Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijackthis and Combo fix logs

Started by Brokenwingsx88 , Feb 20 2008 08:55 PM

  • Please log in to reply

#1
Brokenwingsx88
Posted 20 February 2008 - 08:55 PM

Brokenwingsx88

    New Member

  • Member
  • Pip
  • 1 posts
Hi everyone :)

First off I want to thank everyone who takes a look at these logs. It must be hard work, I'm sure. I tried to figure out what I should delete and what I should leave alone, but seeing as this is my brother's computer and I'm trying to help him out, I don't want to delete anything important. I'm sure it has something, but AVG isn't picking up on it. Here's both the Hijack this log and the Combo fix log (it seems to have been requested in other topics).

HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:51 PM, on 2/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\wininit.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\lsm.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SLsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\DRIVERS\xaudio.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\Dwm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...DTP&M=T5230
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=T5230
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...DTP&M=T5230
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\WINDOWS\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 9215 bytes


COMBOFIX LOG

ComboFix 08-02-21 - Mat 2008-02-20 21:34:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1167 [GMT -5:00]
Running from: C:\Users\Mat\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-20 16:14 . 2008-02-20 16:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-16 22:17 . 2008-02-16 22:21 <DIR> d-------- C:\Users\Mat\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
2008-02-16 18:57 . 2008-02-16 18:57 98,304 --a------ C:\WINDOWS\System32\CmdLineExt.dll
2008-02-15 15:47 . 2008-02-15 15:55 <DIR> d-------- C:\Users\Mat\AppData\Roaming\My Battle for Middle-earth™ II Files
2008-02-15 15:42 . 2008-02-16 22:13 <DIR> d-------- C:\Program Files\Electronic Arts
2008-02-15 14:23 . 2008-01-10 00:50 1,244,672 --a------ C:\WINDOWS\System32\mcmde.dll
2008-02-13 15:21 . 2008-02-13 15:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-13 03:06 . 2008-02-13 03:06 194,560 --a------ C:\WINDOWS\System32\WebClnt.dll
2008-02-13 03:06 . 2008-02-13 03:06 110,080 --a------ C:\WINDOWS\System32\drivers\mrxdav.sys
2008-02-13 03:03 . 2008-02-13 03:03 3,504,696 --a------ C:\WINDOWS\System32\ntkrnlpa.exe
2008-02-13 03:03 . 2008-02-13 03:03 3,470,392 --a------ C:\WINDOWS\System32\ntoskrnl.exe
2008-02-13 03:03 . 2008-02-13 03:03 154,624 --a------ C:\WINDOWS\System32\drivers\nwifi.sys
2008-02-13 03:03 . 2008-02-13 03:03 109,624 --a------ C:\WINDOWS\System32\drivers\ataport.sys
2008-02-13 03:03 . 2008-02-13 03:03 45,112 --a------ C:\WINDOWS\System32\drivers\pciidex.sys
2008-02-13 03:03 . 2008-02-13 03:03 21,560 --a------ C:\WINDOWS\System32\drivers\atapi.sys
2008-02-13 03:03 . 2008-02-13 03:03 15,928 --a------ C:\WINDOWS\System32\drivers\pciide.sys
2008-02-13 03:02 . 2008-02-13 03:02 4,247,552 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll
2008-02-13 03:02 . 2008-02-13 03:02 1,686,528 --a------ C:\WINDOWS\System32\gameux.dll
2008-02-13 03:02 . 2008-02-13 03:02 803,328 --a------ C:\WINDOWS\System32\drivers\tcpip.sys
2008-02-13 03:02 . 2008-02-13 03:02 216,632 --a------ C:\WINDOWS\System32\drivers\netio.sys
2008-02-13 03:02 . 2008-02-13 03:02 167,424 --a------ C:\WINDOWS\System32\tcpipcfg.dll
2008-02-13 03:02 . 2008-02-13 03:02 24,064 --a------ C:\WINDOWS\System32\netcfg.exe
2008-02-13 03:02 . 2008-02-13 03:02 22,016 --a------ C:\WINDOWS\System32\netiougc.exe
2008-02-09 13:04 . 2008-02-20 20:43 191,576,661 --a------ C:\WINDOWS\MEMORY.DMP
2008-02-08 22:42 . 2008-02-15 15:34 <DIR> d-------- C:\Users\Mat\AppData\Roaming\My Battle for Middle-earth Files
2008-02-02 15:24 . 2008-02-16 19:09 <DIR> d-------- C:\Program Files\Firefly Studios
2008-01-29 01:19 . 2008-01-29 01:19 <DIR> d-------- C:\Users\Mat\AppData\Roaming\SystemRequirementsLab
2008-01-29 01:19 . 2008-01-29 01:19 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-01-27 21:41 . 2008-01-27 21:41 <DIR> d-------- C:\Users\Mat\AppData\Roaming\PeerNetworking
2008-01-24 12:33 . 2008-01-26 17:43 <DIR> d-------- C:\Program Files\Guild Wars

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 01:55 --------- d---a-w C:\ProgramData\TEMP
2008-02-20 13:00 --------- d-----w C:\Users\Mat\AppData\Roaming\AVG7
2008-02-20 02:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 01:52 --------- d-----w C:\Program Files\Microsoft Games
2008-02-19 17:44 --------- d-----w C:\Program Files\Starcraft
2008-02-18 05:10 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-13 23:23 --------- d-----w C:\Users\Mat\AppData\Roaming\HP
2008-02-13 23:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-13 08:02 537,600 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
2008-02-13 08:02 449,536 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
2008-02-13 08:02 2,144,256 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
2008-02-13 08:02 173,056 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
2008-02-13 08:00 824,832 ----a-w C:\WINDOWS\System32\wininet.dll
2008-02-13 08:00 56,320 ----a-w C:\WINDOWS\System32\iesetup.dll
2008-02-13 08:00 52,736 ----a-w C:\WINDOWS\AppPatch\iebrshim.dll
2008-02-13 08:00 26,624 ----a-w C:\WINDOWS\System32\ieUnatt.exe
2008-02-09 03:37 --------- d-----w C:\Program Files\EA GAMES
2008-02-05 23:49 --------- d-----w C:\Program Files\AIM6
2008-02-05 23:48 --------- d-----w C:\ProgramData\Viewpoint
2008-02-05 23:40 --------- d-----w C:\Program Files\BigFix
2008-01-24 17:33 --------- d-----w C:\ProgramData\Media Center Programs
2008-01-13 09:09 --------- d-----w C:\Program Files\THQ
2008-01-13 05:17 --------- d-----w C:\ProgramData\NVIDIA
2008-01-10 22:28 --------- d-----w C:\Program Files\CONEXANT
2008-01-10 22:04 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-01-10 11:21 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 01:01 211,000 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-01-10 01:01 11,776 ----a-w C:\WINDOWS\System32\sbunattend.exe
2008-01-10 01:01 1,060,920 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-01-10 01:01 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 22:53 --------- d-----w C:\Users\Mat\AppData\Roaming\PC Tools
2008-01-07 11:50 --------- d-----w C:\Program Files\eMachines Games
2008-01-06 09:05 --------- d-----w C:\Program Files\Ares
2007-12-29 07:14 --------- d-----w C:\ProgramData\WEBREG
2007-12-29 07:00 0 ----a-w C:\Users\Mat\AppData\Roaming\wklnhst.dat
2007-12-29 07:00 --------- d-----w C:\Users\Mat\AppData\Roaming\Template
2007-12-29 06:54 --------- d-----w C:\ProgramData\HP
2007-12-29 06:50 --------- d-----w C:\ProgramData\HPSSUPPLY
2007-12-29 06:50 --------- d-----w C:\Program Files\HP
2007-12-29 06:49 --------- d-----w C:\Program Files\Common Files\HP
2007-12-29 06:45 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-29 06:45 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-12-28 21:35 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2007-12-27 01:06 --------- d-----w C:\Users\Mat\AppData\Roaming\Petroglyph
2007-12-27 01:05 --------- d-----w C:\Users\Mat\AppData\Roaming\LucasArts
2007-12-27 00:58 --------- d-----w C:\Program Files\LucasArts
2007-12-26 23:24 --------- d-----w C:\Users\Mat\AppData\Roaming\SampleView
2007-12-26 20:37 --------- d-s---w C:\Program Files\Xfire
2007-12-26 20:37 --------- d-----w C:\Users\Mat\AppData\Roaming\Xfire
2007-12-26 20:30 --------- d-----w C:\Users\Mat\AppData\Roaming\DivX
2007-12-26 20:24 --------- d-----w C:\Users\Mat\AppData\Roaming\InstallShield
2007-12-26 07:41 --------- d-----w C:\Program Files\DivX
2007-12-26 07:41 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2007-12-26 00:42 --------- d-----w C:\Users\Mat\AppData\Roaming\acccore
2007-12-26 00:42 --------- d-----w C:\ProgramData\AOL OCP
2007-12-26 00:40 --------- d-----w C:\ProgramData\AOL
2007-12-26 00:40 --------- d-----w C:\Program Files\Viewpoint
2007-12-26 00:39 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-25 13:22 55,304 ----a-w C:\WINDOWS\system32\drivers\avgwfp.sys
2007-12-25 08:28 --------- d-----w C:\Users\Mat\AppData\Roaming\Lionhead Studios
2007-12-25 08:15 --------- d-----w C:\ProgramData\Lionhead Studios
2007-12-25 08:15 --------- d-----w C:\Program Files\Lionhead Studios Ltd
2007-12-25 07:07 --------- d-----w C:\ProgramData\avg7
2007-12-25 06:57 9,216 ----a-w C:\WINDOWS\System32\avgwlntf.dll
2007-12-25 06:57 --------- d-----w C:\ProgramData\Grisoft
2007-12-24 18:42 174 --sha-w C:\Program Files\desktop.ini
2007-12-24 18:41 --------- d-----w C:\ProgramData\McAfee
2007-12-24 18:39 --------- d-----w C:\Program Files\Windows Defender
2007-12-24 18:39 --------- d-----w C:\Program Files\Windows Calendar
2007-12-24 18:38 --------- d-----w C:\Program Files\Google
2007-12-24 18:36 87,040 ----a-w C:\WINDOWS\System32\msoert2.dll
2007-12-24 18:36 39,424 ----a-w C:\WINDOWS\System32\ACCTRES.dll
2007-12-24 18:36 205,824 ----a-w C:\WINDOWS\System32\msoeacct.dll
2007-12-24 18:34 49,664 ----a-w C:\WINDOWS\System32\csrsrv.dll
2007-12-24 18:34 376,320 ----a-w C:\WINDOWS\System32\winsrv.dll
2007-12-24 18:32 8,147,968 ----a-w C:\WINDOWS\System32\wmploc.DLL
2007-12-24 18:32 7,680 ----a-w C:\WINDOWS\System32\spwmp.dll
2007-12-24 18:32 414,208 ----a-w C:\WINDOWS\System32\msscp.dll
2007-12-24 18:32 4,096 ----a-w C:\WINDOWS\System32\dxmasf.dll
2007-12-24 18:32 356,864 ----a-w C:\WINDOWS\System32\MediaMetadataHandler.dll
2007-12-24 18:31 86,016 ----a-w C:\WINDOWS\System32\icfupgd.dll
2007-12-24 18:31 63,488 ----a-w C:\WINDOWS\system32\drivers\mpsdrv.sys
2007-12-24 18:31 61,952 ----a-w C:\WINDOWS\System32\cmifw.dll
2007-12-24 18:31 396,800 ----a-w C:\WINDOWS\System32\MPSSVC.dll
2007-12-24 18:31 392,192 ----a-w C:\WINDOWS\System32\FirewallAPI.dll
2007-12-24 18:31 23,040 ----a-w C:\WINDOWS\system32\drivers\tunnel.sys
2007-12-24 18:31 178,688 ----a-w C:\WINDOWS\System32\iphlpsvc.dll
2007-12-24 18:31 16,896 ----a-w C:\WINDOWS\System32\wfapigp.dll
2007-12-24 18:31 15,360 ----a-w C:\WINDOWS\system32\drivers\TUNMP.SYS
2007-12-24 18:30 1,191,936 ----a-w C:\WINDOWS\System32\msxml3.dll
2007-12-24 18:28 1,327,104 ----a-w C:\WINDOWS\System32\quartz.dll
2007-12-24 18:27 9,728 ----a-w C:\WINDOWS\System32\LAPRXY.DLL
2007-12-24 18:27 57,856 ----a-w C:\WINDOWS\System32\SLUINotify.dll
2007-12-24 18:27 566,784 ----a-w C:\WINDOWS\System32\SLCommDlg.dll
2007-12-24 18:27 39,936 ----a-w C:\WINDOWS\System32\slcinst.dll
2007-12-24 18:27 351,232 ----a-w C:\WINDOWS\System32\SLUI.exe
2007-12-24 18:27 33,280 ----a-w C:\WINDOWS\System32\slwmi.dll
2007-12-24 18:27 268,288 ----a-w C:\WINDOWS\System32\mcbuilder.exe
2007-12-24 18:27 223,232 ----a-w C:\WINDOWS\System32\WMASF.DLL
2007-12-24 18:27 223,232 ----a-w C:\WINDOWS\System32\SLC.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 07:34 2159104 C:\WINDOWS\System32\oobefldr.dll]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
"ehTray.exe"="C:\WINDOWS\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-24 13:33 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 18:01 4431872 C:\WINDOWS\RtHDVCpl.exe]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-16 12:00 240640]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-09-06 14:12 323216]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-25 08:22 579072]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"NvSvc"="C:\WINDOWS\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-25 01:57 219136]

C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 22:24:54 98632]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2006-08-29 19:21:11 2240080]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-25 01:57 9216 C:\WINDOWS\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R2 XAudio;XAudio;C:\WINDOWS\system32\DRIVERS\xaudio.sys [2007-06-29 09:11]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\WINDOWS\system32\Drivers\avgwfp.sys [2007-12-25 08:22]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\WINDOWS\system32\DRIVERS\NETw2v32.sys [2006-11-02 02:30]
S3 UMPass;Microsoft UMPass Driver;C:\WINDOWS\system32\DRIVERS\umpass.sys [2006-11-02 03:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4878e45-4c16-11dc-8fc6-806e6f6e6963}]
\shell\AutoRun\command - E:\AutoPlay.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 21:41:03
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-20 21:41:58
.
2008-02-20 01:28:31 --- E O F ---


Thank you so much for your time :)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP