my pc is dual boot system , I can boot into win2k or winxp ,
Drive c in windows 2000 and D: is XP .
Iv been using xp mostly and Sometime bout 2 weeks ago I think it got infected with Rootkit.agent .
Originally there was 2 files core.sys and core.cache.dsk , but iv been unable to remove the latter .
everytime i delete it under safe mode it reappears when i reboot .
I have AvG antispyware , And avg antivirus and firewall
And spydoctor .
Spydoctor is the one that found it , It says removed succesfully but on every rescan it reappears .
here is my logs
first Hijack this Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:01, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\EMS Free Surfer Companion\fs30.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\NETGEAR\WG111v2\WG111v2.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.altavista.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DrvLsnr] D:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [freesurfer] D:\Program Files\EMS Free Surfer Companion\fs30.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = D:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - D:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - D:\Program Files\EMS Free Surfer Companion\FS30.exe
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 5284 bytes
uninstall list
dobe Flash Player ActiveX
Adobe Reader 8.1.1
Apple Software Update
AVG 7.5
AVG Anti-Spyware 7.5
Azureus
Battlefield 2
Battlefield 2: Special Forces
BitLord 1.1
DivX Codec
DivX Content Uploader
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Electronics Assistant V4.1
EMS Free Surfer Companion 1.3.0.0
Foxit PDF Editor
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Japanese Fonts Support For Adobe Reader 8
Kaspersky Online Scanner
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
mIRC
MSN
Navilog1 3.4.0
Nero 7 Demo
NETGEAR WG111v2 wireless USB 2.0 adapter
NVIDIA Drivers
ObjMon 1.00
PDFCreator PL 0.8.0
QuickTime
RootKit Hook Analyzer 3.02
Scope
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
SoundMAX
Spyware Doctor 5.5
SUPERAntiSpyware Free Edition
TMD Recruit Pack
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Xvid 1.1.3 final uninstall
-------
combofix Log
ComboFix 08-01-18.4 - Sam 2008-01-19 1:04:26.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1641 [GMT 11:00]
Running from: D:\apps\ComboFixnew.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.
2008-01-19 01:07 . 2008-01-19 01:07 932 --------- D:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-19 00:59 . 2008-01-19 01:00 1,760 --a------ D:\WINDOWS\system32\ikhcore.cfg
2008-01-18 23:03 . 2008-01-18 23:05 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-01-18 23:03 . 2008-01-18 23:03 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-01-18 23:03 . 2008-01-18 23:03 <DIR> d-------- D:\Documents and Settings\Sam\Application Data\SUPERAntiSpyware.com
2008-01-18 23:03 . 2008-01-18 23:03 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-18 22:03 . 2002-11-15 18:36 40,960 --a------ D:\XP_FixLogon.exe
2008-01-18 04:23 . 2008-01-18 04:23 106 --a------ D:\delete.bat
2008-01-18 01:03 . 2008-01-18 01:03 <DIR> d-------- D:\WINDOWS\srchasst
2008-01-18 00:50 . 2008-01-18 00:50 5,922,347 --a------ D:\WINDOWS\bak.rar
2008-01-17 23:43 . 2008-01-19 01:03 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-17 10:40 . 2008-01-18 05:24 <DIR> d-------- D:\Program Files\Navilog1
2008-01-17 09:00 . 2008-01-19 01:01 <DIR> d-------- D:\HijackThis
2008-01-17 08:43 . 2008-01-17 08:43 <DIR> d-------- D:\WINDOWS\ERUNT
2008-01-17 07:48 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-17 07:26 . 2008-01-17 07:26 <DIR> d-------- D:\VundoFix Backups
2008-01-17 07:20 . 2008-01-17 07:20 <DIR> d-------- D:\WINDOWS\system32\Kaspersky Lab
2008-01-17 07:07 . 2008-01-17 07:07 <DIR> d-------- D:\Program Files\ObjMon
2008-01-17 07:04 . 2008-01-18 04:40 <DIR> d-------- D:\Program Files\RootKit Hook Analyzer
2008-01-17 07:04 . 2008-01-17 09:45 19,248 --a------ D:\WINDOWS\system32\drivers\rspsc32.sys
2008-01-17 03:17 . 2008-01-18 22:29 <DIR> d-------- D:\Program Files\Spyware Doctor
2008-01-17 03:17 . 2008-01-17 03:17 <DIR> d-------- D:\Documents and Settings\Sam\Application Data\PC Tools
2008-01-17 03:17 . 2007-12-10 14:53 81,288 --a------ D:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-17 03:17 . 2007-12-10 14:53 66,952 --a------ D:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-17 03:17 . 2007-12-10 14:53 41,864 --a------ D:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-17 03:17 . 2008-01-17 09:46 29,576 --a------ D:\WINDOWS\system32\drivers\kcom.sys
2008-01-16 17:31 . 2008-01-18 05:38 0 --a------ D:\WINDOWS\wininit.ini
2008-01-16 05:21 . 2008-01-16 17:31 <DIR> d-------- D:\Program Files\BulletProofSoft.com
2008-01-16 02:18 . 2008-01-16 02:18 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SITEguard
2008-01-16 02:17 . 2008-01-16 02:17 <DIR> d-------- D:\Program Files\Common Files\iS3
2008-01-16 01:04 . 2008-01-16 21:23 <DIR> d-------- D:\Program Files\EMS Free Surfer Companion
2008-01-15 17:53 . 2006-09-06 03:03 3,968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-14 22:23 . 2008-01-14 22:23 86,144 --a------ D:\WINDOWS\system32\drivers\diskdumpp.sys
2008-01-11 20:53 . 2008-01-11 20:53 <DIR> d-------- D:\Documents and Settings\Sam\Application Data\Ahead
2008-01-11 20:52 . 2008-01-11 20:52 <DIR> d-------- D:\Program Files\Nero
2008-01-11 20:52 . 2008-01-11 20:52 <DIR> d-------- D:\Program Files\Common Files\Ahead
2007-12-29 15:23 . 2007-12-29 15:23 <DIR> d-------- D:\Program Files\Common Files\Adobe
2007-12-20 22:06 . 2007-12-20 22:06 <DIR> d-------- D:\Program Files\Scope
2007-12-20 22:06 . 2007-12-20 22:06 <DIR> d-------- D:\Program Files\National Instruments
2007-12-19 21:22 . 2007-12-19 21:22 <DIR> d-------- D:\Program Files\Electronics 2000
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 12:28 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-01-17 19:41 4,649 ----a-w D:\WINDOWS\system32\drivers\hijackthis.log
2008-01-15 18:12 --------- d-----w D:\Documents and Settings\Sam\Application Data\AVG7
2008-01-15 18:00 --------- d-----w D:\Documents and Settings\All Users\Application Data\avg7
2008-01-15 07:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-08 03:34 --------- d-----w D:\Program Files\Cool PDF Reader
2007-12-08 03:27 --------- d-----w D:\Program Files\PDFCreator PL
2007-12-08 03:27 --------- d-----w D:\Documents and Settings\Sam\Application Data\PDFCreator
2007-12-02 15:15 --------- d-----w D:\Documents and Settings\Sam\Application Data\Apple Computer
.
((((((((((((((((((((((((((((( snapshot@2008-01-17_ 8.10.20.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-16 21:04:19 229,376 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 14:04:08 229,376 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-16 21:04:19 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 14:04:08 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-16 21:04:19 229,376 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 14:04:09 229,376 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-16 21:04:19 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 14:04:09 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-16 21:04:19 4,984,832 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-18 14:04:09 5,144,576 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-16 21:04:19 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 14:04:09 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-15 07:29:08 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-16 23:04:50 5,009,408 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-16 23:04:50 8,192 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-15 07:29:08 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-16 21:43:41 4,997,120 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-01-16 21:43:42 8,192 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-01-18 12:03:45 29,696 ----a-r D:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-01-18 12:03:45 18,944 ----a-r D:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-01-18 12:03:45 65,024 ----a-r D:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-01-18 11:25:41 6,008 ----a-w D:\WINDOWS\SoftwareDistribution\EventCache\{E565A5DB-F167-4C61-95AA-133E3D35BC3A}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 21:48 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 23:00 208952]
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 23:00 455168]
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 23:00 455168]
"DrvLsnr"="D:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 13:34 69632]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 17:55 579072]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-11-10 19:51 286720]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-15 18:03 6731312]
"freesurfer"="D:\Program Files\EMS Free Surfer Companion\fs30.exe" [2005-02-15 14:43 929792]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-08-12 00:43 7630848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="D:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-12 04:51 219136]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - D:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 17:05:52]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R1 diskdumpp;diskdumpp;D:\WINDOWS\system32\drivers\diskdumpp.sys [2008-01-14 22:23]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;D:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 18:53]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{535aaaa1-4281-11dc-b70b-00184db41f0a}]
\Shell\AutoRun\command - F:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-10 23:52:01 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 01:08:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-19 1:10:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-18 14:10:40
ComboFix2.txt 2008-01-17 18:49:40
ComboFix3.txt 2008-01-17 17:59:33
ComboFix4.txt 2008-01-17 01:02:38
ComboFix5.txt 2008-01-16 23:33:01
.
2008-01-15 11:44:25 --- E O F ---
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/19/2008 at 00:44 AM
Application Version : 3.9.1008
Core Rules Database Version : 3382
Trace Rules Database Version: 1376
Scan type : Complete Scan
Total Scan Time : 01:35:37
Memory items scanned : 415
Memory threats detected : 0
Registry items scanned : 4646
Registry threats detected : 0
File items scanned : 69816
File threats detected : 4
RootKit.TnCore/Trace
D:\WINDOWS\system32\drivers\core.cache.dsk
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
-----
Help getting rid of this is appreciated .
It seems most virus , antispy, Malware. adware removers cant get rid of this one .
Thanks in advance
Also what registry cleaner do you guys advise to use ?
Sam
ps ive also trid spybot search and destroy . and nolop