Jump to content

Morganboy

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Awesome its gone now, thank you so much for your patience and time, from an old Computer main framer. I lived in Liege for a time. Loved the food, people and your country
  2. ComboFix 09-03-19.02 - Corran 2009-03-20 13:36:02.25 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.525 [GMT -7:00] Running from: c:\documents and settings\Corran\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Corran\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point FILE :: c:\documents and settings\Corran\Application Data\17610.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\de90cfc9.sys c:\windows\system32\drivers\exicgxih.sys c:\windows\system32\drivers\mrxdavv.sys c:\windows\system32\drivers\zojxk.sys c:\windows\system32\kwave.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DE90CFC9 -------\Service_de90cfc9 -------\Service_qwnelc -------\Service_scrcap ((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 ))))))))))))))))))))))))))))))) . 2009-03-19 11:08 . 2009-03-19 11:08 <DIR> d-------- c:\documents and settings\KennyBoy\Application Data\Malwarebytes 2009-03-19 11:07 . 2009-03-19 11:07 <DIR> d-------- c:\documents and settings\KennyBoy\Application Data\Verizon 2009-03-19 11:07 . 2008-07-17 18:38 <DIR> d-------- c:\documents and settings\KennyBoy\Application Data\Gtek 2009-03-19 11:07 . 2009-03-19 11:07 <DIR> d-------- c:\documents and settings\KennyBoy 2009-03-19 11:04 . 2009-03-19 11:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-03-19 10:31 . 2009-03-19 10:31 <DIR> d-------- c:\documents and settings\Bonehead\Application Data\Thunderbird 2009-03-19 10:26 . 2009-03-19 10:26 <DIR> d-------- c:\documents and settings\Bonehead\Application Data\Malwarebytes 2009-03-18 21:36 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-18 21:35 . 2009-03-18 21:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-18 21:35 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-18 21:09 . 2009-03-18 22:48 <DIR> d-------- C:\Rooter$ 2009-03-18 17:46 . 2009-03-18 17:46 <DIR> d-------- c:\program files\CCleaner 2009-03-14 23:33 . 2009-03-14 23:33 <DIR> d-------- c:\program files\7-Zip . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-20 20:32 --------- d-----w c:\program files\Thumbs5 2009-03-20 20:05 --------- d-----w c:\program files\Mozilla Thunderbird 2009-03-20 19:11 --------- d-----w c:\documents and settings\Corran\Application Data\Zoom Player 2009-03-19 18:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-19 00:38 --------- d-----w c:\program files\Java 2009-03-18 20:34 1,162 ----a-w c:\program files\otgnszd.txt 2009-03-18 20:21 --------- d-----w c:\documents and settings\Corran\Application Data\Orbit 2009-03-13 17:08 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-11 20:38 --------- d-----w c:\program files\IrfanView 2009-03-10 18:09 33,824 ----a-w c:\windows\system32\drivers\oreans32.sys 2009-02-16 20:38 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-16 20:38 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-02-16 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-02-14 23:52 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-02-13 09:54 --------- d-----w c:\program files\Microsoft Silverlight 2009-01-21 02:31 --------- d-----w c:\program files\QuickEditor 2009-01-21 02:22 --------- d-----w c:\program files\QuickTime 2008-08-22 08:22 177 ----a-w c:\program files\VirtualDub.jobs 2008-08-16 01:09 240,873 ----a-w c:\program files\VirtualDub.chm 2008-08-16 01:08 972,288 ----a-w c:\program files\VirtualDub.exe 2008-08-16 01:08 203,127 ----a-w c:\program files\VirtualDub.vdi 2008-08-16 01:07 8,704 ----a-w c:\program files\vdub.exe 2008-08-16 01:07 33,792 ----a-w c:\program files\auxsetup.exe 2008-08-16 01:07 31,232 ----a-w c:\program files\vdremote.dll 2008-08-16 01:07 29,696 ----a-w c:\program files\vdicmdrv.dll 2008-08-16 01:07 25,088 ----a-w c:\program files\vdsvrlnk.dll 2008-04-12 23:24 18,321 ----a-w c:\program files\copying 2008-03-22 19:36 560 ----a-w c:\documents and settings\Corran\Application Data\ViewerApp.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-18_22.14.07.96 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-16 16:45:30 139,648 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-03-19 06:24:39 139,648 ----a-w c:\windows\system32\FNTCACHE.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2001-03-26 77824] "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "MP_STATUS_MONITOR"="c:\program files\Canon\MultiPASS\monitr32.exe" [2000-11-10 286720] "MPTBox"="c:\program files\Canon\MultiPASS\MPTBox.exe" [2000-11-10 94208] "DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 1169744] "AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 1945688] "Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 149024] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960] "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-16 1601304] "SoundMan"="SOUNDMAN.EXE" [2006-01-11 c:\windows\soundman.exe] [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run] "1"="c:\documents and settings\Corran\Desktop\procexp.exe" [2008-01-19 3623736] c:\documents and settings\Corran\Start Menu\Programs\Startup\ Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376] Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-26 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-16 13:38 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.HFYU"= huffyuv.dll "VIDC.ZDSV"= scrvid.dll "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm "msacm.avis"= ff_acm.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 11:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-16 325128] R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-16 107272] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-16 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-16 298264] --- Other Services/Drivers In Memory --- *Deregistered* - PROCEXP100 . Contents of the 'Scheduled Tasks' folder 2007-03-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 16:31] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore TCP: {7D5C4BFA-F719-44AE-94B5-0A27069D9786} = 4.2.2.1 FF - ProfilePath - c:\documents and settings\Corran\Application Data\Mozilla\Firefox\Profiles\67dbx12m.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Technorati Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.type - 1 FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-20 13:39:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-507921405-789336058-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(736) c:\windows\system32\relog_ap.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\AVG\AVG8\avgcsrvx.exe . ************************************************************************** . Completion time: 2009-03-20 13:42:02 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-20 20:41:50 ComboFix2.txt 2009-03-20 19:36:08 ComboFix3.txt 2009-03-19 23:26:16 ComboFix4.txt 2009-03-19 06:27:54 ComboFix5.txt 2009-03-20 20:35:16 Pre-Run: 130,808,578,048 bytes free Post-Run: 130,792,394,752 bytes free 203 --- E O F --- 2009-02-11 11:03:51
  3. ComboFix 09-03-19.02 - Corran 2009-03-20 12:29:32.24 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.609 [GMT -7:00] Running from: c:\documents and settings\Corran\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\mrxdavv.sys c:\windows\system32\kwave.sys . ((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 ))))))))))))))))))))))))))))))) . 2009-03-19 11:08 . 2009-03-19 11:08 <DIR> d-------- c:\documents and settings\KennyBoy\Application Data\Malwarebytes 2009-03-19 11:07 . 2009-03-19 11:07 <DIR> d-------- c:\documents and settings\KennyBoy\Application Data\Verizon 2009-03-19 11:07 . 2008-07-17 18:38 <DIR> d-------- c:\documents and settings\KennyBoy\Application Data\Gtek 2009-03-19 11:07 . 2009-03-19 11:07 <DIR> d-------- c:\documents and settings\KennyBoy 2009-03-19 11:04 . 2009-03-19 11:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-03-19 10:31 . 2009-03-19 10:31 <DIR> d-------- c:\documents and settings\Bonehead\Application Data\Thunderbird 2009-03-19 10:26 . 2009-03-19 10:26 <DIR> d-------- c:\documents and settings\Bonehead\Application Data\Malwarebytes 2009-03-18 21:36 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-18 21:35 . 2009-03-18 21:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-18 21:35 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-18 21:09 . 2009-03-18 22:48 <DIR> d-------- C:\Rooter$ 2009-03-18 20:19 . 2009-03-18 20:19 <DIR> d-------- c:\documents and settings\Corran\DoctorWeb 2009-03-18 17:46 . 2009-03-18 17:46 <DIR> d-------- c:\program files\CCleaner 2009-03-18 13:53 . 2009-03-18 13:53 61,440 --a------ c:\windows\system32\drivers\exicgxih.sys 2009-03-18 13:34 . 2009-03-18 13:34 61,440 --a------ c:\windows\system32\drivers\zojxk.sys 2009-03-18 12:58 . 2009-03-18 12:58 8,752 --a------ c:\windows\system32\drivers\de90cfc9.sys 2009-03-14 23:33 . 2009-03-14 23:33 <DIR> d-------- c:\program files\7-Zip . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-20 19:11 --------- d-----w c:\documents and settings\Corran\Application Data\Zoom Player 2009-03-20 19:01 --------- d-----w c:\program files\Thumbs5 2009-03-20 18:35 --------- d-----w c:\program files\Mozilla Thunderbird 2009-03-19 18:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-19 00:38 --------- d-----w c:\program files\Java 2009-03-18 20:34 1,162 ----a-w c:\program files\otgnszd.txt 2009-03-18 20:21 --------- d-----w c:\documents and settings\Corran\Application Data\Orbit 2009-03-13 17:08 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-11 20:38 --------- d-----w c:\program files\IrfanView 2009-03-10 18:09 33,824 ----a-w c:\windows\system32\drivers\oreans32.sys 2009-02-16 20:38 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-16 20:38 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-02-16 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-02-14 23:52 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-02-13 09:54 --------- d-----w c:\program files\Microsoft Silverlight 2009-01-21 02:31 --------- d-----w c:\program files\QuickEditor 2009-01-21 02:22 --------- d-----w c:\program files\QuickTime 2008-08-22 08:22 177 ----a-w c:\program files\VirtualDub.jobs 2008-08-16 01:09 240,873 ----a-w c:\program files\VirtualDub.chm 2008-08-16 01:08 972,288 ----a-w c:\program files\VirtualDub.exe 2008-08-16 01:08 203,127 ----a-w c:\program files\VirtualDub.vdi 2008-08-16 01:07 8,704 ----a-w c:\program files\vdub.exe 2008-08-16 01:07 33,792 ----a-w c:\program files\auxsetup.exe 2008-08-16 01:07 31,232 ----a-w c:\program files\vdremote.dll 2008-08-16 01:07 29,696 ----a-w c:\program files\vdicmdrv.dll 2008-08-16 01:07 25,088 ----a-w c:\program files\vdsvrlnk.dll 2008-04-12 23:24 18,321 ----a-w c:\program files\copying 2008-03-22 19:36 560 ----a-w c:\documents and settings\Corran\Application Data\ViewerApp.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-18_22.14.07.96 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-16 16:45:30 139,648 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-03-19 06:24:39 139,648 ----a-w c:\windows\system32\FNTCACHE.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2001-03-26 77824] "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "MP_STATUS_MONITOR"="c:\program files\Canon\MultiPASS\monitr32.exe" [2000-11-10 286720] "MPTBox"="c:\program files\Canon\MultiPASS\MPTBox.exe" [2000-11-10 94208] "DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-19 1169744] "AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 1945688] "Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 149024] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960] "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-16 1601304] "SoundMan"="SOUNDMAN.EXE" [2006-01-11 c:\windows\soundman.exe] [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run] "1"="c:\documents and settings\Corran\Desktop\procexp.exe" [2008-01-19 3623736] c:\documents and settings\Corran\Start Menu\Programs\Startup\ Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376] Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-26 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-16 13:38 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.HFYU"= huffyuv.dll "VIDC.ZDSV"= scrvid.dll "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm "msacm.avis"= ff_acm.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 11:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "PestTrap"=c:\program files\PestTrap\PestTrap.exe "pro"=c:\docume~1\Corran\LOCALS~1\Temp\hcqfhyab.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "gwiz"=c:\documents and settings\Corran\Application Data\17610.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-16 325128] R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-16 107272] R1 de90cfc9;de90cfc9;c:\windows\system32\drivers\de90cfc9.sys [2009-03-18 8752] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-16 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-16 298264] S0 qwnelc;qwnelc;c:\windows\system32\drivers\uwvowgsk.sys --> c:\windows\system32\drivers\uwvowgsk.sys [?] S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?] --- Other Services/Drivers In Memory --- *Deregistered* - PROCEXP100 . Contents of the 'Scheduled Tasks' folder 2007-03-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 16:31] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore TCP: {7D5C4BFA-F719-44AE-94B5-0A27069D9786} = 4.2.2.1 FF - ProfilePath - c:\documents and settings\Corran\Application Data\Mozilla\Firefox\Profiles\67dbx12m.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Technorati Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.type - 1 FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-20 12:33:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-507921405-789336058-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(736) c:\windows\system32\relog_ap.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG8\avgrsx.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\AVG\AVG8\avgcsrvx.exe . ************************************************************************** . Completion time: 2009-03-20 12:36:06 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-20 19:35:53 ComboFix2.txt 2009-03-19 23:26:16 ComboFix3.txt 2009-03-19 06:27:54 ComboFix4.txt 2009-03-19 05:46:14 ComboFix5.txt 2009-03-20 19:28:51 Pre-Run: 130,859,982,848 bytes free Post-Run: 130,841,178,112 bytes free 204 --- E O F --- 2009-02-11 11:03:51
  4. Malwarebytes' Anti-Malware 1.34 Database version: 1878 Windows 5.1.2600 Service Pack 3 3/20/2009 11:09:53 AM mbam-log-2009-03-20 (11-09-53).txt Scan type: Quick Scan Objects scanned: 75029 Time elapsed: 4 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot. C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> Delete on reboot. Logfile of HijackThis v1.99.1 Scan saved at 11:14:49 AM, on 3/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Canon\MultiPASS\monitr32.exe C:\Program Files\Canon\MultiPASS\MPTBox.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Documents and Settings\Corran\Desktop\procexp.exe C:\Program Files\ATI Multimedia\main\launchpd.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Canon\MultiPASS\mpservic.exe C:\WINDOWS\system32\FxRedir.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I O4 - HKLM\..\Run: [MPTBox] "C:\Program Files\Canon\MultiPASS\MPTBox.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{7D5C4BFA-F719-44AE-94B5-0A27069D9786}: NameServer = 4.2.2.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MPService - Canon Information Systems - C:\Program Files\Canon\MultiPASS\mpservic.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing) Question you used the term quarantine? Did you mean select the remove button? Or is there a way that I can put these in a vault (like AVG) has? I looked through the help section on using quarantine, but this tab is not usable to me after a scan.
  5. Sorry about that here is my new stuff. Malwarebytes' Anti-Malware 1.34 Database version: 1878 Windows 5.1.2600 Service Pack 3 3/20/2009 9:31:23 AM mbam-log-2009-03-20 (09-31-16).txt Scan type: Quick Scan Objects scanned: 74981 Time elapsed: 2 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> No action taken. C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> No action taken. Logfile of HijackThis v1.99.1 Scan saved at 9:34:16 AM, on 3/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Canon\MultiPASS\monitr32.exe C:\Program Files\Canon\MultiPASS\MPTBox.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Documents and Settings\Corran\Desktop\procexp.exe C:\Program Files\ATI Multimedia\main\launchpd.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Canon\MultiPASS\mpservic.exe C:\WINDOWS\system32\FxRedir.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I O4 - HKLM\..\Run: [MPTBox] "C:\Program Files\Canon\MultiPASS\MPTBox.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{7D5C4BFA-F719-44AE-94B5-0A27069D9786}: NameServer = 4.2.2.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MPService - Canon Information Systems - C:\Program Files\Canon\MultiPASS\mpservic.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)
  6. Malwarebytes' Anti-Malware 1.34 Database version: 1749 Windows 5.1.2600 Service Pack 3 3/19/2009 4:42:18 PM mbam-log-2009-03-19 (16-42-18).txt Scan type: Quick Scan Objects scanned: 70373 Time elapsed: 2 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot. C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> Delete on reboot. Logfile of HijackThis v1.99.1 Scan saved at 4:43:17 PM, on 3/19/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Canon\MultiPASS\monitr32.exe C:\Program Files\Canon\MultiPASS\MPTBox.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Documents and Settings\Corran\Desktop\procexp.exe C:\Program Files\ATI Multimedia\main\launchpd.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\WINDOWS\system32\FxRedir.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Canon\MultiPASS\mpservic.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I O4 - HKLM\..\Run: [MPTBox] "C:\Program Files\Canon\MultiPASS\MPTBox.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{7D5C4BFA-F719-44AE-94B5-0A27069D9786}: NameServer = 4.2.2.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MPService - Canon Information Systems - C:\Program Files\Canon\MultiPASS\mpservic.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing) Thanks for the quick response
  7. I picked these up the other day making a huge mistake trying to download one of those programs to capture You Tube vids. A scan revealed Files Infected: C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot. C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> Delete on reboot. But after a reboot and a scan they are still there. I realize root infections are nasty! Neither one of these files ever shows up when I use explorer to find them. I thought of filing in the false positive part of your forum, but suspect I really have a problem. Note: If I signon to my system under a different user name (non-admin) and run a scan the infections don't show up. I'm new to this forum and not sure what information I need to post to assist in finding solutions to this problem.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.