|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#16
September 14th, 2008, 11:18 AM
|
|||
|
|||
|
OTViewIt Extras logfile created on: 2008-09-14 10:15:44 - Run 2
OTViewIt by OldTimer - Version 1.0.3.1 Folder = C:\Documents and Settings\Haraldur\Desktop\Anti-Malware Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd 2.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 80.78% Memory free 3.95 Gb Paging File | 3.66 Gb Available in Paging File | 92.72% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 25.13 Gb Free Space | 10.79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 3.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List] [07-22-2008 07:15 PM | 01,093,632 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe [07-21-2008 03:58 PM | 01,052,672 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe [01-19-2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 [01-04-2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] [06-18-2008 06:46 PM | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire [04-23-2008 03:46 PM | 26,150,480 | ---- | M] (Ubisoft) -- C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 [04-16-2008 05:35 PM | 25,667,160 | ---- | M] (Ubisoft) -- C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 [02-22-2008 11:08 AM | 00,619,144 | ---- | M] (Ubisoft) -- C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assass in's Creed Update [05-07-2008 10:19 AM | 25,490,664 | ---- | M] (BioWare) -- C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game [05-07-2008 11:19 AM | 00,730,344 | ---- | M] (BioWare) -- C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher [07-24-2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour [07-24-2008 05:42 AM | 00,159,744 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager [07-22-2008 07:15 PM | 01,093,632 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe [07-21-2008 03:58 PM | 01,052,672 | ---- | M] (Nexon) -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe [01-19-2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 [01-04-2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [07-30-2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes File not found -- c:\program files\premieropinion\pmropn.exe:*:Enabled  mropn.e xe========== Winsock2 Catalogs ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WinSock2\Parameters\] NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) ========== Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\] ipp: [HKLM - No CLSID value] msdaipp: [HKLM - No CLSID value] [11-16-2007 12:36 PM | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class]) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier "{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III "{0305052F-141B-FCEC-62B2-FB5668E7933E}" = Catalyst Control Center Graphics Full New "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime "{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}" = MSXML 6.0 Parser (KB933579) "{0C5D0DC4-F5D3-46F9-AE2E-E45C99B4A6B6}" = Enemy Territory - QUAKE Wars(TM) 1.1 Patch "{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906) "{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis "{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0 "{19754346-BF3D-F1FC-9AF3-B84C216E93D7}" = Catalyst Control Center Graphics Full Existing "{1A24F9E8-009D-40FC-ABED-2AAFFAB0F4F0}" = InterLok Driver Kit "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher "{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant "{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set "{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander "{2938E4D6-DB86-4AE5-AA33-AB27FB6A8CCD}" = Auto Friend Adding Machine "{296554E6-A322-EEC8-2185-DF6E624CA990}" = Skins "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2) "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar) "{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978) "{39F55A85-B356-64D7-F2BC-1E6C70A73FB8}" = CCC Help English "{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10 "{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4 "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour "{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar) "{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation "{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support "{4C4D25EB-6513-4702-8355-F4194DE2E1D9}" = Waves 4.0 "{4C9477E1-05BB-B5FD-3559-323AEFAFF7BA}" = MySidesearch Search Assistant Adzgalore "{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar) "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar) "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger "{581CE7EA-A30D-F000-1211-088635773309}" = PLANET WL-U356A "{5C352D8A-6105-44C8-9371-43599AA01375}" = AmpliTube "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6 "{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade "{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar) "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}" = Sony Sound Forge 8.0 "{76902AF9-DA86-419D-B533-077643124722}" = Sony ACID Pro 5.0 "{771221C5-FD0B-1197-355C-B2AFAA860483}" = ccc-core-preinstall "{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0 "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation "{87DABCF7-2C38-4996-8FBE-053CA6536168}" = Sony ACID Pro 6.0 "{882EE1CB-C2FB-657F-AA98-7DC91FC72447}" = Catalyst Control Center Core Implementation "{886C92E6-4AF1-4290-BB86-4B5064A1BB7D}" = AMD Dual-Core Optimizer "{89D2879E-F327-3B5F-F7C6-6E107C816671}" = ccc-utility "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8FA5B6B7-D8BD-49F7-98D7-701C26B01E97}" = Sony Media Manager 2.3 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003 "{92B43A6F-E328-495A-ACFA-FC47C1B7215D}" = Digidesign Shared Plug-Ins 7.0 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - QUAKE Wars(TM) "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181) "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet "{C4B7FD4E-6AFD-AE07-FB7E-B9AB9B39232E}" = ccc-core-static "{C86A8B40-0702-45FA-BFEC-82B0C5932038}" = Sony Media Manager 2.1 "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1 "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader "{D13D0C87-46BA-E646-BC40-C7B0D305A75F}" = Catalyst Control Center Graphics Previews Common "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar "{D6782F44-58DB-4DE5-A65C-890320CF3F99}" = Prince of Persia The Two Thrones "{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & WhiteŽ 2 "{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector "{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) "{E17AF7A0-B0A8-4B55-A4B4-1D8D4E171BA2}" = Free Bomb Factory Plug-Ins 7.0 "{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock "{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer "{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 "{eeb86aef-4a5d-4b75-9d74-f16d438fc286}" = PremierOpinion "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2 "{F28F72E1-D867-41A2-B37C-DA8A6BEF2688}" = Scarface: The World is Yours "{F40F05BE-47BB-72E2-4064-078B69F39BDA}" = Catalyst Control Center Graphics Light "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "{F84DCD57-20AB-4E22-8892-2F88FAF76702}" = Google Web Accelerator "{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "7-Zip" = 7-Zip 4.42 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "All ATI Software" = ATI - Software Uninstall Utility "Antares Auto-Tune 3.00 RTAS PC" = Antares Auto-Tune 3.00 RTAS PC "Antares Kantos v1.02 VST & RTAS" = Antares Kantos v1.02 VST & RTAS "Antares Tube v1.02 RTAS" = Antares Tube v1.02 RTAS "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "ATI Display Driver" = ATI Display Driver "AudibleDownloadManager" = Audible Download Manager "AVG7Uninstall" = AVG 7.5 "BitTorrent" = BitTorrent 5.0.7 "CCleaner" = CCleaner (remove only) "Combat Arms" = Combat Arms "Diablo II" = Diablo II "Digidesign D-Fi" = Digidesign D-Fi "DigiDesign DINR AudioSuite v3.41.330" = DigiDesign DINR AudioSuite v3.41.330 "DigiDesign Focusrite D2 1.71.345" = DigiDesign Focusrite D2 1.71.345 "DigiDesign Focusrite D3 AudioSuite 1.51.345" = DigiDesign Focusrite D3 AudioSuite 1.51.345 "Digidesign Maxim" = Digidesign Maxim "Digidesign Soundreplacer" = Digidesign Soundreplacer "eMule" = eMule "EsetOnlineScanner" = ESET Online Scanner "GRM Tools RTAS v1.04" = GRM Tools RTAS v1.04 "HijackThis" = HijackThis 2.0.2 "InstallShield_{0C5D0DC4-F5D3-46F9-AE2E-E45C99B4A6B6}" = Enemy Territory - QUAKE Wars(TM) 1.1 Patch "InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10 "InstallShield_{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - QUAKE Wars(TM) "InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "InstallShield_{F28F72E1-D867-41A2-B37C-DA8A6BEF2688}" = Scarface: The World is Yours "IrfanView" = IrfanView (remove only) "kaqpwccjprozluu" = Browser Extension Tool Bannerstyles15 "KB893803" = Windows Installer 3.1 (KB893803) "KB893803v2" = Windows Installer 3.1 (KB893803) "KB911564" = Security Update for Windows Media Player (KB911564) "KB911565" = Security Update for Windows Media Player 10 (KB911565) "KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734) "KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398) "KB931906" = Security Update for CAPICOM (KB931906) "KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782) "KB948109_SQL9" = GDR 3068 for SQL Server Database Services 2005 ENU (KB948109) "LastFM_is1" = Last.fm 1.5.1.29527 "LimeWire" = LimeWire 4.18.3 "M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mcafee SecurityCenter" = McAfee SecurityCenter "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "milehighads" = Browser Optimizer Milehighads "Move Player_is1" = Move Networks Player for Firefox "Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1) "MP3 Wave Converter_is1" = MP3 Wave Converter 3.0 "MySpaceIM" = MySpaceIM "Nero - Burning Rom!UninstallKey" = Nero OEM "NVIDIA Drivers" = NVIDIA Drivers "Pitch'n'Time RTAS v2.1" = Pitch'n'Time RTAS v2.1 "PunkBusterSvc" = PunkBuster Services "RealPlayer 6.0" = RealPlayer "S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl "ScummVM_is1" = ScummVM 0.11.1 "Serato Scratch Studio Edition RTAS v1.0" = Serato Scratch Studio Edition RTAS v1.0 "ShockwaveFlash" = Macromedia Flash Player 8 "SolAdsGames" = SolAds Games Collection "Sony Inflator RTAS v1.0" = Sony Inflator RTAS v1.0 "SPEED 1.04" = SPEED 1.04 "Synchro Arts VocAlign Project AudioSuite PlugIn v2.8" = Synchro Arts VocAlign Project AudioSuite PlugIn v2.8 "VLC media player" = VideoLAN VLC media player 0.8.6a "Waves Diamond Bundle v5.2" = Waves Diamond Bundle v5.2 "WgaNotify" = Windows Genuine Advantage Notifications (KB905474) "WIC" = Windows Imaging Component "Windows Live Toolbar" = Windows Live Toolbar "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinRAR archiver" = WinRAR archiver "wxPython2.8-ansi-py25_is1" = wxPython 2.8.7.1 (ansi) for Python 2.5 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 |
|
#17
September 14th, 2008, 11:18 AM
|
|||
|
|||
|
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall] "InstallShield_{2938E4D6-DB86-4AE5-AA33-AB27FB6A8CCD}" = Auto Friend Adding Machine "Warcraft III" = Warcraft III: All Products ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-790525478-1336601894-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall] "InstallShield_{2938E4D6-DB86-4AE5-AA33-AB27FB6A8CCD}" = Auto Friend Adding Machine "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2008-05-08 10:42:35 | Computer Name = HTH-NEMESIS | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module flash9f.ocx, version 9.0.124.0, fault address 0x00059e66. Error - 2008-05-16 09:49:31 | Computer Name = HTH-NEMESIS | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2008-05-18 05:27:28 | Computer Name = HTH-NEMESIS | Source = MSSQL$SONY_MEDIAMGR2 | ID = 17207 Description = FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'C:\Documents and Settings\Haraldur\My Documents\Sony Media Libraries\Default_log.LDF'. Diagnose and correct the operating system error, and retry the operation. Error - 2008-05-18 08:35:00 | Computer Name = HTH-NEMESIS | Source = MSSQL$SONY_MEDIAMGR2 | ID = 17207 Description = FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'C:\Documents and Settings\Haraldur\My Documents\Sony Media Libraries\Default_log.LDF'. Diagnose and correct the operating system error, and retry the operation. Error - 2008-05-19 20:15:14 | Computer Name = HTH-NEMESIS | Source = Application Error | ID = 1000 Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting module quicktimewebhelper.qtx, version 7.4.5.67, fault address 0x00006fd0. Error - 2008-05-21 06:32:27 | Computer Name = HTH-NEMESIS | Source = MSSQL$SONY_MEDIAMGR2 | ID = 17207 Description = FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'C:\Documents and Settings\Haraldur\My Documents\Sony Media Libraries\Default_log.LDF'. Diagnose and correct the operating system error, and retry the operation. [ System Events ] Error - 2008-09-12 13:25:00 | Computer Name = HTH-NEMESIS | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 2008-09-12 14:25:00 | Computer Name = HTH-NEMESIS | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 2008-09-12 15:25:00 | Computer Name = HTH-NEMESIS | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 2008-09-12 16:25:00 | Computer Name = HTH-NEMESIS | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 2008-09-12 17:25:00 | Computer Name = HTH-NEMESIS | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 2008-09-12 18:25:00 | Computer Name = HTH-NEMESIS | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 2008-09-12 19:25:00 | Computer Name = HTH-NEMESIS | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 2008-09-12 20:25:00 | Computer Name = HTH-NEMESIS | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 2008-09-12 21:25:00 | Computer Name = HTH-NEMESIS | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 2008-09-14 06:14:02 | Computer Name = HTH-NEMESIS | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: nvatabus < End of report > Once again, thank you big time, I really appreciate this. |
|
#18
September 14th, 2008, 11:21 PM
|
||||
|
||||
|
Open notepad and copy and paste the text in the codebox below into it:
Code:
File:: C:\WINDOWS\mbd232.exe C:\WINDOWS\DWrvg.exe C:\WINDOWS\System32\g97.exe C:\WINDOWS\System32\kswiwkeokeymnlvd.dll-uninst.exe C:\WINDOWS\System32\lcntstdl.exe C:\WINDOWS\System32\kaqpwccjprozluu.exe C:\WINDOWS\System32\milehighads-remove.exe Folder:: C:\WINDOWS\System32\sl5 C:\WINDOWS\System32\t C:\WINDOWS\System32\mC02 C:\Program Files\PremierOpinion  ComboFix will run again. When the fix completes it will create a C:\ComboFix.txt log. Please post that log in your next reply. Also post a new Hijack This log. |
|
#19
September 15th, 2008, 12:55 AM
|
|||
|
|||
|
I had to update combofix after dropping the script in it, hope that didn't interfere with anything.
ComboFix 08-09-14.01 - Haraldur 2008-09-14 23:31:25.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1684 [GMT 0:00] Running from: C:\ComboFix.exe Command switches used :: C:\Documents and Settings\Haraldur\Desktop\Anti-Malware\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\PremierOpinion C:\Program Files\PremierOpinion\pmai.dll C:\Program Files\PremierOpinion\pmoci.bin C:\Program Files\PremierOpinion\pmph.dll C:\Program Files\PremierOpinion\pmservice.exe C:\Program Files\PremierOpinion\pmxf.dll C:\WINDOWS\DWrvg.exe C:\WINDOWS\mbd232.exe C:\WINDOWS\system32\eqtgmjnn.dll C:\WINDOWS\System32\g97.exe C:\WINDOWS\System32\kaqpwccjprozluu.exe C:\WINDOWS\System32\kswiwkeokeymnlvd.dll-uninst.exe C:\WINDOWS\System32\lcntstdl.exe C:\WINDOWS\System32\mC02 C:\WINDOWS\System32\mC02\mC022328.exe C:\WINDOWS\System32\milehighads-remove.exe C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\System32\sl5 C:\WINDOWS\System32\sl5\ATV5105nt.exe C:\WINDOWS\System32\t C:\WINDOWS\System32\t\QS2214v3.exe . ((((((((((((((((((((((((( Files Created from 2008-08-14 to 2008-09-14 ))))))))))))))))))))))))))))))) . 2008-09-14 10:05 . 2008-09-14 10:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-14 10:05 . 2008-09-14 10:05 <DIR> d-------- C:\Documents and Settings\Haraldur\Application Data\Malwarebytes 2008-09-14 10:05 . 2008-09-14 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-14 10:05 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-14 10:05 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-13 18:13 . 2008-09-13 18:13 268 --ah----- C:\sqmdata10.sqm 2008-09-13 18:13 . 2008-09-13 18:13 244 --ah----- C:\sqmnoopt10.sqm 2008-09-13 09:12 . 2008-09-14 23:30 2,851,811 -ra------ C:\ComboFix.exe 2008-09-12 15:15 . 2008-09-12 15:15 268 --ah----- C:\sqmdata08.sqm 2008-09-12 15:15 . 2008-09-12 15:15 244 --ah----- C:\sqmnoopt09.sqm 2008-09-12 15:15 . 2008-09-12 15:15 244 --ah----- C:\sqmnoopt08.sqm 2008-09-12 15:15 . 2008-09-12 15:15 232 --ah----- C:\sqmdata09.sqm 2008-09-11 19:17 . 2008-09-11 19:17 268 --ah----- C:\sqmdata07.sqm 2008-09-11 19:17 . 2008-09-11 19:17 244 --ah----- C:\sqmnoopt07.sqm 2008-09-11 08:33 . 2008-09-11 08:33 <DIR> d-------- C:\temp\mtc2 2008-09-10 18:42 . 2008-09-10 18:42 268 --ah----- C:\sqmdata06.sqm 2008-09-10 18:42 . 2008-09-10 18:42 244 --ah----- C:\sqmnoopt06.sqm 2008-09-09 18:20 . 2008-09-09 18:20 93 --a------ C:\WINDOWS\wininit.ini 2008-09-09 18:02 . 2008-09-09 18:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-09-09 18:02 . 2008-09-09 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-09 17:26 . 2008-09-10 19:01 <DIR> d-------- C:\Documents and Settings\Ragnar\Incomplete 2008-09-09 17:24 . 2008-09-09 17:24 268 --ah----- C:\sqmdata05.sqm 2008-09-09 17:24 . 2008-09-09 17:24 244 --ah----- C:\sqmnoopt05.sqm 2008-09-09 17:16 . 2008-09-09 17:16 244 --ah----- C:\sqmnoopt04.sqm 2008-09-09 17:16 . 2008-09-09 17:16 244 --ah----- C:\sqmnoopt03.sqm 2008-09-09 17:16 . 2008-09-09 17:16 232 --ah----- C:\sqmdata04.sqm 2008-09-09 17:16 . 2008-09-09 17:16 232 --ah----- C:\sqmdata03.sqm 2008-09-09 17:15 . 2008-09-09 17:15 <DIR> d-------- C:\Documents and Settings\Ragnar\Application Data\ATI 2008-09-08 23:30 . 2008-09-08 23:30 <DIR> d-------- C:\temp\dax41 2008-09-08 23:30 . 2008-09-08 23:30 71 --a------ C:\Documents and Settings\Haraldur\6936.bat 2008-09-08 23:19 . 2008-09-08 23:19 <DIR> d-------- C:\Program Files\SolAds Games Collection 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\Video Hardware Drivers 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\Startup Project 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\MIDI Drivers 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\HTML_ASSETS 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\Grooves 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\FileIO Plug-Ins 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\Audio Hardware Drivers 2008-09-08 23:00 . 2008-09-08 23:00 <DIR> d-------- C:\Program Files\Sonic Foundry Setup 2008-09-05 16:20 . 2008-09-08 00:02 <DIR> d-------- C:\Documents and Settings\Haraldur\Application Data\SPORE 2008-09-05 16:17 . 2008-09-05 16:17 <DIR> d-------- C:\ProgramData 2008-09-04 12:02 . 2008-09-04 12:18 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-09-14 12:47 --------- d-----w C:\Documents and Settings\Haraldur\Application Data\AVG7 2008-09-13 01:57 --------- d-----w C:\Documents and Settings\Haraldur\Application Data\wsInspector 2008-09-10 19:01 --------- d-----w C:\Documents and Settings\Ragnar\Application Data\LimeWire 2008-09-08 23:08 --------- d-----w C:\Program Files\Sony 2008-09-06 09:17 --------- d-----w C:\Program Files\Apple Software Update 2008-09-05 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-05 16:18 --------- d-----w C:\Program Files\Electronic Arts 2008-08-25 18:07 --------- d-----w C:\Program Files\D2 2008-08-13 13:13 94,208 ----a-w C:\WINDOWS\DIIUnin.exe 2008-08-13 13:13 2,829 ----a-w C:\WINDOWS\DIIUnin.pif 2008-08-13 12:54 --------- d-----w C:\Program Files\Diablo II 2008-08-02 10:02 --------- d-----w C:\Program Files\iTunes 2008-08-02 10:02 --------- d-----w C:\Program Files\iPod 2008-07-26 22:37 --------- d-----w C:\Program Files\LimeWire 2008-07-26 22:36 --------- d-----w C:\Documents and Settings\Ragnar\Application Data\AVG7 2008-07-24 12:59 --------- d-----w C:\Program Files\MSN Messenger 2008-07-24 05:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-24 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS 2008-07-19 10:01 --------- d-----w C:\Program Files\Bonjour 2008-07-19 10:00 --------- d-----w C:\Program Files\QuickTime 2008-01-10 23:37 22,328 ----a-w C:\Documents and Settings\Haraldur\Application Data\PnkBstrK.sys 2007-12-10 20:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2006-07-23 12:59 0 ----a-w C:\Documents and Settings\Haraldur\TRACE_BOOT_1_1.BIN 2004-10-22 15:05 4,128,256 ----a-w C:\Documents and Settings\Ragnar\acid50.exe 2004-10-22 15:00 946,176 ----a-w C:\Documents and Settings\Ragnar\sfvstwrap.dll 2004-10-22 15:00 2,756,608 ----a-w C:\Documents and Settings\Ragnar\acid50k.dll 2004-10-22 14:52 516,096 ----a-w C:\Documents and Settings\Ragnar\sfnetmedia.dll 2004-10-22 14:52 1,581,056 ----a-w C:\Documents and Settings\Ragnar\sfs4rw.dll 2004-10-22 14:51 937,984 ----a-w C:\Documents and Settings\Ragnar\sfmarket2.dll 2004-10-22 14:51 487,424 ----a-w C:\Documents and Settings\Ragnar\sfpublish.dll 2004-10-22 14:51 212,992 ----a-w C:\Documents and Settings\Ragnar\sfconfigmgr.dll 2004-10-22 14:48 655,360 ----a-w C:\Documents and Settings\Ragnar\sfcdx.dll 2004-10-22 14:47 73,728 ----a-w C:\Documents and Settings\Ragnar\sfspti.dll 2004-10-22 14:47 589,824 ----a-w C:\Documents and Settings\Ragnar\sfcdi.dll 2004-10-22 14:47 19,456 ----a-w C:\Documents and Settings\Ragnar\sfscsi.dll 2004-10-22 14:47 13,824 ----a-w C:\Documents and Settings\Ragnar\sfspti2.dll 2004-10-15 13:18 3,427 ----a-w C:\Documents and Settings\Ragnar\acid50.zip 2004-10-01 22:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2004-05-10 15:43 49,152 ----a-w C:\Documents and Settings\Ragnar\OpcPcmImporter.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-13_ 9.42.05.15 ))))))))))))))))))))))))))))))))))))))))) . + 2007-04-19 13:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403119 00063D11C8EF10054038389C\11.0.8173\IETAG.DLL - 2008-08-15 03:02:10 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2008-09-14 09:57:03 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2008-08-15 03:02:18 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-09-14 09:56:55 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-08-15 03:02:18 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-09-14 09:56:55 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-08-15 03:02:18 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-09-14 09:56:55 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-08-15 03:02:18 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-09-14 09:56:55 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-08-15 03:02:18 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-09-14 09:56:55 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-08-15 03:02:18 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-09-14 09:56:55 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-08-15 03:02:18 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-09-14 09:56:55 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-08-15 03:02:18 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-09-14 09:56:55 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-08-15 03:02:18 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-09-14 09:56:55 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2008-08-15 03:02:11 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe + 2008-09-14 09:57:08 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe - 2008-06-13 16:03:29 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe + 2008-09-13 09:56:43 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe + 2008-04-15 17:54:19 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-10-08 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 C:\WINDOWS\SOUNDMAN.EXE] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-07 219136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-05-04 434176] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---h----- 2006-07-08 05:18 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"= "C:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 31744] S3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr .sys [2005-09-27 27328] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 61600] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 9360] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 97184] S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 88688] S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 86560] S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.s ys [2005-08-16 278016] S3 ZD1211U(PLANET Technology Corp.);PLANET WL-U356A Driver(PLANET Technology Corp.);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016] S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\system32\ZDBRGSYS.SYS [2004-06-30 19200] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e83ff8f7-097b-11dc-88e0-00304f4b041f}] \Shell\Auto\command - RavMon.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKLM-Run-PremierOpinion - C:\program files\premieropinion\pmropn.exe HKLM-Run-bucysukdnvkp - C:\WINDOWS\system32\rnmbxrusvd.dll ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-14 23:39:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE . ************************************************** ************************ . Completion time: 2008-09-14 23:54:26 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-14 23:54:23 ComboFix2.txt 2008-09-13 09:42:22 Pre-Run: 26,776,457,216 bytes free Post-Run: 26,806,571,008 bytes free 246 --- E O F --- 2008-09-14 09:57:08 |
|
#20
September 15th, 2008, 12:56 AM
|
|||
|
|||
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54, on 2008-09-14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?7fac99367c6a40b6ae765cc10735b1c9 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?7fac99367c6a40b6ae765cc10735b1c9 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: digiSPTIService - Unknown owner - C:\Documents and Settings\Haraldur\Desktop\Ragnar\Digidesign\Pro Tools\digiSPTIService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 6402 bytes |
|
#21
September 15th, 2008, 01:34 AM
|
||||
|
||||
|
No that's ok. Run ComboFix again but use the below script this time.
Code:
File::
C:\Documents and Settings\Haraldur\6936.bat
C:\ravmon.exe
C:\Windows\ravmon.exe
C:\Windows\System32\ravmon.exe
Folder::
C:\temp\mtc2
C:\temp\dax41
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{7E853D72-626A-48EC-A868-BA8D5E23E045}=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e83ff8f7-097b-11dc-88e0-00304f4b041f}]
|
|
#22
September 15th, 2008, 05:47 PM
|
|||
|
|||
|
Here you go:
ComboFix 08-09-14.06 - Haraldur 2008-09-15 16:32:06.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1699 [GMT 0:00] Running from: C:\ComboFix.exe Command switches used :: C:\Documents and Settings\Haraldur\Desktop\Anti-Malware\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Haraldur\6936.bat C:\temp\dax41 C:\temp\dax41\A3G.log C:\temp\mtc2 C:\temp\mtc2\h5v.log . ((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 ))))))))))))))))))))))))))))))) . 2008-09-14 10:05 . 2008-09-14 10:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-14 10:05 . 2008-09-14 10:05 <DIR> d-------- C:\Documents and Settings\Haraldur\Application Data\Malwarebytes 2008-09-14 10:05 . 2008-09-14 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-14 10:05 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-14 10:05 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-13 18:13 . 2008-09-13 18:13 268 --ah----- C:\sqmdata10.sqm 2008-09-13 18:13 . 2008-09-13 18:13 244 --ah----- C:\sqmnoopt10.sqm 2008-09-13 09:12 . 2008-09-15 16:31 2,852,360 -ra------ C:\ComboFix.exe 2008-09-12 15:15 . 2008-09-12 15:15 268 --ah----- C:\sqmdata08.sqm 2008-09-12 15:15 . 2008-09-12 15:15 244 --ah----- C:\sqmnoopt09.sqm 2008-09-12 15:15 . 2008-09-12 15:15 244 --ah----- C:\sqmnoopt08.sqm 2008-09-12 15:15 . 2008-09-12 15:15 232 --ah----- C:\sqmdata09.sqm 2008-09-11 19:17 . 2008-09-11 19:17 268 --ah----- C:\sqmdata07.sqm 2008-09-11 19:17 . 2008-09-11 19:17 244 --ah----- C:\sqmnoopt07.sqm 2008-09-10 18:42 . 2008-09-10 18:42 268 --ah----- C:\sqmdata06.sqm 2008-09-10 18:42 . 2008-09-10 18:42 244 --ah----- C:\sqmnoopt06.sqm 2008-09-09 18:20 . 2008-09-09 18:20 93 --a------ C:\WINDOWS\wininit.ini 2008-09-09 18:02 . 2008-09-09 18:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-09-09 18:02 . 2008-09-09 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-09 17:26 . 2008-09-10 19:01 <DIR> d-------- C:\Documents and Settings\Ragnar\Incomplete 2008-09-09 17:24 . 2008-09-09 17:24 268 --ah----- C:\sqmdata05.sqm 2008-09-09 17:24 . 2008-09-09 17:24 244 --ah----- C:\sqmnoopt05.sqm 2008-09-09 17:16 . 2008-09-09 17:16 244 --ah----- C:\sqmnoopt04.sqm 2008-09-09 17:16 . 2008-09-09 17:16 244 --ah----- C:\sqmnoopt03.sqm 2008-09-09 17:16 . 2008-09-09 17:16 232 --ah----- C:\sqmdata04.sqm 2008-09-09 17:16 . 2008-09-09 17:16 232 --ah----- C:\sqmdata03.sqm 2008-09-09 17:15 . 2008-09-09 17:15 <DIR> d-------- C:\Documents and Settings\Ragnar\Application Data\ATI 2008-09-08 23:19 . 2008-09-08 23:19 <DIR> d-------- C:\Program Files\SolAds Games Collection 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\Video Hardware Drivers 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\Startup Project 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\MIDI Drivers 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\HTML_ASSETS 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\Grooves 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\FileIO Plug-Ins 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\Audio Hardware Drivers 2008-09-08 23:00 . 2008-09-08 23:00 <DIR> d-------- C:\Program Files\Sonic Foundry Setup 2008-09-05 16:20 . 2008-09-08 00:02 <DIR> d-------- C:\Documents and Settings\Haraldur\Application Data\SPORE 2008-09-05 16:17 . 2008-09-05 16:17 <DIR> d-------- C:\ProgramData 2008-09-04 12:02 . 2008-09-04 12:18 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-09-14 12:47 --------- d-----w C:\Documents and Settings\Haraldur\Application Data\AVG7 2008-09-13 01:57 --------- d-----w C:\Documents and Settings\Haraldur\Application Data\wsInspector 2008-09-10 19:01 --------- d-----w C:\Documents and Settings\Ragnar\Application Data\LimeWire 2008-09-08 23:08 --------- d-----w C:\Program Files\Sony 2008-09-06 09:17 --------- d-----w C:\Program Files\Apple Software Update 2008-09-05 16:20 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-09-05 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-05 16:18 --------- d-----w C:\Program Files\Electronic Arts 2008-08-25 18:07 --------- d-----w C:\Program Files\D2 2008-08-13 13:25 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-08-13 13:25 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-08-13 13:25 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-08-13 13:13 94,208 ----a-w C:\WINDOWS\DIIUnin.exe 2008-08-13 13:13 2,829 ----a-w C:\WINDOWS\DIIUnin.pif 2008-08-13 12:54 --------- d-----w C:\Program Files\Diablo II 2008-08-02 10:02 --------- d-----w C:\Program Files\iTunes 2008-08-02 10:02 --------- d-----w C:\Program Files\iPod 2008-07-26 22:37 --------- d-----w C:\Program Files\LimeWire 2008-07-26 22:36 --------- d-----w C:\Documents and Settings\Ragnar\Application Data\AVG7 2008-07-24 12:59 --------- d-----w C:\Program Files\MSN Messenger 2008-07-24 05:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-24 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS 2008-07-19 10:01 --------- d-----w C:\Program Files\Bonjour 2008-07-19 10:00 --------- d-----w C:\Program Files\QuickTime 2008-07-18 22:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 22:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 22:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 22:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 22:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 22:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 22:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 22:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 22:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 22:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-13 16:21 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-01-10 23:37 22,328 ----a-w C:\Documents and Settings\Haraldur\Application Data\PnkBstrK.sys 2007-12-10 20:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2006-07-23 12:59 0 ----a-w C:\Documents and Settings\Haraldur\TRACE_BOOT_1_1.BIN 2004-10-22 15:05 4,128,256 ----a-w C:\Documents and Settings\Ragnar\acid50.exe 2004-10-22 15:00 946,176 ----a-w C:\Documents and Settings\Ragnar\sfvstwrap.dll 2004-10-22 15:00 2,756,608 ----a-w C:\Documents and Settings\Ragnar\acid50k.dll 2004-10-22 14:52 516,096 ----a-w C:\Documents and Settings\Ragnar\sfnetmedia.dll 2004-10-22 14:52 1,581,056 ----a-w C:\Documents and Settings\Ragnar\sfs4rw.dll 2004-10-22 14:51 937,984 ----a-w C:\Documents and Settings\Ragnar\sfmarket2.dll 2004-10-22 14:51 487,424 ----a-w C:\Documents and Settings\Ragnar\sfpublish.dll 2004-10-22 14:51 212,992 ----a-w C:\Documents and Settings\Ragnar\sfconfigmgr.dll 2004-10-22 14:48 655,360 ----a-w C:\Documents and Settings\Ragnar\sfcdx.dll 2004-10-22 14:47 73,728 ----a-w C:\Documents and Settings\Ragnar\sfspti.dll 2004-10-22 14:47 589,824 ----a-w C:\Documents and Settings\Ragnar\sfcdi.dll 2004-10-22 14:47 19,456 ----a-w C:\Documents and Settings\Ragnar\sfscsi.dll 2004-10-22 14:47 13,824 ----a-w C:\Documents and Settings\Ragnar\sfspti2.dll 2004-10-15 13:18 3,427 ----a-w C:\Documents and Settings\Ragnar\acid50.zip 2004-10-01 22:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2004-05-10 15:43 49,152 ----a-w C:\Documents and Settings\Ragnar\OpcPcmImporter.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-13_ 9.42.05.15 ))))))))))))))))))))))))))))))))))))))))) . + 2007-04-19 13:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403119 00063D11C8EF10054038389C\11.0.8173\IETAG.DLL - 2008-08-15 03:02:10 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2008-09-14 09:57:03 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2008-08-15 03:02:18 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-09-14 09:56:55 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-08-15 03:02:18 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-09-14 09:56:55 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-08-15 03:02:18 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-09-14 09:56:55 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-08-15 03:02:18 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-09-14 09:56:55 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-08-15 03:02:18 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-09-14 09:56:55 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-08-15 03:02:18 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-09-14 09:56:55 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-08-15 03:02:18 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-09-14 09:56:55 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-08-15 03:02:18 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-09-14 09:56:55 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-08-15 03:02:18 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-09-14 09:56:55 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2008-08-15 03:02:11 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe + 2008-09-14 09:57:08 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe - 2008-06-13 16:03:29 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe + 2008-09-13 09:56:43 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe + 2008-04-15 17:54:19 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-10-08 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 C:\WINDOWS\SOUNDMAN.EXE] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-07 219136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-05-04 434176] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---h----- 2006-07-08 05:18 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"= "C:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 31744] S3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr .sys [2005-09-27 27328] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 61600] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 9360] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 97184] S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 88688] S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 86560] S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.s ys [2005-08-16 278016] S3 ZD1211U(PLANET Technology Corp.);PLANET WL-U356A Driver(PLANET Technology Corp.);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016] S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\system32\ZDBRGSYS.SYS [2004-06-30 19200] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e83ff8f7-097b-11dc-88e0-00304f4b041f}] \Shell\Auto\command - RavMon.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e . Contents of the 'Scheduled Tasks' folder . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-15 16:36:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-09-15 16:44:58 ComboFix-quarantined-files.txt 2008-09-15 16:44:45 ComboFix2.txt 2008-09-14 23:54:26 ComboFix3.txt 2008-09-13 09:42:22 Pre-Run: 26,799,128,576 bytes free Post-Run: 26,783,391,744 bytes free 227 --- E O F --- 2008-09-14 09:57:08 |
|
#23
September 15th, 2008, 05:48 PM
|
|||
|
|||
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46, on 2008-09-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?7fac99367c6a40b6ae765cc10735b1c9 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?7fac99367c6a40b6ae765cc10735b1c9 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: digiSPTIService - Unknown owner - C:\Documents and Settings\Haraldur\Desktop\Ragnar\Digidesign\Pro Tools\digiSPTIService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 6448 bytes |
|
#24
September 15th, 2008, 07:54 PM
|
||||
|
||||
|
Hmm the registry entries are still there. Did you copy the entire script? Please run ComboFix again but this time use the below script.
Code:
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{7E853D72-626A-48EC-A868-BA8D5E23E045}=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e83ff8f7-097b-11dc-88e0-00304f4b041f}]
|
|
#25
September 15th, 2008, 08:48 PM
|
|||
|
|||
|
Strangely enough, looks like they still have not been deleted:
ComboFix 08-09-15.01 - Haraldur 2008-09-15 19:45:43.7 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1664 [GMT 0:00] Running from: C:\ComboFix.exe Command switches used :: C:\Documents and Settings\Haraldur\Desktop\Anti-Malware\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 ))))))))))))))))))))))))))))))) . 2008-09-15 18:40 . 2008-09-15 18:40 268 --ah----- C:\sqmdata11.sqm 2008-09-15 18:40 . 2008-09-15 18:40 244 --ah----- C:\sqmnoopt11.sqm 2008-09-14 10:05 . 2008-09-14 10:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-14 10:05 . 2008-09-14 10:05 <DIR> d-------- C:\Documents and Settings\Haraldur\Application Data\Malwarebytes 2008-09-14 10:05 . 2008-09-14 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-14 10:05 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-14 10:05 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-13 18:13 . 2008-09-13 18:13 268 --ah----- C:\sqmdata10.sqm 2008-09-13 18:13 . 2008-09-13 18:13 244 --ah----- C:\sqmnoopt10.sqm 2008-09-13 09:12 . 2008-09-15 19:44 2,852,559 -ra------ C:\ComboFix.exe 2008-09-12 15:15 . 2008-09-12 15:15 268 --ah----- C:\sqmdata08.sqm 2008-09-12 15:15 . 2008-09-12 15:15 244 --ah----- C:\sqmnoopt09.sqm 2008-09-12 15:15 . 2008-09-12 15:15 244 --ah----- C:\sqmnoopt08.sqm 2008-09-12 15:15 . 2008-09-12 15:15 232 --ah----- C:\sqmdata09.sqm 2008-09-11 19:17 . 2008-09-11 19:17 268 --ah----- C:\sqmdata07.sqm 2008-09-11 19:17 . 2008-09-11 19:17 244 --ah----- C:\sqmnoopt07.sqm 2008-09-10 18:42 . 2008-09-10 18:42 268 --ah----- C:\sqmdata06.sqm 2008-09-10 18:42 . 2008-09-10 18:42 244 --ah----- C:\sqmnoopt06.sqm 2008-09-09 18:20 . 2008-09-09 18:20 93 --a------ C:\WINDOWS\wininit.ini 2008-09-09 18:02 . 2008-09-09 18:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-09-09 18:02 . 2008-09-09 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-09 17:26 . 2008-09-10 19:01 <DIR> d-------- C:\Documents and Settings\Ragnar\Incomplete 2008-09-09 17:24 . 2008-09-09 17:24 268 --ah----- C:\sqmdata05.sqm 2008-09-09 17:24 . 2008-09-09 17:24 244 --ah----- C:\sqmnoopt05.sqm 2008-09-09 17:16 . 2008-09-09 17:16 244 --ah----- C:\sqmnoopt04.sqm 2008-09-09 17:16 . 2008-09-09 17:16 244 --ah----- C:\sqmnoopt03.sqm 2008-09-09 17:16 . 2008-09-09 17:16 232 --ah----- C:\sqmdata04.sqm 2008-09-09 17:16 . 2008-09-09 17:16 232 --ah----- C:\sqmdata03.sqm 2008-09-09 17:15 . 2008-09-09 17:15 <DIR> d-------- C:\Documents and Settings\Ragnar\Application Data\ATI 2008-09-08 23:19 . 2008-09-08 23:19 <DIR> d-------- C:\Program Files\SolAds Games Collection 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\Video Hardware Drivers 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\Startup Project 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\MIDI Drivers 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\HTML_ASSETS 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\Grooves 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\FileIO Plug-Ins 2008-09-08 23:12 . 2008-09-08 23:12 <DIR> d-------- C:\Documents and Settings\Ragnar\Audio Hardware Drivers 2008-09-08 23:00 . 2008-09-08 23:00 <DIR> d-------- C:\Program Files\Sonic Foundry Setup 2008-09-05 16:20 . 2008-09-08 00:02 <DIR> d-------- C:\Documents and Settings\Haraldur\Application Data\SPORE 2008-09-05 16:17 . 2008-09-05 16:17 <DIR> d-------- C:\ProgramData 2008-09-04 12:02 . 2008-09-04 12:18 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-09-14 12:47 --------- d-----w C:\Documents and Settings\Haraldur\Application Data\AVG7 2008-09-13 01:57 --------- d-----w C:\Documents and Settings\Haraldur\Application Data\wsInspector 2008-09-10 19:01 --------- d-----w C:\Documents and Settings\Ragnar\Application Data\LimeWire 2008-09-08 23:08 --------- d-----w C:\Program Files\Sony 2008-09-06 09:17 --------- d-----w C:\Program Files\Apple Software Update 2008-09-05 16:20 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-09-05 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-05 16:18 --------- d-----w C:\Program Files\Electronic Arts 2008-08-25 18:07 --------- d-----w C:\Program Files\D2 2008-08-13 13:25 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-08-13 13:25 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-08-13 13:25 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-08-13 13:13 94,208 ----a-w C:\WINDOWS\DIIUnin.exe 2008-08-13 13:13 2,829 ----a-w C:\WINDOWS\DIIUnin.pif 2008-08-13 12:54 --------- d-----w C:\Program Files\Diablo II 2008-08-02 10:02 --------- d-----w C:\Program Files\iTunes 2008-08-02 10:02 --------- d-----w C:\Program Files\iPod 2008-07-26 22:37 --------- d-----w C:\Program Files\LimeWire 2008-07-26 22:36 --------- d-----w C:\Documents and Settings\Ragnar\Application Data\AVG7 2008-07-24 12:59 --------- d-----w C:\Program Files\MSN Messenger 2008-07-24 05:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-24 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS 2008-07-19 10:01 --------- d-----w C:\Program Files\Bonjour 2008-07-19 10:00 --------- d-----w C:\Program Files\QuickTime 2008-07-18 22:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 22:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 22:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 22:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 22:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 22:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 22:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 22:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 22:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 22:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-13 16:21 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-01-10 23:37 22,328 ----a-w C:\Documents and Settings\Haraldur\Application Data\PnkBstrK.sys 2007-12-10 20:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2006-07-23 12:59 0 ----a-w C:\Documents and Settings\Haraldur\TRACE_BOOT_1_1.BIN 2004-10-22 15:05 4,128,256 ----a-w C:\Documents and Settings\Ragnar\acid50.exe 2004-10-22 15:00 946,176 ----a-w C:\Documents and Settings\Ragnar\sfvstwrap.dll 2004-10-22 15:00 2,756,608 ----a-w C:\Documents and Settings\Ragnar\acid50k.dll 2004-10-22 14:52 516,096 ----a-w C:\Documents and Settings\Ragnar\sfnetmedia.dll 2004-10-22 14:52 1,581,056 ----a-w C:\Documents and Settings\Ragnar\sfs4rw.dll 2004-10-22 14:51 937,984 ----a-w C:\Documents and Settings\Ragnar\sfmarket2.dll 2004-10-22 14:51 487,424 ----a-w C:\Documents and Settings\Ragnar\sfpublish.dll 2004-10-22 14:51 212,992 ----a-w C:\Documents and Settings\Ragnar\sfconfigmgr.dll 2004-10-22 14:48 655,360 ----a-w C:\Documents and Settings\Ragnar\sfcdx.dll 2004-10-22 14:47 73,728 ----a-w C:\Documents and Settings\Ragnar\sfspti.dll 2004-10-22 14:47 589,824 ----a-w C:\Documents and Settings\Ragnar\sfcdi.dll 2004-10-22 14:47 19,456 ----a-w C:\Documents and Settings\Ragnar\sfscsi.dll 2004-10-22 14:47 13,824 ----a-w C:\Documents and Settings\Ragnar\sfspti2.dll 2004-10-15 13:18 3,427 ----a-w C:\Documents and Settings\Ragnar\acid50.zip 2004-10-01 22:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2004-05-10 15:43 49,152 ----a-w C:\Documents and Settings\Ragnar\OpcPcmImporter.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-13_ 9.42.05.15 ))))))))))))))))))))))))))))))))))))))))) . + 2007-04-19 13:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403119 00063D11C8EF10054038389C\11.0.8173\IETAG.DLL - 2008-08-15 03:02:10 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2008-09-14 09:57:03 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2008-08-15 03:02:18 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-09-14 09:56:55 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-08-15 03:02:18 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-09-14 09:56:55 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-08-15 03:02:18 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-09-14 09:56:55 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-08-15 03:02:18 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-09-14 09:56:55 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-08-15 03:02:18 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-09-14 09:56:55 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-08-15 03:02:18 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-09-14 09:56:55 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-08-15 03:02:18 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-09-14 09:56:55 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-08-15 03:02:18 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-09-14 09:56:55 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-08-15 03:02:18 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-09-14 09:56:55 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2008-08-15 03:02:11 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe + 2008-09-14 09:57:08 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe - 2008-06-13 16:03:29 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe + 2008-09-13 09:56:43 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe + 2008-04-15 17:54:19 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-10-08 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 C:\WINDOWS\SOUNDMAN.EXE] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-07 219136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-05-04 434176] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---h----- 2006-07-08 05:18 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"= "C:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 31744] S3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr .sys [2005-09-27 27328] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 61600] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 9360] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 97184] S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 88688] S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 86560] S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.s ys [2005-08-16 278016] S3 ZD1211U(PLANET Technology Corp.);PLANET WL-U356A Driver(PLANET Technology Corp.);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016] S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\system32\ZDBRGSYS.SYS [2004-06-30 19200] . Contents of the 'Scheduled Tasks' folder . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-15 19:46:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************** ************************ . Completion time: 2008-09-15 19:49:09 ComboFix-quarantined-files.txt 2008-09-15 19:48:07 ComboFix2.txt 2008-09-15 16:44:59 ComboFix3.txt 2008-09-14 23:54:26 ComboFix4.txt 2008-09-13 09:42:22 Pre-Run: 26,768,830,464 bytes free Post-Run: 26,754,506,752 bytes free 217 --- E O F --- 2008-09-14 09:57:08 Just so this is 100% clear, I make a notepad document, copy and paste the entirety of the text inside the code boxes into notepad, 'save as' the file as CFScript.txt, then drag and drop the saved file straight into ComboFix, which then runs, most of the time needs to be updated, and then saves the log. I guess this is about to get much more interesting and fun now, at the very least most of the symptoms are gone and the computer seems to be back to normal. Last edited by UgaUga; September 15th, 2008 at 09:05 PM. |
|
#26
September 16th, 2008, 02:46 AM
|
||||
|
||||
|
Yes that's right and it did remove the registry key that I was concerned about so that's fine now.
I want to be sure that nothing else is lurking so it would be a good idea to run an online antivirus scanner. First go here and download ATF cleaner. Use it to remove all Temp Files, Cookies and Temp Internet Files, Java Cache and any others that you would like to remove. If you also use Opera or Firefox, also click on the cleaning options for each browser. Next, disable your antivirus program. To be able to run BitDefender, you will have to disable Resident/Realtime Protection and also disable any Network or Web Scanner. You may have to consult your Help files to find out how to do this. Now go here and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. When BitDefender completes the scan, click on "More Details" if present and select the "Detected Problems" tab. Click on "Click here to export scan". Where it says filename, type BD and save the file as an HTML to your Desktop. You will get a message saying that "The scan results were successfully saved". Click ok. Next click on the saved file and allow it to open with your browser. Go to Edit > Select All then copy the log and paste it back here. |
|
#27
September 16th, 2008, 07:56 PM
|
|||
|
|||
|
Guess there was still a lot more on the computer then I would of thought, and I definitely need to talk to my brother about his download habits:
BitDefender Online Scanner Scan report generated at: Tue, Sep 16, 2008 - 18:24:28 Scan path: A:\;C:\;D:\;E:\; Statistics Time 02:27:48 Files 714741 Folders 16225 Boot Sectors 0 Archives 8418 Packed Files 23284 Results Identified Viruses 23 Infected Files 44 Suspect Files 7 Warnings 0 Disinfected 0 Deleted Files 48 Engines Info Virus Definitions 1760166 Engine build AVCORE v1.7 (build 8314.19) (i386) (Sep 10 2008 19:37:42) Scan plugins 16 Archive plugins 43 Unpack plugins 7 E-mail plugins 6 System plugins 4 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\$VAULT$.AVG\00769937.FIL Infected with: Trojan.Vundo.DVO C:\$VAULT$.AVG\00769937.FIL Disinfection failed C:\$VAULT$.AVG\00769937.FIL Deleted C:\$VAULT$.AVG\13688906.FIL Infected with: Trojan.Vundo.DVO C:\$VAULT$.AVG\13688906.FIL Disinfection failed C:\$VAULT$.AVG\13688906.FIL Deleted C:\Documents and Settings\Haraldur\Desktop\Downloads\MediaTubeCodec .exe Infected with: Trojan.Zlob.17326 C:\Documents and Settings\Haraldur\Desktop\Downloads\MediaTubeCodec .exe Deleted C:\Documents and Settings\Haraldur\Desktop\Downloads\tqtrn5.zip=>pd train.exe Infected with: Backdoor.Generic.38782 C:\Documents and Settings\Haraldur\Desktop\Downloads\tqtrn5.zip=>pd train.exe Deleted C:\Documents and Settings\Haraldur\Desktop\Downloads\tqtrn5.zip Updated C:\Documents and Settings\Haraldur\Desktop\Ragnar\eMule\Incoming\Al l New Digi Design Digidesign Protools Pro Tools Plugins Rtas Audio Suite Inc Sound Replacer Waves v5(1).rar=>ProTools Plugins\IZotope Spectron DX VST RTAS v1.04 incl KeyGen-H2O\spectron_keygen.exe Infected with: Trojan.Packed.5763 C:\Documents and Settings\Haraldur\Desktop\Ragnar\eMule\Incoming\Al l New Digi Design Digidesign Protools Pro Tools Plugins Rtas Audio Suite Inc Sound Replacer Waves v5(1).rar=>ProTools Plugins\IZotope Spectron DX VST RTAS v1.04 incl KeyGen-H2O\spectron_keygen.exe Deleted C:\Documents and Settings\Haraldur\Desktop\Ragnar\eMule\Incoming\Al l New Digi Design Digidesign Protools Pro Tools Plugins Rtas Audio Suite Inc Sound Replacer Waves v5(1).rar Update failed C:\Documents and Settings\Haraldur\Desktop\Ragnar\eMule\Incoming\Al l New Digi Design Digidesign Protools Pro Tools Plugins Rtas Audio Suite Inc Sound Replacer Waves v5(1).rar=>ProTools Plugins\IZotope.Trash.DX.VST.RTAS.v1.04.incl.KeyGe n-H2O\trash_keygen.exe Infected with: Trojan.Packed.5150 C:\Documents and Settings\Haraldur\Desktop\Ragnar\eMule\Incoming\Al l New Digi Design Digidesign Protools Pro Tools Plugins Rtas Audio Suite Inc Sound Replacer Waves v5(1).rar=>ProTools Plugins\IZotope.Trash.DX.VST.RTAS.v1.04.incl.KeyGe n-H2O\trash_keygen.exe Deleted C:\Documents and Settings\Haraldur\Desktop\Ragnar\eMule\Incoming\Al l New Digi Design Digidesign Protools Pro Tools Plugins Rtas Audio Suite Inc Sound Replacer Waves v5(1).rar Update failed C:\Documents and Settings\Haraldur\Desktop\Ragnar\eMule\Incoming\Al l New Digi Design Digidesign Protools Pro Tools Plugins Rtas Audio Suite Inc Sound Replacer Waves v5.rar=>ProTools Plugins\IZotope Spectron DX VST RTAS v1.04 incl KeyGen-H2O\spectron_keygen.exe Infected with: Trojan.Packed.5763 C:\Documents and Settings\Haraldur\Desktop\Ragnar\eMule\Incoming\Al l New Digi Design Digidesign Protools Pro Tools Plugins Rtas Audio Suite Inc Sound Replacer Waves v5.rar=>ProTools Plugins\IZotope Spectron DX VST RTAS v1.04 incl KeyGen-H2O\spectron_keygen.exe Deleted C:\Documents and Settings\Haraldur\Desktop\Ragnar\eMule\Incoming\Al l New Digi Design Digidesign Protools Pro Tools Plugins Rtas Audio Suite Inc Sound Replacer Waves v5.rar Update failed C:\Documents and Settings\Haraldur\Desktop\Ragnar\eMule\Incoming\Al l New Digi Design Digidesign Protools Pro Tools Plugins Rtas Audio Suite Inc Sound Replacer Waves v5.rar=>ProTools Plugins\IZotope.Trash.DX.VST.RTAS.v1.04.incl.KeyGe n-H2O\trash_keygen.exe Infected with: Trojan.Packed.5150 C:\Documents and Settings\Haraldur\Desktop\Ragnar\eMule\Incoming\Al l New Digi Design Digidesign Protools Pro Tools Plugins Rtas Audio Suite Inc Sound Replacer Waves v5.rar=>ProTools Plugins\IZotope.Trash.DX.VST.RTAS.v1.04.incl.KeyGe n-H2O\trash_keygen.exe Deleted C:\Documents and Settings\Haraldur\Desktop\Ragnar\eMule\Incoming\Al l New Digi Design Digidesign Protools Pro Tools Plugins Rtas Audio Suite Inc Sound Replacer Waves v5.rar Update failed C:\Documents and Settings\Haraldur\Shared\Newish\Fountains Of Wayne - Hey Julie.mp3 Infected with: Trojan.Downloader.WMA.Wimad.Z C:\Documents and Settings\Haraldur\Shared\Newish\Fountains Of Wayne - Hey Julie.mp3 Deleted C:\Documents and Settings\Haraldur\Shared\Newish\happy go lucky me.mp3 Infected with: Trojan.Downloader.WMA.Wimad.N C:\Documents and Settings\Haraldur\Shared\Newish\happy go lucky me.mp3 Deleted C:\Documents and Settings\Haraldur\Shared\Newish\off tour riot squad.mp3 Infected with: Trojan.Downloader.Wimad.A C:\Documents and Settings\Haraldur\Shared\Newish\off tour riot squad.mp3 Deleted C:\Documents and Settings\Haraldur\Shared\Newish\Setup.exe Infected with: Backdoor.Agent.VB.S C:\Documents and Settings\Haraldur\Shared\Newish\Setup.exe Disinfection failed C:\Documents and Settings\Haraldur\Shared\Newish\Setup.exe Deleted C:\Documents and Settings\Haraldur\Shared\Newish\Sony Acid Music Studio 7.0.zip=>Setup.exe Infected with: Trojan.Generic.64484 C:\Documents and Settings\Haraldur\Shared\Newish\Sony Acid Music Studio 7.0.zip=>Setup.exe Deleted C:\Documents and Settings\Haraldur\Shared\Newish\Sony Acid Music Studio 7.0.zip Updated C:\Documents and Settings\Haraldur\Shared\Newish\Sony ACID Pro 6.0 Generator Of Keys.zip=>Setup.exe Infected with: Backdoor.Agent.VB.S C:\Documents and Settings\Haraldur\Shared\Newish\Sony ACID Pro 6.0 Generator Of Keys.zip=>Setup.exe Disinfection failed C:\Documents and Settings\Haraldur\Shared\Newish\Sony ACID Pro 6.0 Generator Of Keys.zip=>Setup.exe Deleted C:\Documents and Settings\Haraldur\Shared\Newish\Sony ACID Pro 6.0 Generator Of Keys.zip Updated C:\Program Files\Mozilla Firefox\components\nsbomh.dll Detected with: Adware.Fotomoto.Gen C:\Program Files\Mozilla Firefox\components\nsbomh.dll Disinfection failed C:\Program Files\Mozilla Firefox\components\nsbomh.dll Delete failed C:\QooBox\Quarantine\C\Program Files\PremierOpinion\pmai.dll.vir Detected with: Adware.PremierOpinion.A C:\QooBox\Quarantine\C\Program Files\PremierOpinion\pmai.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\84.exe.vir Detected with: Adware.Zeno.S C:\QooBox\Quarantine\C\WINDOWS\84.exe.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\DWrvg.exe.vir=>(NSI S o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0002 Infected with: Trojan.Clicker.MQQ C:\QooBox\Quarantine\C\WINDOWS\DWrvg.exe.vir=>(NSI S o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0002 Deleted C:\QooBox\Quarantine\C\WINDOWS\DWrvg.exe.vir=>(NSI S o)=>lzma_nsis0005=>(NSIS o) Update failed C:\QooBox\Quarantine\C\WINDOWS\faceback.exe.vir Infected with: Trojan.Agent.BAMX C:\QooBox\Quarantine\C\WINDOWS\faceback.exe.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\faceback.exe.vir Delete failed C:\QooBox\Quarantine\C\WINDOWS\mbd232.exe.vir Detected with: Adware.Mirar.AN C:\QooBox\Quarantine\C\WINDOWS\mbd232.exe.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\dwwnw64r.e xe.vir Detected with: Adware.Zeno.S C:\QooBox\Quarantine\C\WINDOWS\system32\dwwnw64r.e xe.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe. vir=>(NSIS o)=>lzma_solid_nsis0002 Infected with: Trojan.Generic.659043 C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe. vir=>(NSIS o)=>lzma_solid_nsis0002 Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe. vir=>(NSIS o) Update failed C:\QooBox\Quarantine\C\WINDOWS\system32\lcntstdl.e xe.vir Infected with: Trojan.Downloader.Agent.ZPK C:\QooBox\Quarantine\C\WINDOWS\system32\lcntstdl.e xe.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\mC02\mC022 328.exe.vir Suspected of: Trojan.Downloader.JKGI C:\QooBox\Quarantine\C\WINDOWS\system32\mC02\mC022 328.exe.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\mC02\mC022 328.exe.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\nss89F.dll .vir Detected with: Adware.Fotomoto.Gen C:\QooBox\Quarantine\C\WINDOWS\system32\nss89F.dll .vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\nss89F.dll .vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\pac.txt.vi r Infected with: Trojan.Downloader.VB.VPG C:\QooBox\Quarantine\C\WINDOWS\system32\pac.txt.vi r Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\rmwnw64j.e xe.vir Detected with: Adware.Zeno.S C:\QooBox\Quarantine\C\WINDOWS\system32\rmwnw64j.e xe.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\sl5\ATV510 5nt.exe.vir Detected with: Adware.Generic.33257 C:\QooBox\Quarantine\C\WINDOWS\system32\sl5\ATV510 5nt.exe.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\sl5\ATV510 5nt.exe.vir Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP218\A0032059.dll Detected with: Adware.Rotator.G C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP218\A0032059.dll Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP218\A0032060.dll Infected with: Trojan.Generic.659043 C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP218\A0032060.dll Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP218\A0032061.exe Detected with: Adware.Generic.36554 C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP218\A0032061.exe Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP218\A0032104.exe Suspected of: Trojan.Downloader.JKGI C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP218\A0032104.exe Disinfection failed C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP218\A0032104.exe Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP219\A0034074.exe Suspected of: Trojan.Downloader.JKGI C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP219\A0034074.exe Disinfection failed C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP219\A0034074.exe Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP220\A0036104.dll Infected with: Trojan.Generic.659043 C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP220\A0036104.dll Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP220\A0039216.exe Suspected of: Trojan.Downloader.JKGI C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP220\A0039216.exe Disinfection failed C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP220\A0039216.exe Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP221\A0042216.exe Suspected of: Trojan.Downloader.JKGI C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP221\A0042216.exe Disinfection failed C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP221\A0042216.exe Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042233.exe=>(NSIS o)=>lzma_solid_nsis0002 Infected with: Trojan.Generic.659043 C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042233.exe=>(NSIS o)=>lzma_solid_nsis0002 Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042233.exe=>(NSIS o) Update failed C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042234.exe Infected with: Trojan.Agent.BAMX C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042234.exe Disinfection failed C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042234.exe Delete failed C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042238.exe Detected with: Adware.Zeno.S C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042238.exe Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042239.exe Detected with: Adware.Zeno.S C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042239.exe Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042240.dll Detected with: Adware.Fotomoto.Gen C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042240.dll Disinfection failed C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042240.dll Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042241.exe Detected with: Adware.Zeno.S C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042241.exe Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042302.exe Detected with: Adware.Dropper.B C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0042302.exe Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0044296.exe Suspected of: Trojan.Downloader.JKGI C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0044296.exe Disinfection failed C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP222\A0044296.exe Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP225\A0045379.dll Detected with: Adware.PremierOpinion.A C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP225\A0045379.dll Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP225\A0045383.exe Suspected of: Trojan.Downloader.JKGI C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP225\A0045383.exe Disinfection failed C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP225\A0045383.exe Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP225\A0045386.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0002 Infected with: Trojan.Clicker.MQQ C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP225\A0045386.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0002 Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP225\A0045386.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o) Update failed C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP225\A0045387.exe Detected with: Adware.Mirar.AN C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP225\A0045387.exe Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP225\A0045391.exe Infected with: Trojan.Downloader.Agent.ZPK C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP225\A0045391.exe Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP227\A0046633.exe Infected with: Trojan.Zlob.17326 C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP227\A0046633.exe Deleted C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP227\A0046634.exe Infected with: Backdoor.Agent.VB.S C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP227\A0046634.exe Disinfection failed C:\System Volume Information\_restore{F803C7F9-1419-4963-B305-3AF249EB723B}\RP227\A0046634.exe Deleted |
|
#28
September 16th, 2008, 08:35 PM
|
||||
|
||||
|
Quote:
From our Terms of Service: We will NOT help anyone we suspect of having obtained their software illegally. In the instance that illegal software was downloaded and/or installed by a minor, friend, relative, Dad, Mom or someone other than the Owner, please refer them here for more information regarding software piracy. Topic closed. |
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Need help removing malware (HJT + malwarebytes antimalware logs inside) | sadgoat | Malware Removal | 14 | August 30th, 2009 09:01 PM |
| Malware? Virus? Trojan? (HJT, ewido logs inside) | AlphaShadow | Malware Removal | 4 | June 8th, 2006 02:59 AM |
| MALWARE! Please help! HJ This logfile inside! | bravesirrobin12 | Malware Removal | 17 | November 1st, 2005 01:01 AM |
| virus/malware inside explorer.exe? | cody1109 | Malware Removal | 12 | May 18th, 2005 10:55 PM |
| Need Help, Possible Trojan, HijackFile inside (please help if you can) | gfa202 | Malware Removal | 8 | April 14th, 2004 02:17 AM |
All times are GMT +1. The time now is 01:49 AM.