Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #31  
Old September 13th, 2009, 03:01 PM
jingleberry's Avatar
jingleberry jingleberry is offline
Member
 
Join Date: Sep 2009
Posts: 67
when I do the command prompt it says access is denied, also, when I first psted this I had avira installed and I switched to avg.
Reply With Quote


  #32  
Old September 13th, 2009, 03:54 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,715
Sorry - Vista, so everything does need to be run as admin there. Avira entries have been showing here, and we will be running a removal tool for that once we have verified all infection is removed.

Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". Then do the step to paste that command and run the file check scan please.
Reply With Quote
  #33  
Old September 13th, 2009, 03:55 PM
jingleberry's Avatar
jingleberry jingleberry is offline
Member
 
Join Date: Sep 2009
Posts: 67
How long does it take? Becuse it is working now i ran it as admin and it is taking a while
Reply With Quote
  #34  
Old September 13th, 2009, 03:58 PM
jingleberry's Avatar
jingleberry jingleberry is offline
Member
 
Join Date: Sep 2009
Posts: 67
oh okay
Reply With Quote
  #35  
Old September 13th, 2009, 04:00 PM
jingleberry's Avatar
jingleberry jingleberry is offline
Member
 
Join Date: Sep 2009
Posts: 67
Volume in drive C is HP
Volume Serial Number is CE59-269D

Directory of c:\Windows\inf

21/01/2008 03:29 8,122 wdmaudio.inf
08/03/2009 13:25 12,340 wdmaudio.PNF
2 File(s) 20,462 bytes

Directory of c:\Windows\System32

21/01/2008 03:24 166,912 wdmaud.drv
1 File(s) 166,912 bytes

Directory of c:\Windows\System32\DriverStore\en-US

02/11/2006 13:41 1,610 wdmaudio.inf_loc
1 File(s) 1,610 bytes

Directory of c:\Windows\System32\DriverStore\FileRepository

02/11/2006 12:18 <DIR> wdmaudio.inf_1493ef6e
29/05/2008 01:24 <DIR> wdmaudio.inf_e9a56ed0
0 File(s) 0 bytes

Directory of c:\Windows\System32\DriverStore\FileRepository\wdm audio.inf_1493ef6e

02/11/2006 07:40 8,876 wdmaudio.inf
1 File(s) 8,876 bytes

Directory of c:\Windows\System32\DriverStore\FileRepository\wdm audio.inf_e9a56ed0

21/01/2008 03:23 8,122 wdmaudio.inf
29/05/2008 01:24 12,340 wdmaudio.PNF
2 File(s) 20,462 bytes

Directory of c:\Windows\System32\en-US

02/11/2006 13:40 3,072 wdmaud.drv.mui
1 File(s) 3,072 bytes

Directory of c:\Windows\winsxs

02/11/2006 13:41 <DIR> x86_wdmaudio.inf.resources_31bf3856ad364e35_6.0.60 00.16386_en-us_8904e0ba6f31e7c3
21/01/2008 03:23 <DIR> x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_n one_606759131a25a8c1
0 File(s) 0 bytes

Directory of c:\Windows\winsxs\Manifests

02/11/2006 13:39 2,882 x86_wdmaudio.inf.resources_31bf3856ad364e35_6.0.60 00.16386_en-us_8904e0ba6f31e7c3.manifest
21/01/2008 03:17 4,606 x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_n one_606759131a25a8c1.manifest
2 File(s) 7,488 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_6.0.6001.18000_none_4a4e4c2 6e5b22007

21/01/2008 03:24 166,912 wdmaud.drv
1 File(s) 166,912 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-a..wdm-audio.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6e7d174904ef7eb6

02/11/2006 13:40 3,072 wdmaud.drv.mui
1 File(s) 3,072 bytes

Directory of c:\Windows\winsxs\x86_wdmaudio.inf.resources_31bf3 856ad364e35_6.0.6000.16386_en-us_8904e0ba6f31e7c3

02/11/2006 13:41 1,610 wdmaudio.inf_loc
1 File(s) 1,610 bytes

Directory of c:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e3 5_6.0.6001.18000_none_606759131a25a8c1

21/01/2008 03:23 8,122 wdmaudio.inf
1 File(s) 8,122 bytes

Total Files Listed:
14 File(s) 408,598 bytes
4 Dir(s) 84,782,518,272 bytes free
Reply With Quote
  #36  
Old September 13th, 2009, 05:41 PM
jingleberry's Avatar
jingleberry jingleberry is offline
Member
 
Join Date: Sep 2009
Posts: 67
I decided to make another hijack this log aswell,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:40:53, on 13/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\Users\Joe\AppData\Local\Temp\AVSETUP_4aa168f1\b asic\avupgsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8730 bytes
Reply With Quote
  #37  
Old September 13th, 2009, 09:02 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,715
Those files look okay. Let's make additional changes then run a different scan to check things.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

Code:
Reglock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

--------------

Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser - make sure for either you right click - Run as administrator)). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications


Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.


If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.

Post that log and the C:\ComboFix.txt log please.
Reply With Quote
  #38  
Old September 14th, 2009, 07:19 PM
jingleberry's Avatar
jingleberry jingleberry is offline
Member
 
Join Date: Sep 2009
Posts: 67
Well, the eset scan found 4 worms in the win32 section, for some reason it did not save a log file, also when I ran combo fix it said that there was some interference and that I should run a rootkit scan.

Here is the combo fix log:

ComboFix 09-09-12.A0 - Joe 13/09/2009 21:23.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2046.978 [GMT 1:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-13 20:34 . 2009-09-13 20:34 -------- d-----w- c:\users\Joe\AppData\Local\temp
2009-09-13 20:34 . 2009-09-13 20:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-13 20:34 . 2009-09-13 20:34 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-09-13 20:34 . 2009-09-13 20:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-09-13 20:34 . 2009-09-13 20:34 -------- d-----w- c:\users\Graboid\AppData\Local\temp
2009-09-13 20:34 . 2009-09-13 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-13 08:43 . 2009-09-13 08:43 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes
2009-09-13 08:43 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 08:43 . 2009-09-13 09:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 08:43 . 2009-09-13 08:43 -------- d-----w- c:\programdata\Malwarebytes
2009-09-13 08:43 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-12 20:24 . 2009-09-12 20:24 -------- d-----w- c:\users\Graboid\AppData\Local\AVG Security Toolbar
2009-09-11 18:03 . 2009-09-11 18:04 -------- d-----w- c:\users\Graboid\AppData\Roaming\MozillaControl
2009-09-11 18:03 . 2009-09-11 18:03 -------- d-----w- c:\users\Graboid\AppData\Local\Graboid
2009-09-11 18:03 . 2009-09-11 18:03 -------- d-----w- c:\users\Graboid\AppData\Local\Hewlett-Packard
2009-09-11 18:03 . 2009-09-11 18:03 -------- d-----w- c:\users\Graboid\AppData\Roaming\Hewlett-Packard
2009-09-11 18:02 . 2009-09-11 18:02 -------- d-----w- c:\users\Graboid\AppData\Roaming\Subversion
2009-09-11 17:32 . 2009-09-11 18:50 -------- d-----w- c:\users\Joe\AppData\Roaming\vlc
2009-09-11 17:30 . 2009-09-11 18:34 -------- d-----w- c:\users\Joe\AppData\Local\Graboid
2009-09-10 19:13 . 2009-09-10 19:03 46080 ----a-w- C:\Win32kDiag.exe
2009-09-10 16:24 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-10 16:24 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-10 16:24 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-10 16:24 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-10 16:24 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-10 16:24 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-10 16:24 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-10 16:24 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-10 16:24 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-10 16:24 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-10 16:14 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-10 16:06 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-10 16:06 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-10 16:06 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-10 16:06 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 18:13 . 2009-09-09 18:13 -------- d-----w- C:\Graboid
2009-09-09 18:12 . 2009-09-09 18:12 -------- d-----w- c:\programdata\Launcher
2009-09-08 19:36 . 2009-09-10 19:05 -------- d-----w- c:\programdata\Lavasoft
2009-09-07 20:20 . 2009-09-11 17:31 -------- d-----w- c:\users\Joe\AppData\Local\Graboid_Inc
2009-09-07 20:20 . 2009-09-07 20:20 -------- d-----w- c:\programdata\Graboid Inc
2009-09-07 20:20 . 2009-09-07 20:21 -------- d-----w- c:\users\Joe\AppData\Roaming\MozillaControl
2009-09-07 20:19 . 2009-09-07 20:19 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-09-07 20:19 . 2009-09-07 20:19 -------- d-----w- c:\program files\VideoLAN
2009-09-07 20:19 . 2009-09-11 17:30 -------- d-----w- c:\program files\Graboid
2009-09-07 19:42 . 2009-09-08 06:25 -------- d-----w- c:\users\Joe\AppData\Roaming\uTorrent
2009-09-06 18:10 . 2009-09-06 18:15 -------- d-----w- c:\users\Joe\AppData\Roaming\Spotify
2009-09-06 18:10 . 2009-09-06 18:13 -------- d-----w- c:\users\Joe\AppData\Local\Spotify
2009-09-06 18:10 . 2009-09-06 18:10 -------- d-----w- c:\program files\Spotify
2009-09-05 12:29 . 2009-09-13 12:59 -------- d-----w- C:\$AVG8.VAULT$
2009-09-05 11:41 . 2009-09-05 11:41 -------- d-----w- c:\users\Joe\AppData\Local\AVG Security Toolbar
2009-09-05 11:39 . 2009-09-05 11:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-05 11:39 . 2009-09-05 11:39 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-05 11:39 . 2009-09-05 11:39 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-05 11:39 . 2009-09-05 11:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-05 11:38 . 2009-09-13 08:38 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-05 11:38 . 2009-09-05 14:07 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-09-05 11:38 . 2009-09-05 11:38 -------- d-----w- c:\program files\AVG
2009-09-05 11:38 . 2009-09-05 11:38 -------- d-----w- c:\programdata\avg8
2009-09-05 11:34 . 2009-09-05 11:34 -------- d-----w- c:\users\Joe\AppData\Roaming\AVG8
2009-09-05 09:45 . 2009-09-05 09:46 -------- d-----w- C:\456out.com
2009-09-05 09:16 . 2009-09-05 09:16 -------- d-----w- c:\users\Joe\AppData\Roaming\Uniblue
2009-09-05 08:57 . 2009-09-05 08:57 -------- d-----w- c:\program files\Trend Micro
2009-09-04 19:31 . 2009-09-05 08:59 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-04 17:08 . 2009-09-05 11:33 -------- d-----w- c:\programdata\Avira
2009-09-03 17:02 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 17:02 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 16:19 . 2009-09-02 16:19 -------- d-----w- c:\program files\CCleaner
2009-08-31 14:33 . 2009-08-31 14:33 180224 ----a-w- c:\windows\system32\WinVd32.sys
2009-08-31 14:33 . 2009-08-31 14:33 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2009-08-31 14:33 . 2009-09-07 15:57 -------- d-----w- c:\program files\folder lock 6
2009-08-30 15:07 . 2008-03-20 16:46 334792 ----a-w- c:\windows\system32\_AxShlEx.dll
2009-08-30 14:59 . 2009-08-30 14:59 -------- d-----w- c:\program files\Alcohol Soft
2009-08-30 14:55 . 2009-08-31 15:22 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-30 13:45 . 2009-08-30 14:52 -------- d-s---w- c:\users\Public\Virtual CDs
2009-08-29 08:27 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-29 08:27 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-29 08:27 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-29 08:27 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-29 08:27 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-29 08:27 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-29 08:27 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-29 08:27 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-27 09:26 . 2009-08-27 09:26 -------- d-----w- c:\program files\BestGameEver
2009-08-26 22:56 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-20 12:38 . 2009-09-13 15:31 -------- d-----w- c:\users\Joe\Tracing
2009-08-19 22:26 . 2009-08-19 22:26 -------- d-----w- c:\program files\Defraggler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-13 15:57 . 2008-12-25 13:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-13 15:43 . 2008-12-25 13:55 -------- d-----w- c:\program files\Steam
2009-09-13 10:13 . 2008-12-25 13:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-12 20:23 . 2008-05-29 01:00 -------- d-----w- c:\programdata\Hewlett-Packard
2009-09-12 11:50 . 2009-09-12 11:50 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-12 11:48 . 2009-09-12 11:47 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 11:48 . 2009-09-12 11:47 -------- d-----w- c:\program files\iTunes
2009-09-12 11:47 . 2009-09-12 11:47 -------- d-----w- c:\program files\iPod
2009-09-12 11:47 . 2008-12-29 18:25 -------- d-----w- c:\program files\Common Files\Apple
2009-09-12 11:45 . 2009-03-14 13:38 -------- d-----w- c:\program files\QuickTime
2009-09-11 18:31 . 2009-09-11 18:31 -------- d-----w- c:\users\Graboid\AppData\Roaming\vlc
2009-09-11 18:01 . 2009-09-11 18:01 107040 ----a-w- c:\users\Graboid\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-11 18:01 . 2009-09-11 18:01 -------- d-----w- c:\users\Graboid\AppData\Roaming\ATI
2009-09-10 17:26 . 2009-01-06 16:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 17:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-08 19:17 . 2009-04-26 11:46 -------- d-----w- c:\program files\SpywareBlaster
2009-09-05 20:40 . 2008-12-25 13:55 -------- d-----w- c:\program files\Common Files\Steam
2009-09-05 15:39 . 2009-06-02 16:16 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-09-05 15:38 . 2009-06-02 16:16 -------- d-----w- c:\program files\TortoiseSVN
2009-09-05 13:51 . 2009-03-08 12:15 -------- d-----w- c:\programdata\BVRP Software
2009-09-05 13:51 . 2008-05-29 00:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 17:21 . 2008-05-29 00:52 -------- d-----w- c:\program files\Java
2009-08-28 07:06 . 2008-12-25 11:44 107040 ----a-w- c:\users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-20 10:06 . 2009-07-23 13:13 -------- d-----w- c:\users\Joe\AppData\Roaming\Bioshock
2009-08-19 21:47 . 2008-12-29 18:29 -------- d-----w- c:\users\Joe\AppData\Roaming\Apple Computer
2009-08-19 21:27 . 2009-07-08 17:19 -------- d-----w- c:\programdata\Skype
2009-08-19 21:19 . 2009-05-20 18:14 -------- d-----w- c:\users\Joe\AppData\Roaming\Juce VST Host
2009-08-08 10:54 . 2009-04-20 17:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-07 16:32 . 2009-02-16 17:24 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-07 14:06 . 2008-05-29 00:49 -------- d---a-w- c:\program files\Common Files\LightScribe
2009-07-25 04:23 . 2009-02-13 18:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 13:13 . 2009-07-23 13:13 -------- d--h--r- c:\users\Joe\AppData\Roaming\SecuROM
2009-07-23 12:56 . 2009-07-23 12:56 -------- d-----w- c:\program files\Bioshock
2009-07-23 12:56 . 2009-07-23 12:54 -------- d-----w- c:\programdata\WinZip
2009-07-21 21:52 . 2009-08-07 14:04 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-07 14:04 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-07 14:04 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-07 14:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-12 20:52 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-12 20:52 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 20:52 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 20:52 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 20:52 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-08 19:12 . 2009-07-08 19:12 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-01-16 21:06 . 2009-01-16 21:06 34561 ----a-w- c:\program files\uninstall.exe
2009-01-03 13:21 . 2009-01-03 13:21 15706 ----a-w- c:\program files\changes.txt
2009-01-03 08:10 . 2009-01-03 08:10 1031848 ----a-w- c:\program files\fraps.exe
2009-01-03 08:09 . 2009-01-03 08:09 74920 ----a-w- c:\program files\fraps64.dat
2009-01-03 08:07 . 2009-01-03 08:07 188416 ----a-w- c:\program files\fraps.dll
2009-01-03 08:06 . 2009-01-03 08:06 128512 ----a-w- c:\program files\fraps64.dll
2009-01-03 08:06 . 2009-01-03 08:06 159744 ----a-w- c:\program files\frapslcd.dll
2009-01-01 12:58 . 2009-01-01 12:58 1852 ----a-w- c:\program files\README.HTM
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-13_09.33.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-09-13 09:57 57960 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
- 2006-11-02 13:05 . 2009-09-13 08:38 77974 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2006-11-02 13:05 . 2009-09-13 09:57 77974 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-12-25 12:16 . 2009-09-13 09:57 15272 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-43427904-922024075-4119607450-1000_UserData.bin
+ 2008-06-17 13:31 . 2009-09-13 20:20 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-17 13:31 . 2009-09-13 08:44 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-17 13:31 . 2009-09-13 08:44 65536 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-17 13:31 . 2009-09-13 20:20 65536 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-17 13:31 . 2009-09-13 20:20 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-06-17 13:31 . 2009-09-13 08:44 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-09-13 08:36 . 2009-09-13 08:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-09-13 09:55 . 2009-09-13 09:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-09-13 09:55 . 2009-09-13 09:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2009-09-13 08:36 . 2009-09-13 08:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-03-19 20:39 . 2009-09-13 09:55 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
- 2009-03-19 20:39 . 2009-09-13 08:36 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\1T ortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\2T ortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\3T ortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\4T ortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\5T ortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\6T ortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\7T ortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\8T ortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\9T ortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
Reply With Quote
  #39  
Old September 14th, 2009, 07:20 PM
jingleberry's Avatar
jingleberry jingleberry is offline
Member
 
Join Date: Sep 2009
Posts: 67
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-05 2007832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-03 6266880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dl l

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{15C2EA3A-5BC7-43F2-8387-55999ECA073E}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"TCP Query User{2AD720B5-4D78-44F7-AEFC-87254E344671}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\garrysmo d\\hl2.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\garrysmod\hl 2.exe:hl2
"UDP Query User{2771D0CD-6EA6-48C4-B430-21F16BE6EA27}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\garrysmo d\\hl2.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\garrysmod\hl 2.exe:hl2
"{E6A38A4D-EA15-44D2-8B93-E1BB2197A9A0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AD650AE8-CB82-4BF3-8702-4601166E8C74}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{416BD8CD-E441-4B68-B8AD-64B230D883A7}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{678F464D-5957-4F71-84BA-77EBB715002A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3B2FC3A2-489E-49D9-B04C-C828185145BA}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{354EE471-6B06-4C35-A75B-B9B0328A83B8}"= UDP:c:\program files\Kontiki\KService.exeelivery Manager Service
"{D348AFF7-F7C6-470A-B59A-F7A06173CFD3}"= TCP:c:\program files\Kontiki\KService.exeelivery Manager Service
"{EE28BAD8-9510-46F6-837D-BAF2B90F5059}"= UDP:c:\program files\Kontiki\KService.exeelivery Manager Service
"{AEF4D9ED-0D22-4FF7-B020-6723860A0A45}"= TCP:c:\program files\Kontiki\KService.exeelivery Manager Service
"TCP Query User{43A2BD7C-3048-4060-82B1-CF28A68AA89D}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\team fortress 2\hl2.exe:hl2
"UDP Query User{29A451F2-F581-4E6A-A50D-B8F0C3DEDECB}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\team fortress 2\hl2.exe:hl2
"{0E3B61F0-A509-458E-80AF-BD0375C52423}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{11AAF7B4-7C3F-4542-92BE-A6287AED95EC}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{BE90CF04-586A-4363-B1BE-CB36F294700C}"= UDP:3703:Adobe Version Cue CS3 Server
"{308BE50C-8BAF-411D-9270-9F6158130FF4}"= UDP:3704:Adobe Version Cue CS3 Server
"{352583F6-9A93-4858-94D5-8CDCF2C563E1}"= UDP:50900:Adobe Version Cue CS3 Server
"{DBF0AB47-BCAB-4ABC-9108-5DC225794072}"= UDP:50901:Adobe Version Cue CS3 Server
"{14B53F08-3B19-4397-A8C3-559984599552}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{E3A8C6BB-C52C-4445-BFC9-86EB3A8463DC}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"TCP Query User{9284BB65-7D51-44A5-AA12-A1D851FA82F4}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\garrysmo d\\hl2.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\garrysmod\hl 2.exe:hl2
"UDP Query User{ABD72772-CD0B-4BE5-B713-9D464DFCA71E}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\garrysmo d\\hl2.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\garrysmod\hl 2.exe:hl2
"{B24811A7-446C-4B1D-8EB6-7F78D5667F3A}"= UDP:3703:Adobe Version Cue CS3 Server
"{E407B1AE-2496-49DD-9DBB-BB2238F7F43A}"= UDP:3704:Adobe Version Cue CS3 Server
"{A7B292D7-63F3-4A46-B63B-D08BFC28E06A}"= UDP:50900:Adobe Version Cue CS3 Server
"{C456F14F-5961-4A17-AF0A-7EC744F1E04C}"= UDP:50901:Adobe Version Cue CS3 Server
"{17E2B94B-BA78-4D35-95FA-D69E4F0B0439}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{2CF4F41F-526D-4F9D-9F79-EF766B2BB287}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"TCP Query User{2AD9F087-74C6-4923-BE7F-570BB3F5744D}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{A7E30E37-0CEE-435D-912B-57DE2472792F}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"{4A99A99D-4BA6-47A5-8817-A55CE1D24776}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{04A97E23-A13E-4557-A5C7-DCDCE12E238A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{673BE6A9-FE09-4357-B60A-F7C688708FF1}c:\\program files\\steam\\steamapps\\thestarblaster\\garrysmod \\hl2.exe"= UDP:c:\program files\steam\steamapps\thestarblaster\garrysmod\hl2 .exe:hl2
"UDP Query User{D4AE84D9-696E-49D5-8335-A8889049214D}c:\\program files\\steam\\steamapps\\thestarblaster\\garrysmod \\hl2.exe"= TCP:c:\program files\steam\steamapps\thestarblaster\garrysmod\hl2 .exe:hl2
"TCP Query User{D26E2C58-DEB6-4798-8CB4-6F49533157FE}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\half-life\hl.exe:Half-Life Launcher
"UDP Query User{A6B8EA5B-00FF-4801-A548-1E54CEF74549}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\half-life\hl.exe:Half-Life Launcher
"TCP Query User{F85D9251-635F-4404-97A4-43CB83F2DFBF}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\conditio n zero deleted scenes\\hl.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{24E13E44-5F57-4B73-BA5B-B009C89C2E59}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\conditio n zero deleted scenes\\hl.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\condition zero deleted scenes\hl.exe:Half-Life Launcher
"TCP Query User{F2846F11-CBF3-4D09-98D9-C631D9195E71}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\half-life blue shift\\hl.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\half-life blue shift\hl.exe:Half-Life Launcher
"UDP Query User{E47E6CDE-366A-4637-AA30-002355D0DE96}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\half-life blue shift\\hl.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\half-life blue shift\hl.exe:Half-Life Launcher
"{BD19A945-58F1-46D1-A805-5F4252C6F73B}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{29125ED6-CD2A-4AE2-B1C2-8BA24956F1C2}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"TCP Query User{92E61797-ECF9-4C32-92DF-EEC88503B5D1}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{5ABF4C6A-85E2-436F-AB9C-B10E687C3368}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\half-life 2 deathmatch\hl2.exe:hl2
"{F4227BE1-1D84-46CD-9FA4-A7862C7B24D2}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\bin\SDKLauncher.exe:Left 4 Dead Authoring Tools
"{FB8F073D-95C0-4370-8E85-4B89D9A00CFB}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\bin\SDKLauncher.exe:Left 4 Dead Authoring Tools
"TCP Query User{FEF0116B-965C-4E08-A628-707117E719B9}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\day of defeat source\hl2.exe:hl2
"UDP Query User{C28AFC46-7B02-4AD3-A6DE-9715B05E70D0}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\day of defeat source\hl2.exe:hl2
"TCP Query User{5393B41D-9F81-4613-BE5D-AA808DA6EE0A}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\opposing force\\hl.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\opposing force\hl.exe:Half-Life Launcher
"UDP Query User{C57B97CA-A167-497C-80DB-95A2B1C819C0}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\opposing force\\hl.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\opposing force\hl.exe:Half-Life Launcher
"{FFC11528-D7BC-4BA8-A9E5-1E6EF4D77784}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{2117E302-9F71-4FFA-8004-8FC433A49F97}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{C1E5FF77-89C1-41E5-99D7-C745D6B20AA5}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{3A741524-234E-4938-8180-1526B37BB595}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{864DF2F1-C844-4735-9954-594D95241F74}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\ricochet \\hl.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\ricochet\hl. exe:Half-Life Launcher
"UDP Query User{8A8D8144-AC46-4CEC-BB80-653C70DF5E1A}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\ricochet \\hl.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\ricochet\hl. exe:Half-Life Launcher
"TCP Query User{F60332CA-27DD-4B44-B2C8-73ECFBF2FCD7}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\team fortress classic\\hl.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\team fortress classic\hl.exe:Half-Life Launcher
"UDP Query User{181C2588-5CA8-4A18-A56C-27409A370891}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\team fortress classic\\hl.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\team fortress classic\hl.exe:Half-Life Launcher
"TCP Query User{CD8090B4-8BC1-4A9B-A69E-C3227562A9CF}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\conditio n zero\\hl.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{BF1F908C-B412-4066-B807-B4DB9B8F8E73}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\conditio n zero\\hl.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{9F7F8F37-6D43-4EA8-BCC3-0EDA626FE9E7}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\deathmat ch classic\\hl.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{6161180B-CBF3-400C-8FC1-2DA29C002DB4}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\deathmat ch classic\\hl.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\deathmatch classic\hl.exe:Half-Life Launcher
"TCP Query User{83CA7DCB-672D-42CA-8EFF-AB820C648320}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{FE8ADFC8-BA55-4467-B87C-B7F633CF1488}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{A92AB3AE-E20F-45BE-BC99-18592B2E9632}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{3F5F3DA7-EBD9-4533-96A4-45D58F22CDEF}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{9F528F51-8DD9-4526-8D63-515CE02F0CDB}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify
"UDP Query User{F607DB4D-789B-46D5-B75B-82127A7D1B61}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify
"TCP Query User{E06C1F3A-89E4-4371-99F8-3BA48D867511}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\smashbal l\\hl2.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\smashball\hl 2.exe:hl2
"UDP Query User{A3541AB4-13E1-4F35-91EF-3A9B70301C20}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\smashbal l\\hl2.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\smashball\hl 2.exe:hl2
"TCP Query User{FB7ABDC6-A81C-4BEE-867B-EF7E551AF53E}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\cpt_fang_spatic\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{471BFAFD-E6E7-472A-9D13-56455E8AF4F4}c:\\program files\\steam\\steamapps\\cpt_fang_spatic\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\cpt_fang_spatic\counter-strike\hl.exe:Half-Life Launcher
"{6694A3DE-5094-4148-AA6D-3AAD4D30662F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{20350C0F-0FF1-4722-8FAB-D05F9AA5342C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{C346D4CE-1D60-44C4-97A6-5FFAA2D2FAD9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8C3F7655-D10F-490B-99CD-2216D23AA0F0}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [05/09/2009 12:39 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [05/09/2009 12:39 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05/09/2009 12:38 297752]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\System32\drivers\CAMTHWDM.sys [11/03/2008 14:14 941784]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25/12/2008 14:09 1153368]
R2 WinFLdrv;WinFLdrv;c:\windows\System32\WinFLdrv.sys [31/08/2009 15:33 10752]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [29/05/2008 10:20 493568]
S2 AntiVirUpgradeService;Avira Upgrade Service;"c:\users\Joe\AppData\Local\Temp\AVSETUP_4 aa168f1\basic\avupgsvc.exe" /TEMPSTART:""c:\users\Joe\AppData\Local\Temp\AVSETU P_4aa168f1\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\users\Joe\AppData\Local\Temp\AVSETUP_4aa168f1\b asic\avupgsvc.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion &pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profi les\gqx1lfg1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
Reply With Quote
  #40  
Old September 14th, 2009, 07:21 PM
jingleberry's Avatar
jingleberry jingleberry is offline
Member
 
Join Date: Sep 2009
Posts: 67
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 21:34
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Joe\AppData\Roaming\systemfl.$dk 990 bytes
c:\windows\system32\sys_drv.dat 6024 bytes
c:\windows\system32\sys_drv_2.dat 5020 bytes
c:\windows\system32\WinFLdrv.sys 10752 bytes executable

scan completed successfully
hidden files: 4

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-43427904-922024075-4119607450-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:0c,79,b3,d5,32,32,06,54,b0,16,5f,08,52,d7 ,e9,26,80,44,1d,b1,43,03,be,
15,3b,12,03,31,91,8b,9e,69,4d,8c,c1,16,85,a1,13,90 ,f4,ad,d0,66,a3,5d,55,03,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33 ,8f,50

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5592)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\libapr_tsvn.dll
c:\program files\TortoiseSVN\bin\libaprutil_tsvn.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
Completion time: 2009-09-13 21:37
ComboFix-quarantined-files.txt 2009-09-13 20:37
ComboFix2.txt 2009-09-13 09:36

Pre-Run: 78,702,428,160 bytes free
Post-Run: 78,582,665,216 bytes free

414 --- E O F --- 2009-09-10 17:05


________________________________

How do I make sure that it hasn't spread to the rest of my system, also the hijackthis doesnt work if you install it where it suggests, but it works anywhere else.
Reply With Quote
  #41  
Old September 14th, 2009, 07:27 PM
jingleberry's Avatar
jingleberry jingleberry is offline
Member
 
Join Date: Sep 2009
Posts: 67
By system I don't mean my pc but my brothers' etc
Reply With Quote
  #42  
Old September 15th, 2009, 02:33 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,715
I sure would like to be sure that Folder Lock software isn't what is causing all the problems there, such as perhaps the Program Files folder being locked, and ComboFix being locked out of reading things. And Eset not creating a log - things not gaining access like normal. But let's keep seeking out what has not appeared here yet.


Open Gmer again, then right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

----------------

Go to Start > Run and type:

cmd.exe

and ok. Copy and paste the below string after the prompt, then press Enter >

dir /s /a "c:\*hnetcfg*.*" > c:\find1.txt && notepad c:\find1.txt

Your drive will be scanned and when finished, Notepad will pop up with some information. Copy and paste it in this thread please.

Once that Notepad textbox opens, also click at the prompt in the still open command console window and type exit to close that.
Reply With Quote
  #43  
Old September 15th, 2009, 04:28 PM
jingleberry's Avatar
jingleberry jingleberry is offline
Member
 
Join Date: Sep 2009
Posts: 67
GMER 1.0.15.15077 [yvvlc8gn.exe] - http://www.gmer.net
Rootkit scan 2009-09-15 16:26:33
Windows 6.0.6001 Service Pack 1


---- Modules - GMER 1.0.15 ----

Module \SystemRoot\System32\Drivers\spef.sys 87E05000-87F05000 (1048576 bytes)
Module \SystemRoot\system32\drivers\nvraid.sys (NVIDIA® nForce(TM) RAID Driver/NVIDIA Corporation) 8807C000-88097000 (110592 bytes)
Module \SystemRoot\system32\DRIVERS\nvstor32.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation) 880DE000-88102000 (147456 bytes)
Module \SystemRoot\system32\DRIVERS\PS2.sys (PS2 SYS/Hewlett-Packard Company) 88531000-88536000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\nvmfdx32.sys (NVIDIA MCP Networking Function Driver./NVIDIA Corporation) 8C606000-8C706000 (1048576 bytes)
Module \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) 8C71E000-8C724000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\atikmdag.sys (ATI Radeon Kernel Mode Driver/ATI Technologies Inc.) 8CC06000-8D118000 (5316608 bytes)
Module \SystemRoot\system32\DRIVERS\CAMTHWDM.sys 8D203000-8D2E8000 (937984 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) 8D3AE000-8D3B8000 (40960 bytes)
Module \SystemRoot\system32\drivers\RTKVHDA.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) 8D40C000-8D643000 (2322432 bytes)
Module \SystemRoot\System32\Drivers\avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) 8D735000-8D74E000 (102400 bytes)
Module \SystemRoot\System32\Drivers\avgmfx86.sys (AVG Resident Shield Minifilter Driver/AVG Technologies CZ, s.r.o.) 8D3F9000-8D3FF000 (24576 bytes)
Module \SystemRoot\System32\Drivers\avgldx86.sys (AVG AVI Loader Driver/AVG Technologies CZ, s.r.o.) 8C788000-8C7D9000 (331776 bytes)
Module \SystemRoot\system32\DRIVERS\netr73.sys (Ralink 802.11 USB Wireless Adapter Driver/Ralink Technology, Corp.) 8837C000-883FC000 (524288 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) 96530000-9657C000 (311296 bytes)
Module \SystemRoot\System32\Drivers\secdrv.SYS (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) 9B1C0000-9B1CA000 (40960 bytes)
Module \SystemRoot\system32\WinFLdrv.sys 9B1D6000-9B1DE000 (32768 bytes)
Module \??\C:\Windows\system32\WinVd32.sys 9760F000-9763B000 (180224 bytes)
Module \??\C:\Users\Joe\AppData\Local\Temp\aajasnkj.sys (GMER) 976C2000-976D7000 (86016 bytes)
Reply With Quote
  #44  
Old September 15th, 2009, 04:29 PM
jingleberry's Avatar
jingleberry jingleberry is offline
Member
 
Join Date: Sep 2009
Posts: 67
---- Processes - GMER 1.0.15 ----

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 600
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 660
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 672
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 704
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 716
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation) 728
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation) 804
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 920
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 980
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1016
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 1116
Library C:\Windows\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1160
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1220
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000
Library c:\windows\system32\tabsvc.dll (Microsoft Tablet PC Input Service/Microsoft Corporation) 0x733D0000
Library C:\Windows\System32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x71570000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1232
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000
Library C:\Windows\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x71570000
Library c:\windows\system32\ezsvc7.dll (Shared EasyBits services for Windows/EasyBits Sofware AS) 0x01000000
Library c:\windows\system32\ezsvc7x.dll (Extended EasyBits services for Windows/EasyBits Software AS) 0x01580000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x749B0000
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000
Library C:\Windows\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x6E630000

Process C:\Windows\system32\AUDIODG.EXE (Windows Audio Device Graph Isolation /Microsoft Corporation) 1308
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000
Library C:\Windows\system32\RtkAPO.dll (Realtek(r) LFX/GFX DSP component/Realtek Semiconductor Corp.) 0x733F0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1332
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\system32\SLsvc.exe (Microsoft Software Licensing Service/Microsoft Corporation) 1352
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1404
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000
Library c:\windows\system32\webclnt.dll (Web DAV Service DLL/Microsoft Corporation) 0x71A00000
Library C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation) 0x6E830000
Library c:\windows\system32\upnphost.dll (UPnP Device Host/Microsoft Corporation) 0x6E580000
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000

Process C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) 1492
Library C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) 0x00990000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000

Process C:\Windows\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 1552
Library C:\Windows\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000
Library C:\Windows\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.) 0x00170000
Library C:\Windows\system32\atipdlxx.dll (ATI Desktop CWDDEDI DLL/ATI Technologies, Inc.) 0x10000000
Library C:\Windows\system32\ati2evxx.dll (ATI External Event Utility DLL Module/ATI Technologies Inc.) 0x003B0000

Process C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) 1600
Library C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000
Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000
Library C:\PROGRA~1\AVG\AVG8\avgwd.dll (AVG Watchdog Module/AVG Technologies CZ, s.r.o.) 0x6D740000
Library C:\PROGRA~1\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000
Library C:\PROGRA~1\AVG\AVG8\avgamnot.dll (AVG Event Notification Library/AVG Technologies CZ, s.r.o.) 0x6A5B0000
Library C:\PROGRA~1\AVG\AVG8\avgsched.dll (AVG Scheduler Module/AVG Technologies CZ, s.r.o.) 0x6C250000
Library C:\PROGRA~1\AVG\AVG8\avgwdwsc.dll (AVG Windows Security Center Module/AVG Technologies CZ, s.r.o.) 0x6D930000
Library C:\PROGRA~1\AVG\AVG8\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x6BBD0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1612
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000
Library c:\windows\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x71570000
Library C:\Windows\system32\ndptsp.tsp (NDIS Proxy TAPI Service Provider/Microsoft Corporation) 0x6E7B0000

Process C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) 1876
Library C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) 0x009E0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)
Reply With Quote
  #45  
Old September 15th, 2009, 04:29 PM
jingleberry's Avatar
jingleberry jingleberry is offline
Member
 
Join Date: Sep 2009
Posts: 67
0x76330000
Library C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPod ServiceLocalized.DLL (iPodService Resource Library (32-bit)/Apple Inc.) 0x6C670000
Library C:\Program Files\iPod\bin\iPodService.Resources\iPodService.D LL (iPodService Resource Library (32-bit)/Apple Inc.) 0x6C660000

Process C:\Windows\system32\Dwm.exe (Desktop Window Manager/Microsoft Corporation) 1896
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76330000
Library C:\Windows\system32\atiumdag.dll (atiumdag.dll/ATI Technologies Inc. ) 0x72250000
Library C:\Windows\system32\atiumdva.dll (Radeon Video Acceleration Universal Driver/ATI Technologies Inc. ) 0x71E00000

Process C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1976
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 04:30 PM.