This topic is locked
I seem to get redirected to a webpage named
I have seen u dealt with a similar problem and thought you would be kind enough to give me a hand. I will deeply appreciate it as i am really bugged by this thing.
I use Mac Affee antivirus by the way
Pls gimme a step by step help since my knowledge on these matters is very limited. Thank you!
Here is the log from hijackthis BUT MAY I ADD THAT IT SAYS BEFORE THE SCAN THAT MY SYSTEM DENIED WRITE ACCESS TO THE HOSTS FILE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:31 μμ, on 25/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\autoclk.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\WindowsMobile\WmdHost.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Users\User\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] "C:\Program Files\Internet Download Manager\IDMan.exe" /onboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80650A88-F605-4E3B-AAED-4FC448D32E37}: NameServer = 195.170.0.1 195.170.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 8422 bytes
AND COMBOFIX LOG
ComboFix 08-01-23.1C - User 2008-01-26 0:05:08.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1253.1.1032.18.909 [GMT 2:00]
Running from: C:\Users\User\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\User\AppData\Roaming\inst.exe
C:\Windows\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.
2008-01-26 00:03 . 2000-08-31 08:00 51,200 --a------ C:\Windows\Nircmd.exe
2008-01-25 22:45 . 2008-01-25 22:45 <DIR> d-------- C:\SiteAdvisor
2008-01-25 22:42 . 2008-01-04 20:34 163,696 --a------ C:\Windows\System32\drivers\ssidrv.sys
2008-01-25 22:42 . 2008-01-04 20:34 23,920 --a------ C:\Windows\System32\drivers\sskbfd.sys
2008-01-25 22:42 . 2008-01-04 20:34 21,872 --a------ C:\Windows\System32\drivers\sshrmd.sys
2008-01-25 22:42 . 2008-01-04 20:34 20,336 --a------ C:\Windows\System32\drivers\SSFS0BB9.sys
2008-01-25 22:41 . 2008-01-25 22:41 <DIR> d-------- C:\Program Files\Webroot
2008-01-25 22:41 . 2008-01-04 20:56 1,526,640 --a------ C:\Windows\WRSetup.dll
2008-01-25 22:35 . 2008-01-25 22:38 164 --a------ C:\install.dat
2008-01-25 21:31 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-01-25 21:29 . 2008-01-25 21:33 2,902 --a------ C:\Windows\System32\tmp.reg
2008-01-25 21:28 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-01-25 21:28 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-01-25 21:28 . 2007-12-20 23:11 81,920 --a------ C:\Windows\System32\IEDFix.exe
2008-01-25 21:28 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-01-25 21:28 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-01-25 18:48 . 2008-01-25 18:48 319 --a------ C:\Windows\game.ini
2008-01-25 18:21 . 2008-01-25 18:21 <DIR> d-------- C:\Program Files\Activision
2008-01-25 17:44 . 2008-01-25 17:44 167,545 --------- C:\Windows\System32\drivers\core.cache.dsk
2008-01-25 17:44 . 2008-01-25 17:44 86,144 --a------ C:\Windows\System32\drivers\hidclasss.sys
2008-01-25 17:42 . 2008-01-25 17:45 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-01-25 17:42 . 2008-01-25 17:42 306,432 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-01-25 17:42 . 2007-12-20 10:41 29,440 --a------ C:\Windows\System32\uxtuneup.dll
2008-01-25 17:42 . 2007-12-20 10:44 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-01-25 17:41 . 2008-01-25 17:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-21 10:57 . 2008-01-21 10:57 25 --a------ C:\Windows\cdplayer.ini
2008-01-21 10:52 . 2008-01-21 10:52 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-21 10:51 . 2008-01-21 10:51 <DIR> d-------- C:\Program Files\Real
2008-01-21 10:51 . 2008-01-21 10:52 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-21 10:39 . 2008-01-25 17:52 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-01-21 10:39 . 2008-01-21 10:39 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-01-21 10:39 . 2008-01-25 13:06 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-01-20 01:04 . 2008-01-20 01:04 <DIR> d-------- C:\Program Files\SpeedFan
2008-01-19 20:54 . 2008-01-19 20:54 <DIR> d-------- C:\Program Files\Lavalys
2008-01-18 02:02 . 2008-01-18 02:16 <DIR> d-------- C:\Program Files\RivaTuner v2.06
2008-01-17 14:40 . 2008-01-17 14:40 <DIR> d-------- C:\Windows\AsDmiHtm
2008-01-17 14:39 . 2008-01-17 14:39 22,475 --a------ C:\Windows\Ascd_tmp.ini
2008-01-17 14:39 . 2006-10-11 05:33 10,288 --a------ C:\Windows\System32\drivers\ASUSHWIO.SYS
2008-01-17 14:39 . 2006-10-18 15:44 7,680 --a------ C:\Windows\System32\drivers\ASACPI.sys
2008-01-17 11:47 . 2008-01-17 11:47 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-01-17 11:26 . 2008-01-21 10:03 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-16 11:08 . 2008-01-20 01:04 45 --a------ C:\Windows\System32\initdebug.nfo
2008-01-16 10:07 . 2008-01-16 10:07 <DIR> d-------- C:\NVIDIA
2008-01-16 09:43 . 2008-01-16 09:43 262,144 --a------ C:\Windows\System32\wrap_oal.dll
2008-01-16 09:43 . 2008-01-16 09:43 86,016 --a------ C:\Windows\System32\OpenAL32.dll
2008-01-16 09:42 . 2007-09-07 14:55 6,173 --a------ C:\Windows\System32\drivers\Entech.vxd
2008-01-16 09:24 . 2008-01-16 09:24 <DIR> d-------- C:\Windows\System32\Futuremark
2008-01-16 09:24 . 2008-01-25 10:33 <DIR> d-------- C:\Program Files\Futuremark
2008-01-16 09:24 . 2007-09-07 14:55 27,672 --a------ C:\Windows\System32\drivers\Entech.sys
2008-01-16 09:24 . 2007-09-07 14:55 12,744 --a------ C:\Windows\System32\drivers\Entech64.sys
2008-01-16 09:24 . 2001-11-19 20:05 3,972 --a------ C:\Windows\System32\drivers\PciBus.sys
2008-01-16 00:41 . 2008-01-16 00:47 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-01-16 00:31 . 2008-01-16 00:31 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-16 00:24 . 2008-01-19 14:10 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-01-16 00:24 . 2008-01-26 00:08 14,095 --a------ C:\Windows\System32\Config.MPF
2008-01-16 00:23 . 2006-03-03 11:07 143,360 --a------ C:\Windows\System32\dunzip32.dll
2008-01-16 00:22 . 2008-01-16 00:22 <DIR> d-------- C:\Program Files\McAfee.com
2008-01-16 00:22 . 2008-01-25 19:01 <DIR> d-------- C:\Program Files\McAfee
2008-01-16 00:22 . 2008-01-16 00:22 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-01-16 00:22 . 2007-07-21 09:08 201,288 --a------ C:\Windows\System32\drivers\mfehidk.sys
2008-01-16 00:22 . 2007-07-13 09:21 125,728 --a------ C:\Windows\System32\drivers\Mpfp.sys
2008-01-16 00:22 . 2007-07-24 07:40 79,304 --a------ C:\Windows\System32\drivers\mfeavfk.sys
2008-01-16 00:22 . 2007-07-21 09:08 40,488 --a------ C:\Windows\System32\drivers\mfesmfk.sys
2008-01-16 00:22 . 2007-07-21 09:08 35,240 --a------ C:\Windows\System32\drivers\mfebopk.sys
2008-01-16 00:22 . 2007-07-24 12:02 33,800 --a------ C:\Windows\System32\drivers\mferkdk.sys
2008-01-15 23:19 . 2006-09-29 06:56 28,248 -ra------ C:\Windows\System32\AdobePDF.dll
2008-01-15 23:18 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll
2008-01-15 23:18 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe
2008-01-15 22:42 . 2008-01-15 22:42 <DIR> d-------- C:\Program Files\Microsoft Works
2008-01-15 22:42 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-01-15 22:41 . 2008-01-15 22:41 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-15 22:39 . 2008-01-15 22:39 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-15 22:38 . 2008-01-15 22:38 <DIR> dr-h----- C:\MSOCache
2008-01-15 22:24 . 2008-01-15 22:24 <DIR> d-------- C:\Program Files\Nero
2008-01-15 22:24 . 2008-01-15 22:25 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-15 22:17 . 2008-01-15 22:17 <DIR> d-------- C:\Program Files\DVD Shrink
2008-01-15 22:15 . 2008-01-15 22:15 <DIR> d-------- C:\Program Files\VSO
2008-01-15 22:15 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-01-15 22:15 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-01-15 22:15 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-01-15 22:15 . 2008-01-15 22:15 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-01-15 22:12 . 2008-01-16 00:47 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-01-15 22:10 . 2008-01-15 22:10 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-01-15 20:06 . 2008-01-15 20:06 <DIR> d-------- C:\Windows\PCHEALTH
2008-01-15 18:05 . 2008-01-15 18:05 311,296 --a------ C:\Windows\System32\mswmdm.dll
2008-01-15 18:05 . 2008-01-15 18:05 36,864 --a------ C:\Windows\System32\wmdmps.dll
2008-01-15 18:05 . 2008-01-15 18:05 31,744 --a------ C:\Windows\System32\wmdmlog.dll
2008-01-15 17:31 . 2008-01-15 17:31 <DIR> d-------- C:\Program Files\DivX
2008-01-15 17:20 . 2008-01-15 20:06 <DIR> d-------- C:\Program Files\Windows Live
2008-01-15 17:20 . 2008-01-15 20:00 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-15 17:18 . 2008-01-15 17:18 <DIR> d-------- C:\Program Files\Common Files\Raxco
2008-01-15 17:17 . 2008-01-15 17:18 <DIR> d-------- C:\Program Files\RAXCO
2008-01-15 17:12 . 2008-01-15 17:12 639,224 --a------ C:\Windows\System32\drivers\sptd.sys
2008-01-15 14:39 . 2008-01-15 17:32 <DIR> d-------- C:\Program Files\Google
2008-01-15 14:29 . 2008-01-15 21:37 <DIR> d-------- C:\Program Files\World of Warcraft
2008-01-15 14:29 . 2008-01-15 14:30 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-15 13:41 . 2008-01-15 13:41 <DIR> d-------- C:\Program Files\KONAMI
2008-01-15 13:28 . 2008-01-15 13:28 <DIR> d-------- C:\Program Files\uTorrent
2008-01-15 13:27 . 2008-01-15 13:27 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-01-15 13:27 . 2008-01-15 13:27 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 22:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-15 20:41 --------- d-----w C:\Program Files\MSBuild
2008-01-15 11:32 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-15 11:32 --------- d-----w C:\Program Files\Windows Mail
2008-01-15 11:28 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-01-15 11:28 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-15 11:28 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-15 11:28 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-15 11:28 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-15 11:28 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-15 11:28 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-15 11:28 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-15 11:28 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-01-15 11:28 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-15 11:28 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-15 11:28 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-01-15 11:28 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-01-15 11:28 216,760 ----a-w C:\Windows\system32\drivers\netio.sys
2008-01-15 11:28 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-01-15 11:28 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-15 11:28 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-15 11:28 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-01-15 11:26 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-15 11:26 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-15 11:26 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-01-15 11:26 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-15 11:26 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-01-15 11:26 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-15 11:26 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-15 11:26 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-01-15 11:26 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-01-15 11:26 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-01-15 11:26 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-01-15 11:26 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-15 11:26 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-01-15 11:26 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-15 11:26 1,686,016 ----a-w C:\Windows\System32\gameux.dll
2008-01-15 11:26 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-15 11:25 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-15 11:25 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-01-15 11:25 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-01-15 11:25 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-01-15 11:25 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-01-15 11:25 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-01-15 11:25 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-01-15 11:25 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-15 11:25 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-01-15 11:25 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-01-15 11:25 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-15 11:23 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-01-15 11:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-15 11:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-15 11:23 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-15 09:42 31 ----a-w C:\Windows\system32\drivers\adidsl.cfg
2007-12-13 17:09 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2007-12-11 15:06 86,016 ----a-w C:\Windows\System32\nvsvc.dll
2007-12-11 15:06 81,920 ----a-w C:\Windows\System32\nvmctray.dll
2007-12-11 15:06 8,530,464 ----a-w C:\Windows\System32\nvcpl.dll
2007-12-11 15:06 8,238,688 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2007-12-11 15:06 753,664 ----a-w C:\Windows\System32\nvcplui.exe
2007-12-11 15:06 7,098,368 ----a-w C:\Windows\System32\nvoglv32.dll
2007-12-11 15:06 6,549,504 ----a-w C:\Windows\System32\nvdisps.dll
2007-12-11 15:06 5,263,360 ----a-w C:\Windows\System32\nvd3dum.dll
2007-12-11 15:06 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
2007-12-11 15:06 385,024 ----a-w C:\Windows\System32\nvapi.dll
2007-12-11 15:06 356,352 ----a-w C:\Windows\System32\nvudisp.exe
2007-12-11 15:06 35,328 ----a-w C:\Windows\System32\nvcod100.dll
2007-12-11 15:06 35,328 ----a-w C:\Windows\System32\nvcod.dll
2007-12-11 15:06 307,200 ----a-w C:\Windows\System32\nvexpbar.dll
2007-12-11 15:06 3,710,976 ----a-w C:\Windows\System32\nvvitvs.dll
2007-12-11 15:06 3,420,160 ----a-w C:\Windows\System32\nvgames.dll
2007-12-11 15:06 229,376 ----a-w C:\Windows\System32\nvmccs.dll
2007-12-11 15:06 2,498,560 ----a-w C:\Windows\System32\nvwss.dll
2007-12-11 15:06 188,416 ----a-w C:\Windows\System32\nvmccss.dll
2007-12-11 15:06 147,456 ----a-w C:\Windows\System32\nvcolor.exe
2007-12-11 15:06 1,830,912 ----a-w C:\Windows\System32\nvwgf2um.dll
2007-12-11 15:06 1,228,800 ----a-w C:\Windows\System32\nvmobls.dll
2007-12-04 07:59 972,072 ----a-w C:\Windows\UNRecode.exe
2007-12-03 16:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2007-11-06 23:00 795,104 ----a-w C:\Windows\System32\dpinst.exe
2007-11-06 23:00 5,611,520 ----a-w C:\Windows\System32\nvdispsr.dll
2007-11-06 23:00 458,752 ----a-w C:\Windows\System32\nvmccssr.dll
2007-11-06 23:00 3,715,072 ----a-w C:\Windows\System32\nvvitvsr.dll
2007-11-06 23:00 3,330,048 ----a-w C:\Windows\System32\nvgamesr.dll
2007-11-06 23:00 2,854,912 ----a-w C:\Windows\System32\nvmoblsr.dll
2007-11-06 23:00 2,519,040 ----a-w C:\Windows\System32\nvwssr.dll
2007-11-06 23:00 1,073,152 ----a-w C:\Windows\System32\nvcpluir.dll
2007-09-20 13:25 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-15 22:52 920064]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-15 14:40 171448]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe [2008-01-15 11:41:29 839680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\Windows\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{290e41fc-c0ff-11dc-9f03-806e6f6e6963}]
\shell\AutoRun\command - D:\AutoRunCD.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 17:00:46 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-01-25 22:08:00 C:\Windows\Tasks\At1.job"
- C:\Windows\system32\cmd.exe
"2008-01-15 22:51:45 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-15 22:51:45 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 00:10:03
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-26 0:11:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 22:11:28
.
2008-01-18 12:22:39 --- E O F ---
Edited by Rorschach112, 26 January 2008 - 07:03 AM.
Live link
Sign In
Create Account
