Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help "Backdoor.Nuclear.ax" detected! [RESOLVED]

Started by Onestep , Oct 15 2007 06:02 PM

  • This topic is locked This topic is locked

#1
Onestep
Posted 15 October 2007 - 06:02 PM

Onestep

    Member

  • Member
  • PipPipPip
  • 209 posts
I got a message from AVG Anti-virus detecting "Backdoor.Nuclear.ax" upon turning on computer this morning. I have tried cleaning and sending to virus vault as AVG reccomended but it doesn't go there. Nothing happens and the message won't go away. What do I do? Please help and God Bless.


Attached is a pic of the error message.

Here is my Log File:

Logfile of HijackThis v1.99.1
Scan saved at 8:01:10 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

dynhost.inetcam.com;register.inetcam.com;
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program

Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt

8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"

/minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"

AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq

Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: svchost.exe.lnk = C:\WINDOWS\WINDOWS\svchost.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.mi...b?1190274487968
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware

2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard

Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner -

C:\WINDOWS\system32\r_server.exe" /service (file missing)

Attached Thumbnails

  • BkDr.Nuclear.ax.jpg

  • 0

Advertisements

#2
Rorschach112
Posted 24 October 2007 - 03:37 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello, my name is Rorschach and I'll be helping you with your problems.

First can you open up Notepad, click Format at the top and uncheck Wordwrap


Next

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum



1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans on the bottom right, check the boxes for Reg - Disabled MS Config Items, Reg - Uninstall List, and Evnt - EventViewer Errors/Warnings
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
  • 0

#3
Onestep
Posted 24 October 2007 - 05:52 PM

Onestep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 209 posts
Hi Rorschach,
Everytime I open a folder of any kind and click on something this shortcut appears. If I click on this shortcut it says "Windows Script Host" There is no script file specified.
What is it and how can I stop it please? Its very annoying. The shortcut is a big "S" and on the bottom it has this written: .VBS;VBE;JS;JSE;....

I will upload a picture of it.

UPDATE: I thought the problem was fixed but it came back. I clicked on Real Player to play a file and my problem showed up again. Once I clicked on Real Player to play a file and I got this shortcut:


VBS;VBE;JS;JSE;WSF (Windows Script Host Settings File)


Now the file still played but how do I get rid of this shortcut showing up.

Many thanks & God Bless.

I am so confused now. I will start your instructions above now.
BUT since this happen last time I did a Fix and Restore the other day. But its back.
  • 0

#4
Onestep
Posted 24 October 2007 - 06:42 PM

Onestep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 209 posts
SDFix: Version 1.111

Run by Compaq_Administrator on Wed 10/24/2007 at 08:26 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\killti.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DISC\\DISCover.exe"="C:\\Program Files\\DISC\\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\\Program Files\\DISC\\DiscStreamHub.exe"="C:\\Program Files\\DISC\\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\\Program Files\\DISC\\myFTP.exe"="C:\\Program Files\\DISC\\myFTP.exe:*:Enabled:DISCover FTP"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 16 Oct 2007 211 A.SHR --- "C:\BOOT.BAK"
Mon 19 Sep 2005 788,568 A..H. --- "C:\Program Files\Online Services\Canada\KOL\client.exe"
Wed 17 Aug 2005 13,459,528 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\nsb-install-8-0.exe"
Wed 17 Aug 2005 233,472 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\webutil8.exe"
Wed 17 Aug 2005 389,120 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\WinsockFix.exe"
Thu 20 Sep 2007 9,506 A..H. --- "C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\License Backup\drmv2key.bak"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\INSTPH.DLL"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\INSTPH.DLL"
Mon 19 Sep 2005 77,824 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\AcsInstN.dll"
Mon 19 Sep 2005 6,961,146 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acsnet.zip"
Mon 19 Sep 2005 3,058,888 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acssetup.exe"
Mon 19 Sep 2005 307,289 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspcheck.dll"
Mon 19 Sep 2005 7,083,361 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspsetup.exe"
Wed 21 Sep 2005 1,960,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\autoit\autoit-v3.zip"
Mon 19 Sep 2005 550,488 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\deskbar\deskbr.exe"
Mon 19 Sep 2005 553,984 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\flash\FlashAX.exe"
Mon 19 Sep 2005 2,242,759 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\nisale.exe"
Mon 19 Sep 2005 24,064 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\NISChk.dll"
Mon 19 Sep 2005 57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpchk.dll"
Mon 19 Sep 2005 748,728 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpinst.exe"
Mon 19 Sep 2005 7,515,304 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\qt.exe"
Mon 19 Sep 2005 86,016 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\QTInsInf.dll"
Mon 19 Sep 2005 45,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealChk.dll"
Mon 19 Sep 2005 5,111,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealPl8.EXE"
Mon 19 Sep 2005 4,378,673 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\real_upd.exe"
Mon 19 Sep 2005 360,448 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\rp9codec.exe"
Mon 19 Sep 2005 40,960 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SiNdInst.dll"
Mon 19 Sep 2005 473,736 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SinfInst.exe"
Mon 19 Sep 2005 12,288 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbinst.dll"
Mon 19 Sep 2005 516,032 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbsetup.exe"
Mon 19 Sep 2005 597,080 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\toolbar\toolbr.exe"
Mon 19 Sep 2005 590,688 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\TSsetup.exe"
Mon 19 Sep 2005 57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\tsverchk.dll"
Mon 19 Sep 2005 49,152 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\AOLVPChk.dll"
Mon 19 Sep 2005 61,440 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\VPPrePop.exe"
Mon 19 Sep 2005 3,858,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\Vwpt.exe"

Finished!


I am now going to download and run that "Combofix.exe"
  • 0

#5
Onestep
Posted 24 October 2007 - 07:02 PM

Onestep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 209 posts
ComboFix 07-10-25.1 - Compaq_Administrator 2007-10-24 20:51:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1439 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\MabryObj.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.

2007-10-24 20:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 20:25 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-24 19:11 <DIR> d-------- C:\Galleries
2007-10-24 19:10 <DIR> d-------- C:\Program Files\Common Files\Intel Shared
2007-10-24 19:10 147,456 --a------ C:\WINDOWS\system32\SmtpX.DLL
2007-10-24 19:10 147,456 --a------ C:\WINDOWS\system32\MimeX.dll
2007-10-24 19:10 139,264 --a------ C:\WINDOWS\system32\EncodeX.dll
2007-10-24 19:09 48,640 --a------ C:\WINDOWS\system32\inetwh32.dll
2007-10-24 19:07 <DIR> d-------- C:\Program Files\Web Publish
2007-10-24 19:07 524,288 --a------ C:\WINDOWS\system32\InetIPLA6.dll
2007-10-24 19:07 516,096 --a------ C:\WINDOWS\system32\InetIPLM6.dll
2007-10-24 19:07 512,000 --a------ C:\WINDOWS\system32\InetIPLP6.dll
2007-10-24 19:07 503,808 --a------ C:\WINDOWS\system32\InetIPLPX.dll
2007-10-24 19:07 495,616 --a------ C:\WINDOWS\system32\InetIPLM5.dll
2007-10-24 19:07 491,520 --a------ C:\WINDOWS\system32\InetIPLP5.dll
2007-10-24 19:07 20,480 --a------ C:\WINDOWS\system32\InetIPL.dll
2007-10-24 19:06 1,409,024 --a------ C:\WINDOWS\system32\MGIIpl4W7.dll
2007-10-24 19:06 1,351,680 --a------ C:\WINDOWS\system32\MGIIpl4M6.dll
2007-10-24 19:06 1,318,912 --a------ C:\WINDOWS\system32\MGIIpl4M5.dll
2007-10-24 19:06 1,191,936 --a------ C:\WINDOWS\system32\MGIIpl4P6.dll
2007-10-24 19:05 <DIR> d-------- C:\Program Files\Common Files\MGI Shared
2007-10-24 19:05 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\MGI
2007-10-24 19:03 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2007-10-24 19:03 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2007-10-24 19:03 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2007-10-24 19:03 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2007-10-24 19:03 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2007-10-24 19:02 <DIR> d-------- C:\Program Files\Intel
2007-10-23 23:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-23 08:01 <DIR> d-------- C:\Program Files\Vista Start Menu
2007-10-22 13:58 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2007-10-22 08:01 <DIR> d-------- C:\Program Files\Cheetah Burner
2007-10-22 01:18 <DIR> d-------- C:\Program Files\MagicISO
2007-10-22 00:29 <DIR> d-------- C:\Program Files\DFX
2007-10-21 20:48 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Arcsoft
2007-10-19 02:07 61 ---hs---- C:\WINDOWS\cnerolf.dat
2007-10-19 01:26 <DIR> d-------- C:\Program Files\Microsoft Games
2007-10-17 19:36 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
2007-10-17 15:30 <DIR> d-------- C:\Program Files\Radmin
2007-10-17 15:30 708,608 --a------ C:\WINDOWS\system32\r_server.exe
2007-10-17 15:30 29,600 --a------ C:\WINDOWS\system32\raddrv.dll
2007-10-17 15:20 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Canon
2007-10-17 15:18 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-10-17 15:18 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-10-17 15:15 <DIR> d-------- C:\Program Files\Canon
2007-10-17 15:14 <DIR> d-------- C:\Program Files\ScanSoft
2007-10-17 15:14 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-10-17 15:14 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\ScanSoft
2007-10-17 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2007-10-17 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2007-10-17 15:13 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2007-10-17 15:12 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-10-17 15:12 <DIR> d-------- C:\WINDOWS\Profiles
2007-10-17 15:12 <DIR> d-------- C:\Program Files\ArcSoft
2007-10-17 15:12 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\InterTrust
2007-10-17 15:12 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2007-10-17 15:11 339,968 --a------ C:\WINDOWS\system32\N067UFW.DLL
2007-10-17 15:11 327,740 --a------ C:\WINDOWS\system32\UCS32P.DLL
2007-10-17 15:11 32,768 --a------ C:\WINDOWS\system32\CNQU70.DLL
2007-10-17 13:35 <DIR> d-------- C:\WINDOWS\Sun
2007-10-17 13:31 <DIR> d-------- C:\Program Files\uTorrent
2007-10-17 13:31 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent
2007-10-17 13:28 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-17 13:28 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-10-17 13:28 10,240 --a------ C:\WINDOWS\system32\swpdflt2.dll
2007-10-17 13:28 10,240 --a------ C:\WINDOWS\system32\dllcache\swpdflt2.dll
2007-10-17 13:28 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-10-17 13:28 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2007-10-17 13:28 3,968 --a------ C:\WINDOWS\system32\drivers\SWUSBFLT.SYS
2007-10-17 13:28 3,968 --a------ C:\WINDOWS\system32\dllcache\swusbflt.sys
2007-10-17 13:27 59,136 --a------ C:\WINDOWS\system32\drivers\gckernel.sys
2007-10-17 13:27 59,136 --a------ C:\WINDOWS\system32\dllcache\gckernel.sys
2007-10-17 13:27 2,688 --a------ C:\WINDOWS\system32\drivers\hidswvd.sys
2007-10-17 13:27 2,688 --a------ C:\WINDOWS\system32\dllcache\hidswvd.sys
2007-10-17 13:23 203 --a------ C:\WINDOWS\PowerReg.dat
2007-10-17 13:22 <DIR> d-------- C:\Program Files\MediaFACE II
2007-10-17 13:22 1,045,776 --a------ C:\WINDOWS\system32\MSJET35.DLL
2007-10-17 13:22 965,904 --a------ C:\WINDOWS\system32\MSJT3032.DLL
2007-10-17 13:22 570,128 --a------ C:\WINDOWS\system32\DAO350.DLL
2007-10-17 13:22 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL
2007-10-17 13:22 252,176 --a------ C:\WINDOWS\system32\MSRD2X35.DLL
2007-10-17 13:22 246,928 --a------ C:\WINDOWS\system32\ODBCJT16.DLL
2007-10-17 13:22 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2007-10-17 13:22 24,848 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2007-10-17 13:22 1,984 --a------ C:\WINDOWS\system32\VBAJET.DLL
2007-10-17 13:18 <DIR> d-------- C:\Program Files\Microsoft Picture It! 10
2007-10-17 12:30 1,165 --a------ C:\WINDOWS\mozver.dat
2007-10-17 12:25 <DIR> d-------- C:\Program Files\Genie-Soft
2007-10-17 10:20 <DIR> d-------- C:\Program Files\QuickPar
2007-10-17 08:25 <DIR> d-------- C:\Program Files\Agent
2007-10-17 01:31 <DIR> d-------- C:\Program Files\Musicmatch
2007-10-17 01:31 28,352 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-10-17 01:27 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-17 01:27 <DIR> d-------- C:\Program Files\Ahead
2007-10-17 01:27 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-10-17 01:27 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-10-17 01:27 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-10-17 01:27 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-10-17 01:27 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-10-17 01:27 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-24 23:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-19 05:43 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-17 23:37 --------- d-----w C:\Program Files\HP
2007-10-17 23:37 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-17 05:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-17 05:27 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-10-16 22:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-16 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-16 22:45 --------- d-----w C:\Program Files\Yahoo!
2007-10-16 22:44 --------- d-----w C:\Program Files\Quicken
2007-10-16 22:31 1,909 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_RK581AA-ABA SR2038X NA680_YC_0Pres_QMXX647_E64NAemREA4_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.07_T060802_WXP2_L409_M1983_J250_7AMD_8Athlon 64 X2 Dual Core_92.2_#071016_N_Z14F12F20_G10DE0241.MRK
2007-10-16 22:20 --------- d-----w C:\Program Files\music_now
2007-10-16 22:14 --------- d-----w C:\Program Files\Windows Plus
2007-10-16 22:14 --------- d-----w C:\Program Files\WildTangent
2007-10-16 22:13 --------- d-----w C:\Program Files\Sonic
2007-10-16 22:13 --------- d-----w C:\Program Files\Real
2007-10-16 22:12 --------- d-----w C:\Program Files\PC-Doctor for DOS
2007-10-16 22:11 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
2007-10-16 22:09 --------- d-----w C:\Program Files\Netscape
2007-10-16 22:09 --------- d-----w C:\Program Files\MSN Encarta Standard
2007-10-16 22:08 --------- d-----w C:\Program Files\Microsoft Works
2007-10-16 22:08 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-16 22:03 --------- d-----w C:\Program Files\HP Games
2007-10-16 22:01 --------- d-----w C:\Program Files\DISC
2007-10-16 22:01 --------- d-----w C:\Program Files\CONEXANT
2007-10-16 22:01 --------- d-----w C:\Program Files\Compaq Connections
2007-10-16 22:01 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-16 22:01 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-10-16 22:00 --------- d---a-w C:\Program Files\Common Files\LS Getting Started
2007-10-16 22:00 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-10-16 22:00 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-10-16 22:00 --------- d-----w C:\Program Files\Common Files\Real
2007-10-16 22:00 --------- d-----w C:\Program Files\Common Files\HP
2007-10-16 22:00 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-16 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2007-10-16 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-10-16 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2007-10-16 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-16 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-10-16 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
2007-10-16 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-16 21:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intuit
2007-10-16 21:51 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Grisoft
2007-10-16 21:28 208,896 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2007-10-16 21:27 61,440 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2007-10-16 21:27 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2007-10-16 21:27 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2007-10-16 21:27 40,960 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2007-10-16 21:27 341,048 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2007-10-16 21:27 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2007-10-16 21:27 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2007-10-16 21:27 163,840 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2007-10-16 21:25 118,842 ----a-r C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
2007-10-16 21:24 667,896 ----a-w C:\WINDOWS\unins000.exe
2006-02-19 10:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 17:01]
"ftutil2"="ftutil2.dll" [2004-06-07 17:05 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 23:05 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 19:19 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 18:50]
"nwiz"="nwiz.exe" [2006-05-09 18:50 C:\WINDOWS\system32\nwiz.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 18:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 18:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 22:23]
"POINTER"="point32.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 08:45]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-16 17:08]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 16:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2007-10-16 17:25:13]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

R2 r_server;Remote Administrator Service;"C:\WINDOWS\system32\r_server.exe" /service
R3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
R3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-24 20:53:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-24 20:55:30 - machine was rebooted
.
--- E O F ---
  • 0

#6
Onestep
Posted 24 October 2007 - 07:18 PM

Onestep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 209 posts

  • 0

#7
Onestep
Posted 24 October 2007 - 07:28 PM

Onestep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 209 posts
Now what do I do? Is anybody there?
  • 0

#8
Rorschach112
Posted 25 October 2007 - 09:20 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes I'm here, we are all volunteers here so we are kept busy enough.

Can you please post the WinPFind3 log, it seems to have not been posted due to a bug with the site. Try put the report in quotes by doing this

[quote][/quote]

So put 
[quote]
at the start of the report and 
[/quote]
at the end



If that doesn't work then upload and attach the report. Or you can split it into two posts.

Edited by Rorschach112, 25 October 2007 - 09:21 AM.

  • 0

#9
Onestep
Posted 25 October 2007 - 10:44 AM

Onestep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 209 posts
Hi Rorschach,
I will now post that log but last night I uninstalled Real Player as that is when I was getting most script messages. Do you want me to do a new one?
  • 0

#10
Rorschach112
Posted 25 October 2007 - 10:48 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No need to run it again, you can just post the log you have already.
  • 0

Advertisements

#11
Onestep
Posted 25 October 2007 - 11:01 AM

Onestep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 209 posts

  • 0

#12
Onestep
Posted 25 October 2007 - 11:04 AM

Onestep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 209 posts

  • 0

#13
Onestep
Posted 25 October 2007 - 11:06 AM

Onestep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 209 posts
Hey Rorschach, the log shows up on the preview and when I go to submit it doesn't go through unless you are recieving it?
  • 0

#14
Rorschach112
Posted 25 October 2007 - 11:10 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I'm not receiving it. Can you go to browse > upload the log(it is in the WinPFind3 folder), and then I can get to it.
  • 0

#15
Onestep
Posted 25 October 2007 - 11:15 AM

Onestep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 209 posts
ok

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP