 |
 |
| 
sPideS
New Member
Date Joined Jun 2008
Total Posts : 7
| Posted 7-6-2008 2:26 (GMT +2) |   | Hi guys
I have the same problem as the jmac fella i believe, with my msn sending links to contacts such as see my myspace photos etc. I did a hijack this and have the logfile, but im a bit of a tard so hopefully someone here can analyse it for me. Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:52 PM, on 5/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lhhzcu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Video On-line - {741403DD-46A4-4D58-8FA7-427335C3BBF6} - C:\WINDOWS\system32\PowerVideo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lhhzcu] C:\WINDOWS\system32\lhhzcu.exe
O4 - HKLM\..\RunServices: [lhhzcu] C:\WINDOWS\system32\lhhzcu.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Amazon Unbox Video Service (r27h9nad9ke7r) - Unknown owner - C:\WINDOWS\system32\lhhzcu.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 10162 bytes | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 12798
| Posted 7-6-2008 2:53 (GMT +2) | | Hello 
Please download Combofix:
And save to the desktop.
Close all other browser windows.
Please connect all your external hard drive/flash drive before running Combofix
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When finished, it will produce a logfile located at C:\combofix.txt.
Post the contents of that log in your next reply with a new hijackthis log.
Please copy and paste your log files. DO NOT add it as an attachment
NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
sPideS
New Member
Date Joined Jun 2008
Total Posts : 7
| Posted 7-6-2008 3:12 (GMT +2) | | Ok thanks for your help Touch. Heres the logfile from the combofix
ComboFix 08-07-05.1 - Kieran 2008-07-06 22:58:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.994 [GMT 10:00]
Running from: C:\Documents and Settings\Kieran\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\Cache
.
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.
2008-07-06 22:21 . 2008-07-06 22:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 22:21 . 2008-07-06 22:21 <DIR> d-------- C:\Documents and Settings\Kieran\Application Data\SUPERAntiSpyware.com
2008-07-06 22:21 . 2008-07-06 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 22:46 . 2008-07-06 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-05 18:26 . 2008-07-05 18:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 17:28 . 2008-07-05 20:00 <DIR> d-------- C:\Documents and Settings\Kieran\Application Data\gtk-2.0
2008-07-05 17:25 . 2008-07-05 21:33 <DIR> d-------- C:\Documents and Settings\Kieran\Application Data\.purple
2008-07-05 17:24 . 2008-07-05 17:24 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-07-04 15:48 . 2008-07-04 15:50 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-07-04 13:22 . 2008-07-04 20:48 <DIR> d-------- C:\Documents and Settings\Kieran\.housecall6.6
2008-06-28 21:51 . 1998-05-07 10:57 143,872 --a------ C:\WINDOWS\system32\iacenc.dll
2008-06-28 21:50 . 2003-07-16 15:29 204,857 --a------ C:\WINDOWS\system32\InstallHelp.dll
2008-06-28 21:50 . 1999-05-07 00:00 198,640 --a------ C:\WINDOWS\system32\MCI32.OCX
2008-06-28 21:50 . 1999-05-07 01:00 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-06-28 21:50 . 2003-07-16 15:29 111,308 --a------ C:\WINDOWS\system32\GMTUninstall.exe
2008-06-28 21:50 . 2003-07-16 15:29 49,152 --a------ C:\WINDOWS\system32\WebLnchX.ocx
2008-06-27 16:37 . 2008-06-27 16:41 <DIR> d-------- C:\KEEN
2008-06-21 20:57 . 2008-06-21 20:56 233,984 --a------ C:\WINDOWS\system32\lhhzcu.exe
2008-06-17 16:06 . 2008-06-17 16:06 <DIR> d-------- C:\WINDOWS\Cache
2008-06-17 16:06 . 2006-11-01 15:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-17 16:06 . 1998-07-09 20:41 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2008-06-17 16:06 . 2006-11-01 15:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-17 16:06 . 2006-11-01 16:26 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-17 16:06 . 2004-03-09 11:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2008-06-17 16:05 . 2008-06-17 16:05 <DIR> d-------- C:\Program Files\Samsung
2008-06-17 16:05 . 2008-06-17 16:05 <DIR> d-------- C:\Documents and Settings\Siobhan\Application Data\InstallShield
2008-06-17 16:05 . 1998-03-04 11:40 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2008-06-11 13:10 . 2008-06-13 23:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:10 . 2008-06-13 23:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 12:51 --------- d-----w C:\Program Files\Steam
2008-07-06 12:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 12:13 --------- d-----w C:\Documents and Settings\Kieran\Application Data\Azureus
2008-07-06 03:37 --------- d-----w C:\Program Files\GameHouse
2008-07-06 02:56 --------- d-----w C:\Program Files\ShotOnline International
2008-07-05 09:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-05 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-07-04 03:08 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-04 03:05 --------- d-----w C:\Program Files\Windows Live
2008-07-04 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-27 06:24 --------- d-----w C:\Program Files\DivX
2008-06-23 10:16 --------- d-----w C:\Program Files\FrostWire
2008-06-21 08:04 --------- d-----w C:\Program Files\PPStream
2008-06-21 08:04 --------- d-----w C:\Documents and Settings\Kieran\Application Data\ppstream
2008-06-17 06:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-20 12:58 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-20 05:03 --------- d-----w C:\Program Files\Warcraft III
2008-05-14 11:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 06:35 --------- d-----w C:\Program Files\Pivot Stickfigure Animator
2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 03:35 827,392 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-20 07:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-09-18 03:46 336 ----a-w C:\Program Files\temp995.bat
2007-03-26 07:00 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-03-26 07:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-03-26 07:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007032620070327\index.dat
2007-03-26 07:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 14:04 1271032]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 17:20 222080]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-28 09:05 580096]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 11:19 223232]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"lhhzcu"="C:\WINDOWS\system32\lhhzcu.exe" [2008-06-21 20:56 233984]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 17:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"lhhzcu"="C:\WINDOWS\system32\lhhzcu.exe" [2008-06-21 20:56 233984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 13:59 219136]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
C:\Documents and Settings\Debra\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\William\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\Kieran\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
OneNote Table Of Contents.onetoc2 [2007-04-07 19:51:06 3656]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2008-03-13 18:59:11 311296]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Documents and Settings\\William\\My Documents\\My Music\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-05-18 23:34]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-05-12 17:17]
S2 r27h9nad9ke7r;Amazon Unbox Video Service;C:\WINDOWS\system32\lhhzcu.exe [2008-06-21 20:56]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 08:12:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKLM-Run-UDC Integration - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 23:02:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-06 23:02:49
ComboFix-quarantined-files.txt 2008-07-06 13:02:47
Pre-Run: 102,753,865,728 bytes free
Post-Run: 104,082,407,424 bytes free
168 --- E O F --- 2008-07-06 09:35:36
And heres the new hijackthis logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:33 PM, on 6/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lhhzcu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lhhzcu] C:\WINDOWS\system32\lhhzcu.exe
O4 - HKLM\..\RunServices: [lhhzcu] C:\WINDOWS\system32\lhhzcu.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Amazon Unbox Video Service (r27h9nad9ke7r) - Unknown owner - C:\WINDOWS\system32\lhhzcu.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 9962 bytes | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 12798
| Posted 7-6-2008 5:36 (GMT +2) | | Please download Malwarebytes' Anti-Malware:
to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Copy and Paste that log into your next reply, along with fresh combofix log.
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
sPideS
New Member
Date Joined Jun 2008
Total Posts : 7
| Posted 7-7-2008 3:04 (GMT +2) | | | Sorry that my replies take a long time. Im in Australia so due to timezones etc i may be asleep when you are awake. Ill post the new logs up soon | | Back to Top | | |
|
sPideS
New Member
Date Joined Jun 2008
Total Posts : 7
| Posted 7-7-2008 3:56 (GMT +2) | | Ok here are the 2 new logs
Malwarebytes' Anti-Malware 1.19
Database version: 929
Windows 5.1.2600 Service Pack 2
11:35:32 AM 7/07/2008
mbam-log-7-7-2008 (11-35-32).txt
Scan type: Full Scan (C:\|)
Objects scanned: 124759
Time elapsed: 30 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\powervideo.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{741403dd-46a4-4d58-8fa7-427335c3bbf6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f627a939-3f63-42e2-b77b-f733cb2439c9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{fadc335e-6a47-47ef-97b8-704c72d1e725} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\PowerVideo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{465D1F60-41B8-4273-9907-7A4BE15C5B7F}\RP638\A0098708.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{465D1F60-41B8-4273-9907-7A4BE15C5B7F}\RP638\A0098709.exe (Adware.Agent) -> Quarantined and deleted successfully.
ComboFix 08-07-05.1 - Kieran 2008-07-07 11:49:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.918 [GMT 10:00]
Running from: C:\Documents and Settings\Kieran\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.
2008-07-07 11:13 . 2008-07-07 11:13 133,632 --a------ C:\WINDOWS\system32\rakoo.exe
2008-07-07 11:13 . 2008-07-07 11:13 133,632 --a------ C:\WINDOWS\system32\pyvuzyf.exe
2008-07-07 11:02 . 2008-07-07 11:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 11:02 . 2008-07-07 11:02 <DIR> d-------- C:\Documents and Settings\Kieran\Application Data\Malwarebytes
2008-07-07 11:02 . 2008-07-07 11:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-07 11:02 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-07 11:02 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-06 22:21 . 2008-07-06 22:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 22:21 . 2008-07-06 22:21 <DIR> d-------- C:\Documents and Settings\Kieran\Application Data\SUPERAntiSpyware.com
2008-07-06 22:21 . 2008-07-06 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 22:46 . 2008-07-06 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-05 18:26 . 2008-07-05 18:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 17:28 . 2008-07-05 20:00 <DIR> d-------- C:\Documents and Settings\Kieran\Application Data\gtk-2.0
2008-07-05 17:25 . 2008-07-05 21:33 <DIR> d-------- C:\Documents and Settings\Kieran\Application Data\.purple
2008-07-05 17:24 . 2008-07-05 17:24 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-07-04 15:48 . 2008-07-04 15:50 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-07-04 13:22 . 2008-07-04 20:48 <DIR> d-------- C:\Documents and Settings\Kieran\.housecall6.6
2008-06-28 21:51 . 1998-05-07 10:57 143,872 --a------ C:\WINDOWS\system32\iacenc.dll
2008-06-28 21:50 . 2003-07-16 15:29 204,857 --a------ C:\WINDOWS\system32\InstallHelp.dll
2008-06-28 21:50 . 1999-05-07 00:00 198,640 --a------ C:\WINDOWS\system32\MCI32.OCX
2008-06-28 21:50 . 1999-05-07 01:00 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-06-28 21:50 . 2003-07-16 15:29 111,308 --a------ C:\WINDOWS\system32\GMTUninstall.exe
2008-06-28 21:50 . 2003-07-16 15:29 49,152 --a------ C:\WINDOWS\system32\WebLnchX.ocx
2008-06-27 16:37 . 2008-06-27 16:41 <DIR> d-------- C:\KEEN
2008-06-21 20:57 . 2008-06-21 20:56 233,984 --a------ C:\WINDOWS\system32\lhhzcu.exe
2008-06-17 16:06 . 2008-06-17 16:06 <DIR> d-------- C:\WINDOWS\Cache
2008-06-17 16:06 . 2006-11-01 15:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-17 16:06 . 1998-07-09 20:41 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2008-06-17 16:06 . 2006-11-01 15:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-17 16:06 . 2006-11-01 16:26 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-17 16:06 . 2004-03-09 11:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2008-06-17 16:05 . 2008-06-17 16:05 <DIR> d-------- C:\Program Files\Samsung
2008-06-17 16:05 . 2008-06-17 16:05 <DIR> d-------- C:\Documents and Settings\Siobhan\Application Data\InstallShield
2008-06-17 16:05 . 1998-03-04 11:40 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2008-06-11 13:10 . 2008-06-13 23:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:10 . 2008-06-13 23:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 23:40 --------- d-----w C:\Program Files\Steam
2008-07-06 12:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 12:13 --------- d-----w C:\Documents and Settings\Kieran\Application Data\Azureus
2008-07-06 03:37 --------- d-----w C:\Program Files\GameHouse
2008-07-06 02:56 --------- d-----w C:\Program Files\ShotOnline International
2008-07-05 09:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-05 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-07-04 03:08 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-04 03:05 --------- d-----w C:\Program Files\Windows Live
2008-07-04 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-27 06:24 --------- d-----w C:\Program Files\DivX
2008-06-23 10:16 --------- d-----w C:\Program Files\FrostWire
2008-06-21 08:04 --------- d-----w C:\Program Files\PPStream
2008-06-21 08:04 --------- d-----w C:\Documents and Settings\Kieran\Application Data\ppstream
2008-06-17 06:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-20 12:58 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-20 05:03 --------- d-----w C:\Program Files\Warcraft III
2008-05-14 11:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 06:35 --------- d-----w C:\Program Files\Pivot Stickfigure Animator
2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 03:35 827,392 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-20 07:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-09-18 03:46 336 ----a-w C:\Program Files\temp995.bat
2007-03-26 07:00 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-03-26 07:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-03-26 07:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007032620070327\index.dat
2007-03-26 07:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-07-06_23.02.39.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 12:51:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-06 23:40:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 14:04 1271032]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 17:20 222080]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-28 09:05 580096]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 11:19 223232]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"kooset"="C:\WINDOWS\system32\rakoo.exe" [2008-07-07 11:13 133632]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 17:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"kooset"="C:\WINDOWS\system32\rakoo.exe" [2008-07-07 11:13 133632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 13:59 219136]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
C:\Documents and Settings\Debra\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\William\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\Kieran\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
OneNote Table Of Contents.onetoc2 [2007-04-07 19:51:06 3656]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2008-03-13 18:59:11 311296]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Documents and Settings\\William\\My Documents\\My Music\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-05-18 23:34]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-05-12 17:17]
S2 tddduae2;BCL easyPDF SDK Loader;C:\WINDOWS\system32\pyvuzyf.exe [2008-07-07 11:13]
*Newly Created Service* - MBAMCATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 08:12:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 11:52:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-07 11:52:47
ComboFix-quarantined-files.txt 2008-07-07 01:52:44
ComboFix2.txt 2008-07-06 13:02:50
Pre-Run: 104,667,533,312 bytes free
Post-Run: 104,652,570,624 bytes free
173 --- E O F --- 2008-07-06 13:54:43 | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 12798
| Posted 7-7-2008 7:50 (GMT +2) | | |
Open notepad and copy/paste the text in the quote box below into it:
Quote:
-----------------------------------------------------
KILLALL::
Snapshot::
File::
C:\WINDOWS\system32\rakoo.exe
C:\WINDOWS\system32\pyvuzyf.exe
C:\WINDOWS\system32\lhhzcu.exe
C:\Program Files\temp995.bat
Folder::
C:\Documents and Settings\Kieran\Application Data\Azureus
C:\Program Files\FrostWire
Driver::
tddduae2
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kooset"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"kooset"=-
----------------------------------------------
Save this as CFScript.txt
At this point, You MUST EXIT ALL BROWSERS NOW before continuing!
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
Post new hijackthis log along with fresh combofix log
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
sPideS
New Member
Date Joined Jun 2008
Total Posts : 7
| Posted 7-7-2008 8:48 (GMT +2) | | Ok heres the new stuff
ComboFix 08-07-05.1 - Kieran 2008-07-07 16:36:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1042 [GMT 10:00]
Running from: C:\Documents and Settings\Kieran\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kieran\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Program Files\temp995.bat
C:\WINDOWS\system32\lhhzcu.exe
C:\WINDOWS\system32\pyvuzyf.exe
C:\WINDOWS\system32\rakoo.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Kieran\Application Data\Azureus
C:\Documents and Settings\Kieran\Application Data\Azureus\.keystore
C:\Documents and Settings\Kieran\Application Data\Azureus\active\cache.dat
C:\Documents and Settings\Kieran\Application Data\Azureus\azureus.config
C:\Documents and Settings\Kieran\Application Data\Azureus\azureus.config.bak
C:\Documents and Settings\Kieran\Application Data\Azureus\azureus.statistics
C:\Documents and Settings\Kieran\Application Data\Azureus\azureus.statistics.bak
C:\Documents and Settings\Kieran\Application Data\Azureus\dht\addresses.dat
C:\Documents and Settings\Kieran\Application Data\Azureus\dht\contacts.dat
C:\Documents and Settings\Kieran\Application Data\Azureus\dht\diverse.dat
C:\Documents and Settings\Kieran\Application Data\Azureus\dht\general.dat
C:\Documents and Settings\Kieran\Application Data\Azureus\dht\version.dat
C:\Documents and Settings\Kieran\Application Data\Azureus\downloads.config
C:\Documents and Settings\Kieran\Application Data\Azureus\downloads.config.bak
C:\Documents and Settings\Kieran\Application Data\Azureus\ipfilter.cache
C:\Documents and Settings\Kieran\Application Data\Azureus\logs\alerts_1.log
C:\Documents and Settings\Kieran\Application Data\Azureus\logs\AutoSpeed_1.log
C:\Documents and Settings\Kieran\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
C:\Documents and Settings\Kieran\Application Data\Azureus\logs\debug_1.log
C:\Documents and Settings\Kieran\Application Data\Azureus\logs\NetStatus_1.log
C:\Documents and Settings\Kieran\Application Data\Azureus\logs\seltrace_1.log
C:\Documents and Settings\Kieran\Application Data\Azureus\logs\SpeedMan_1.log
C:\Documents and Settings\Kieran\Application Data\Azureus\logs\thread_1.log
C:\Documents and Settings\Kieran\Application Data\Azureus\logs\thread_2.log
C:\Documents and Settings\Kieran\Application Data\Azureus\net\pm_4804.dat
C:\Documents and Settings\Kieran\Application Data\Azureus\plugins\azupnpav\plugin.properties
C:\Documents and Settings\Kieran\Application Data\Azureus\tables.config
C:\Documents and Settings\Kieran\Application Data\Azureus\tables.config.bak
C:\Documents and Settings\Kieran\Application Data\Azureus\tmp\AZU33456.tmp
C:\Documents and Settings\Kieran\Application Data\Azureus\tmp\AZU33457.tmp
C:\Documents and Settings\Kieran\Application Data\Azureus\tmp\AZU33458.tmp
C:\Documents and Settings\Kieran\Application Data\Azureus\tmp\AZU33459.tmp
C:\Documents and Settings\Kieran\Application Data\Azureus\tmp\AZU33460.tmp
C:\Documents and Settings\Kieran\Application Data\Azureus\tmp\AZU33461.tmp
C:\Documents and Settings\Kieran\Application Data\Azureus\tmp\AZU33462.tmp
C:\Documents and Settings\Kieran\Application Data\Azureus\tmp\AZU33463.tmp
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\_Doctor Who S04E09 Forest of the Dead [MM].avi [mininova].torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\_Doctor.Who.S04E03.WS.PDTV.XviD-ANGELiC.[eztv] [mininova].torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\_PCDVD - Star Wars Empire At War [English] [WwW.GamesTorrents.CoM] -_mininova.org_-.torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\AZU40276.tmp
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\AZU40280.tmp
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\Doctor Who 2005 3x01 Smith And Jones PROPER WS PDTV XviD-FoV [eztv].torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\Doctor Who S04E01 Partners in Crime [MM].avi [mininova].torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\Doctor Who S04E08 Silence in the Library [MM].avi [mininova].torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\Doctor Who S04E09 Forest of the Dead [MM].avi [mininova].torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\Doctor Who S04E12 WS PDTV XviD-ANGELiC [eztv].torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\Doctor.Who.2005.S04E06.Doctors.Daughter.WS.PDTV.XviD-MM.4182083.TPB.torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\Doctor.Who.S04E02.WS.PDTV.XviD-angelic [btarena.org].avi [mininova].torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\Doctor.Who.S04E03.WS.PDTV.XviD-ANGELiC.[eztv] [mininova].torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\Doctor.Who.S04E04.WS.PDTV.XviD-ANGELiC.[eztv] [mininova].torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\Doctor.Who.S04E05.WS.PDTV.XviD-AFFiNiTY.[VTV] [mininova].torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\Doctor.Who.S04E07.WS.PDTV.XviD-angelic [btarena.org].avi [mininova].torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\Doctor.Who.S04E10.WS.PDTV.XviD-RiVER.[eztv] [mininova].torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\Doctor.Who.S04E11.WS.PDTV.XviD-ANGELiC.[eztv] [mininova].torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\Doctor_Who_S04E13_-_Journey____s_End.4278611.TPB.torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\torrents\PCDVD - Star Wars Empire At War [English] [WwW.GamesTorrents.CoM] -_mininova.org_-.torrent
C:\Documents and Settings\Kieran\Application Data\Azureus\tracker.config
C:\Documents and Settings\Kieran\Application Data\Azureus\tracker.config.bak
C:\Documents and Settings\Kieran\Application Data\Azureus\update.log
C:\Documents and Settings\Kieran\Application Data\Azureus\update.properties
C:\Program Files\FrostWire
C:\Program Files\FrostWire\clink.jar
C:\Program Files\FrostWire\commons-httpclient.jar
C:\Program Files\FrostWire\commons-logging.jar
C:\Program Files\FrostWire\commons-net.jar
C:\Program Files\FrostWire\commons-pool.jar
C:\Program Files\FrostWire\daap.jar
C:\Program Files\FrostWire\EULA.txt
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\FrostWire\FrostWire.ico
C:\Program Files\FrostWire\FrostWire.jar
C:\Program Files\FrostWire\GPL2.txt
C:\Program Files\FrostWire\hashes
C:\Program Files\FrostWire\hs_err_pid1260.log
C:\Program Files\FrostWire\hs_err_pid1352.log
C:\Program Files\FrostWire\hs_err_pid256.log
C:\Program Files\FrostWire\hs_err_pid332.log
C:\Program Files\FrostWire\hs_err_pid4048.log
C:\Program Files\FrostWire\hs_err_pid408.log
C:\Program Files\FrostWire\hs_err_pid5108.log
C:\Program Files\FrostWire\hs_err_pid5508.log
C:\Program Files\FrostWire\i18n.jar
C:\Program Files\FrostWire\icu4j.jar
C:\Program Files\FrostWire\id3v2.jar
C:\Program Files\FrostWire\irc.jar
C:\Program Files\FrostWire\jcraft.jar
C:\Program Files\FrostWire\jdic.dll
C:\Program Files\FrostWire\jdic.jar
C:\Program Files\FrostWire\jdic_stub.jar
C:\Program Files\FrostWire\jl011.jar
C:\Program Files\FrostWire\jmdns.jar
C:\Program Files\FrostWire\jython.jar
C:\Program Files\FrostWire\log.txt
C:\Program Files\FrostWire\log4j.jar
C:\Program Files\FrostWire\log4j.properties
C:\Program Files\FrostWire\looks.jar
C:\Program Files\FrostWire\MessagesBundle.properties
C:\Program Files\FrostWire\MessagesBundles.jar
C:\Program Files\FrostWire\mp3sp14.jar
C:\Program Files\FrostWire\pmf.ico
C:\Program Files\FrostWire\ProgressTabs.jar
C:\Program Files\FrostWire\seenMessages.dat
C:\Program Files\FrostWire\SystemUtilities.dll
C:\Program Files\FrostWire\themes.jar
C:\Program Files\FrostWire\tray.dll
C:\Program Files\FrostWire\tritonus.jar
C:\Program Files\FrostWire\Uninstall.exe
C:\Program Files\FrostWire\update.ver
C:\Program Files\FrostWire\vorbis.jar
C:\Program Files\FrostWire\xml-apis.jar
C:\Program Files\FrostWire\xml.war
C:\Program Files\temp995.bat
C:\WINDOWS\system32\lhhzcu.exe
C:\WINDOWS\system32\pyvuzyf.exe
C:\WINDOWS\system32\rakoo.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_tddduae2
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.
2008-07-07 11:02 . 2008-07-07 11:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 11:02 . 2008-07-07 11:02 <DIR> d-------- C:\Documents and Settings\Kieran\Application Data\Malwarebytes
2008-07-07 11:02 . 2008-07-07 11:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-07 11:02 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-07 11:02 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-06 22:21 . 2008-07-06 22:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-06 22:21 . 2008-07-06 22:21 <DIR> d-------- C:\Documents and Settings\Kieran\Application Data\SUPERAntiSpyware.com
2008-07-06 22:21 . 2008-07-06 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 22:46 . 2008-07-06 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-05 18:26 . 2008-07-05 18:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 17:28 . 2008-07-05 20:00 <DIR> d-------- C:\Documents and Settings\Kieran\Application Data\gtk-2.0
2008-07-05 17:25 . 2008-07-05 21:33 <DIR> d-------- C:\Documents and Settings\Kieran\Application Data\.purple
2008-07-05 17:24 . 2008-07-05 17:24 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-07-04 15:48 . 2008-07-04 15:50 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-07-04 13:22 . 2008-07-04 20:48 <DIR> d-------- C:\Documents and Settings\Kieran\.housecall6.6
2008-06-28 21:51 . 1998-05-07 10:57 143,872 --a------ C:\WINDOWS\system32\iacenc.dll
2008-06-28 21:50 . 2003-07-16 15:29 204,857 --a------ C:\WINDOWS\system32\InstallHelp.dll
2008-06-28 21:50 . 1999-05-07 00:00 198,640 --a------ C:\WINDOWS\system32\MCI32.OCX
2008-06-28 21:50 . 1999-05-07 01:00 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-06-28 21:50 . 2003-07-16 15:29 111,308 --a------ C:\WINDOWS\system32\GMTUninstall.exe
2008-06-28 21:50 . 2003-07-16 15:29 49,152 --a------ C:\WINDOWS\system32\WebLnchX.ocx
2008-06-27 16:37 . 2008-06-27 16:41 <DIR> d-------- C:\KEEN
2008-06-17 16:06 . 2008-06-17 16:06 <DIR> d-------- C:\WINDOWS\Cache
2008-06-17 16:06 . 2006-11-01 15:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-17 16:06 . 1998-07-09 20:41 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2008-06-17 16:06 . 2006-11-01 15:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-17 16:06 . 2006-11-01 16:26 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-17 16:06 . 2004-03-09 11:39 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2008-06-17 16:05 . 2008-06-17 16:05 <DIR> d-------- C:\Program Files\Samsung
2008-06-17 16:05 . 2008-06-17 16:05 <DIR> d-------- C:\Documents and Settings\Siobhan\Application Data\InstallShield
2008-06-17 16:05 . 1998-03-04 11:40 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2008-06-11 13:10 . 2008-06-13 23:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:10 . 2008-06-13 23:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 06:39 --------- d-----w C:\Program Files\Steam
2008-07-07 05:31 --------- d-----w C:\Program Files\ShotOnline International
2008-07-06 12:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 03:37 --------- d-----w C:\Program Files\GameHouse
2008-07-05 09:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-05 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-07-04 03:08 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-04 03:05 --------- d-----w C:\Program Files\Windows Live
2008-07-04 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-27 06:24 --------- d-----w C:\Program Files\DivX
2008-06-21 08:04 --------- d-----w C:\Program Files\PPStream
2008-06-21 08:04 --------- d-----w C:\Documents and Settings\Kieran\Application Data\ppstream
2008-06-17 06:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 12:58 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-20 05:03 --------- d-----w C:\Program Files\Warcraft III
2008-05-14 11:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 06:35 --------- d-----w C:\Program Files\Pivot Stickfigure Animator
2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2007-10-20 07:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-03-26 07:00 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-03-26 07:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-03-26 07:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007032620070327\index.dat
2007-03-26 07:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 14:04 1271032]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 17:20 222080]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-28 09:05 580096]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 11:19 223232]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 17:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 13:59 219136]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
C:\Documents and Settings\Debra\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\William\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\Kieran\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
OneNote Table Of Contents.onetoc2 [2007-04-07 19:51:06 3656]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2008-03-13 18:59:11 311296]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Documents and Settings\\William\\My Documents\\My Music\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-05-18 23:34]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-05-12 17:17]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 08:12:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 16:39:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
* | |
| |
