\X-Chat 2
2008-11-21 17:21 --------- d-----w c:\program files\Trillian
2008-11-20 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-20 23:13 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\AVG7
2008-11-20 21:08 --------- d-----w c:\program files\Steam
2008-11-19 01:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 01:05 --------- d-----w c:\program files\Common Files\Adobe
2008-11-14 03:11 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2008-11-13 20:28 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\LimeWire
2008-11-08 16:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-07 03:26 --------- d-----w c:\program files\DivX
2008-11-06 20:42 --------- d-----w c:\program files\Yahoo!
2008-10-26 04:26 9,906 ----a-w c:\windows\system32\drivers\cv2k1.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-10 20:53 --------- d-----w c:\program files\iTunes
2008-10-10 20:53 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-10 20:52 --------- d-----w c:\program files\iPod
2008-10-03 16:53 --------- d-----w c:\program files\VALVe
2008-10-01 18:58 --------- d-----w c:\program files\Counter-Strike 1.6
2002-07-26 21:02 153,088 ----a-w c:\program files\UNWISE.EXE
2006-08-04 02:57 22 --sha-w c:\windows\SMINST\HPCD.sys
2007-07-16 04:42 39,773,472 --sha-w c:\windows\system32\drivers\fidbox.dat
2007-07-16 04:42 797,472 --sha-w c:\windows\system32\drivers\fidbox2.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- c:\windows\system32\drivers\cv2k1.sys ----
Company: TamoSoft, Inc.
File Description: CommView Driver for Windows 2000
File Version: 2.3.0.1
Product Name: CommView Driver
Copyright: Copyright c 2000 TamoSoft, Inc.
Original file name: cv2k1.sys
MD5: 7f992645cfb3ce16946748a9d1eacbc6
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-04-06 61440]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 c:\windows\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 c:\windows\ALCWZRD.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-18 8720384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-11-18 12:39 81000 c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
--a------ 2004-02-28 12:12 144896 c:\progra~1\AIM\DeadAIM.ocm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-11-03 14:22 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2004-03-10 14:26 406016 c:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-07 18:09 1410296 c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]
--a------ 2006-12-06 17:58 1392640 c:\program files\Uniblue\Registry Booster\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
--a------ 2004-04-23 14:00 192512 c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2]
--a------ 2006-10-18 21:58 8704 c:\program files\Windows Media Connect 2\WMCCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-09-21 09:24 86016 c:\windows\SOUNDMAN.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\steamapps\\t2bskater\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Net Tools\\nettools5.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP&qu | |
| |
