Jump to content

Kent Campbell

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by Kent Campbell

  1. True, but instead of just teens I was also looking at younger kids like ages 7-12. Mine (I monitor them) goto sites like Y8, flash game repositories. But given the holes in flash I would like to have them protected. The catch is, many free protections do not do well or are inactive allowing things to get in the door. What I would love to see, as a parent, is not a suite to tools that does everything, but is a little more targeted in it's approach. Looking at things different age groups commonly do and then tracking those vectors for threats. And then having a scheduler so regular thorough scans can be done. Finally...EDUCATION (took time to think), A set of tools of this kind should have more educating properties then a normal suite of tools. Something like a small minigame where you play as a PC and fight off viruses while the game tries to teach kids how to keep them selves secure in these times. As educated individuals, we are always taken aback by how people can fall for the methods used to deploy viruses, malware, and other threats. But it seams that education, and early education could help to make a more knowledgeable population. And knowledge is power, it could help then reduce some of the horrors out there...may be. If you want to change the world...you win the hearts and mind of the youth. It is just that simple.
  2. I have kids, three of them. Two are old enough to use computers and so thanks to family hand me downs they have their own computers. But kids will be kids and I can only keep those systems clean once something goes wrong. What I suggest would be a collection of tools designed to keeps kids computers clean and protected. It could be a payed version, or a free version with confirmation of the school they are attending. Protecting them actively and helping to keep some exploits in mind like those from flash (my kids do love those flash games...). Any way, that is the thought. Many companies seem to think only adults need protection. But some times kids are a bigger problem. Oh and just from those flash games I cleaned 7 threats off their computer today. Yup...fun fun.
  3. Hello, A while back I was helped by you all to get rid of a piece of malware. Since them I have had intermittent positives and slowdowns in my system. Sim times I detect Keys in my registry but nothing else. Some times I detect .sys files that are hidden, but the folders do not exist as detected. This has happened with both MWB and RootRepeal. Currently I am looking at a root repeal report in the SSDT tab. I will post it below. I have also run a MWB quick scan and nothing was detected. Given the elusive nature of what has been happening, I am being extra careful at this time. Thanks for your time. ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/10/19 17:04 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP3 ================================================== SSDT ------------------- #: 000 Function Name: NtAcceptConnectPort Status: Not hooked #: 001 Function Name: NtAccessCheck Status: Not hooked #: 002 Function Name: NtAccessCheckAndAuditAlarm Status: Not hooked #: 003 Function Name: NtAccessCheckByType Status: Not hooked #: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm Status: Not hooked #: 005 Function Name: NtAccessCheckByTypeResultList Status: Not hooked #: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm Status: Not hooked #: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle Status: Not hooked #: 008 Function Name: NtAddAtom Status: Not hooked #: 009 Function Name: NtAddBootEntry Status: Not hooked #: 010 Function Name: NtAdjustGroupsToken Status: Not hooked #: 011 Function Name: NtAdjustPrivilegesToken Status: Not hooked #: 012 Function Name: NtAlertResumeThread Status: Not hooked #: 013 Function Name: NtAlertThread Status: Not hooked #: 014 Function Name: NtAllocateLocallyUniqueId Status: Not hooked #: 015 Function Name: NtAllocateUserPhysicalPages Status: Not hooked #: 016 Function Name: NtAllocateUuids Status: Not hooked #: 017 Function Name: NtAllocateVirtualMemory Status: Not hooked #: 018 Function Name: NtAreMappedFilesTheSame Status: Not hooked #: 019 Function Name: NtAssignProcessToJobObject Status: Not hooked #: 020 Function Name: NtCallbackReturn Status: Not hooked #: 021 Function Name: NtCancelDeviceWakeupRequest Status: Not hooked #: 022 Function Name: NtCancelIoFile Status: Not hooked #: 023 Function Name: NtCancelTimer Status: Not hooked #: 024 Function Name: NtClearEvent Status: Not hooked #: 025 Function Name: NtClose Status: Not hooked #: 026 Function Name: NtCloseObjectAuditAlarm Status: Not hooked #: 027 Function Name: NtCompactKeys Status: Not hooked #: 028 Function Name: NtCompareTokens Status: Not hooked #: 029 Function Name: NtCompleteConnectPort Status: Not hooked #: 030 Function Name: NtCompressKey Status: Not hooked #: 031 Function Name: NtConnectPort Status: Not hooked #: 032 Function Name: NtContinue Status: Not hooked #: 033 Function Name: NtCreateDebugObject Status: Not hooked #: 034 Function Name: NtCreateDirectoryObject Status: Not hooked #: 035 Function Name: NtCreateEvent Status: Not hooked #: 036 Function Name: NtCreateEventPair Status: Not hooked #: 037 Function Name: NtCreateFile Status: Not hooked #: 038 Function Name: NtCreateIoCompletion Status: Not hooked #: 039 Function Name: NtCreateJobObject Status: Not hooked #: 040 Function Name: NtCreateJobSet Status: Not hooked #: 041 Function Name: NtCreateKey Status: Hooked by "spdf.sys" at address 0xb7ea70e0 #: 042 Function Name: NtCreateMailslotFile Status: Not hooked #: 043 Function Name: NtCreateMutant Status: Not hooked #: 044 Function Name: NtCreateNamedPipeFile Status: Not hooked #: 045 Function Name: NtCreatePagingFile Status: Not hooked #: 046 Function Name: NtCreatePort Status: Not hooked #: 047 Function Name: NtCreateProcess Status: Not hooked #: 048 Function Name: NtCreateProcessEx Status: Not hooked #: 049 Function Name: NtCreateProfile Status: Not hooked #: 050 Function Name: NtCreateSection Status: Not hooked #: 051 Function Name: NtCreateSemaphore Status: Not hooked #: 052 Function Name: NtCreateSymbolicLinkObject Status: Not hooked #: 053 Function Name: NtCreateThread Status: Not hooked #: 054 Function Name: NtCreateTimer Status: Not hooked #: 055 Function Name: NtCreateToken Status: Not hooked #: 056 Function Name: NtCreateWaitablePort Status: Not hooked #: 057 Function Name: NtDebugActiveProcess Status: Not hooked #: 058 Function Name: NtDebugContinue Status: Not hooked #: 059 Function Name: NtDelayExecution Status: Not hooked #: 060 Function Name: NtDeleteAtom Status: Not hooked #: 061 Function Name: NtDeleteBootEntry Status: Not hooked #: 062 Function Name: NtDeleteFile Status: Not hooked #: 063 Function Name: NtDeleteKey Status: Not hooked #: 064 Function Name: NtDeleteObjectAuditAlarm Status: Not hooked #: 065 Function Name: NtDeleteValueKey Status: Not hooked #: 066 Function Name: NtDeviceIoControlFile Status: Not hooked #: 067 Function Name: NtDisplayString Status: Not hooked #: 068 Function Name: NtDuplicateObject Status: Not hooked #: 069 Function Name: NtDuplicateToken Status: Not hooked #: 070 Function Name: NtEnumerateBootEntries Status: Not hooked #: 071 Function Name: NtEnumerateKey Status: Hooked by "spdf.sys" at address 0xb7ec5ca4 #: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx Status: Not hooked #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spdf.sys" at address 0xb7ec6032 #: 074 Function Name: NtExtendSection Status: Not hooked #: 075 Function Name: NtFilterToken Status: Not hooked #: 076 Function Name: NtFindAtom Status: Not hooked #: 077 Function Name: NtFlushBuffersFile Status: Not hooked #: 078 Function Name: NtFlushInstructionCache Status: Not hooked #: 079 Function Name: NtFlushKey Status: Not hooked #: 080 Function Name: NtFlushVirtualMemory Status: Not hooked #: 081 Function Name: NtFlushWriteBuffer Status: Not hooked #: 082 Function Name: NtFreeUserPhysicalPages Status: Not hooked #: 083 Function Name: NtFreeVirtualMemory Status: Not hooked #: 084 Function Name: NtFsControlFile Status: Not hooked #: 085 Function Name: NtGetContextThread Status: Not hooked #: 086 Function Name: NtGetDevicePowerState Status: Not hooked #: 087 Function Name: NtGetPlugPlayEvent Status: Not hooked #: 088 Function Name: NtGetWriteWatch Status: Not hooked #: 089 Function Name: NtImpersonateAnonymousToken Status: Not hooked #: 090 Function Name: NtImpersonateClientOfPort Status: Not hooked #: 091 Function Name: NtImpersonateThread Status: Not hooked #: 092 Function Name: NtInitializeRegistry Status: Not hooked #: 093 Function Name: NtInitiatePowerAction Status: Not hooked #: 094 Function Name: NtIsProcessInJob Status: Not hooked #: 095 Function Name: NtIsSystemResumeAutomatic Status: Not hooked #: 096 Function Name: NtListenPort Status: Not hooked #: 097 Function Name: NtLoadDriver Status: Not hooked #: 098 Function Name: NtLoadKey Status: Not hooked #: 099 Function Name: NtLoadKey2 Status: Not hooked #: 100 Function Name: NtLockFile Status: Not hooked #: 101 Function Name: NtLockProductActivationKeys Status: Not hooked #: 102 Function Name: NtLockRegistryKey Status: Not hooked #: 103 Function Name: NtLockVirtualMemory Status: Not hooked #: 104 Function Name: NtMakePermanentObject Status: Not hooked #: 105 Function Name: NtMakeTemporaryObject Status: Not hooked #: 106 Function Name: NtMapUserPhysicalPages Status: Not hooked #: 107 Function Name: NtMapUserPhysicalPagesScatter Status: Not hooked #: 108 Function Name: NtMapViewOfSection Status: Not hooked #: 109 Function Name: NtModifyBootEntry Status: Not hooked #: 110 Function Name: NtNotifyChangeDirectoryFile Status: Not hooked #: 111 Function Name: NtNotifyChangeKey Status: Not hooked #: 112 Function Name: NtNotifyChangeMultipleKeys Status: Not hooked #: 113 Function Name: NtOpenDirectoryObject Status: Not hooked #: 114 Function Name: NtOpenEvent Status: Not hooked #: 115 Function Name: NtOpenEventPair Status: Not hooked #: 116 Function Name: NtOpenFile Status: Not hooked #: 117 Function Name: NtOpenIoCompletion Status: Not hooked #: 118 Function Name: NtOpenJobObject Status: Not hooked #: 119 Function Name: NtOpenKey Status: Hooked by "spdf.sys" at address 0xb7ea70c0 #: 120 Function Name: NtOpenMutant Status: Not hooked #: 121 Function Name: NtOpenObjectAuditAlarm Status: Not hooked #: 122 Function Name: NtOpenProcess Status: Not hooked #: 123 Function Name: NtOpenProcessToken Status: Not hooked #: 124 Function Name: NtOpenProcessTokenEx Status: Not hooked #: 125 Function Name: NtOpenSection Status: Not hooked #: 126 Function Name: NtOpenSemaphore Status: Not hooked #: 127 Function Name: NtOpenSymbolicLinkObject Status: Not hooked #: 128 Function Name: NtOpenThread Status: Not hooked #: 129 Function Name: NtOpenThreadToken Status: Not hooked #: 130 Function Name: NtOpenThreadTokenEx Status: Not hooked #: 131 Function Name: NtOpenTimer Status: Not hooked #: 132 Function Name: NtPlugPlayControl Status: Not hooked #: 133 Function Name: NtPowerInformation Status: Not hooked #: 134 Function Name: NtPrivilegeCheck Status: Not hooked #: 135 Function Name: NtPrivilegeObjectAuditAlarm Status: Not hooked #: 136 Function Name: NtPrivilegedServiceAuditAlarm Status: Not hooked #: 137 Function Name: NtProtectVirtualMemory Status: Not hooked #: 138 Function Name: NtPulseEvent Status: Not hooked #: 139 Function Name: NtQueryAttributesFile Status: Not hooked #: 140 Function Name: NtQueryBootEntryOrder Status: Not hooked #: 141 Function Name: NtQueryBootOptions Status: Not hooked #: 142 Function Name: NtQueryDebugFilterState Status: Not hooked #: 143 Function Name: NtQueryDefaultLocale Status: Not hooked #: 144 Function Name: NtQueryDefaultUILanguage Status: Not hooked #: 145 Function Name: NtQueryDirectoryFile Status: Not hooked #: 146 Function Name: NtQueryDirectoryObject Status: Not hooked #: 147 Function Name: NtQueryEaFile Status: Not hooked #: 148 Function Name: NtQueryEvent Status: Not hooked #: 149 Function Name: NtQueryFullAttributesFile Status: Not hooked #: 150 Function Name: NtQueryInformationAtom Status: Not hooked #: 151 Function Name: NtQueryInformationFile Status: Not hooked #: 152 Function Name: NtQueryInformationJobObject Status: Not hooked #: 153 Function Name: NtQueryInformationPort Status: Not hooked #: 154 Function Name: NtQueryInformationProcess Status: Not hooked #: 155 Function Name: NtQueryInformationThread Status: Not hooked #: 156 Function Name: NtQueryInformationToken Status: Not hooked #: 157 Function Name: NtQueryInstallUILanguage Status: Not hooked #: 158 Function Name: NtQueryIntervalProfile Status: Not hooked #: 159 Function Name: NtQueryIoCompletion Status: Not hooked #: 160 Function Name: NtQueryKey Status: Hooked by "spdf.sys" at address 0xb7ec610a #: 161 Function Name: NtQueryMultipleValueKey Status: Not hooked #: 162 Function Name: NtQueryMutant Status: Not hooked #: 163 Function Name: NtQueryObject Status: Not hooked #: 164 Function Name: NtQueryOpenSubKeys Status: Not hooked #: 165 Function Name: NtQueryPerformanceCounter Status: Not hooked #: 166 Function Name: NtQueryQuotaInformationFile Status: Not hooked #: 167 Function Name: NtQuerySection Status: Not hooked #: 168 Function Name: NtQuerySecurityObject Status: Not hooked #: 169 Function Name: NtQuerySemaphore Status: Not hooked #: 170 Function Name: NtQuerySymbolicLinkObject Status: Not hooked #: 171 Function Name: NtQuerySystemEnvironmentValue Status: Not hooked #: 172 Function Name: NtQuerySystemEnvironmentValueEx Status: Not hooked #: 173 Function Name: NtQuerySystemInformation Status: Not hooked #: 174 Function Name: NtQuerySystemTime Status: Not hooked #: 175 Function Name: NtQueryTimer Status: Not hooked #: 176 Function Name: NtQueryTimerResolution Status: Not hooked #: 177 Function Name: NtQueryValueKey Status: Hooked by "spdf.sys" at address 0xb7ec5f8a #: 178 Function Name: NtQueryVirtualMemory Status: Not hooked #: 179 Function Name: NtQueryVolumeInformationFile Status: Not hooked #: 180 Function Name: NtQueueApcThread Status: Not hooked #: 181 Function Name: NtRaiseException Status: Not hooked #: 182 Function Name: NtRaiseHardError Status: Not hooked #: 183 Function Name: NtReadFile Status: Not hooked #: 184 Function Name: NtReadFileScatter Status: Not hooked #: 185 Function Name: NtReadRequestData Status: Not hooked #: 186 Function Name: NtReadVirtualMemory Status: Not hooked #: 187 Function Name: NtRegisterThreadTerminatePort Status: Not hooked #: 188 Function Name: NtReleaseMutant Status: Not hooked #: 189 Function Name: NtReleaseSemaphore Status: Not hooked #: 190 Function Name: NtRemoveIoCompletion Status: Not hooked #: 191 Function Name: NtRemoveProcessDebug Status: Not hooked #: 192 Function Name: NtRenameKey Status: Not hooked #: 193 Function Name: NtReplaceKey Status: Not hooked #: 194 Function Name: NtReplyPort Status: Not hooked #: 195 Function Name: NtReplyWaitReceivePort Status: Not hooked #: 196 Function Name: NtReplyWaitReceivePortEx Status: Not hooked #: 197 Function Name: NtReplyWaitReplyPort Status: Not hooked #: 198 Function Name: NtRequestDeviceWakeup Status: Not hooked #: 199 Function Name: NtRequestPort Status: Not hooked #: 200 Function Name: NtRequestWaitReplyPort Status: Not hooked #: 201 Function Name: NtRequestWakeupLatency Status: Not hooked #: 202 Function Name: NtResetEvent Status: Not hooked #: 203 Function Name: NtResetWriteWatch Status: Not hooked #: 204 Function Name: NtRestoreKey Status: Not hooked #: 205 Function Name: NtResumeProcess Status: Not hooked #: 206 Function Name: NtResumeThread Status: Not hooked #: 207 Function Name: NtSaveKey Status: Not hooked #: 208 Function Name: NtSaveKeyEx Status: Not hooked #: 209 Function Name: NtSaveMergedKeys Status: Not hooked #: 210 Function Name: NtSecureConnectPort Status: Not hooked #: 211 Function Name: NtSetBootEntryOrder Status: Not hooked #: 212 Function Name: NtSetBootOptions Status: Not hooked #: 213 Function Name: NtSetContextThread Status: Not hooked #: 214 Function Name: NtSetDebugFilterState Status: Not hooked #: 215 Function Name: NtSetDefaultHardErrorPort Status: Not hooked #: 216 Function Name: NtSetDefaultLocale Status: Not hooked #: 217 Function Name: NtSetDefaultUILanguage Status: Not hooked #: 218 Function Name: NtSetEaFile Status: Not hooked #: 219 Function Name: NtSetEvent Status: Not hooked #: 220 Function Name: NtSetEventBoostPriority Status: Not hooked #: 221 Function Name: NtSetHighEventPair Status: Not hooked #: 222 Function Name: NtSetHighWaitLowEventPair Status: Not hooked #: 223 Function Name: NtSetInformationDebugObject Status: Not hooked #: 224 Function Name: NtSetInformationFile Status: Not hooked #: 225 Function Name: NtSetInformationJobObject Status: Not hooked #: 226 Function Name: NtSetInformationKey Status: Not hooked #: 227 Function Name: NtSetInformationObject Status: Not hooked #: 228 Function Name: NtSetInformationProcess Status: Not hooked #: 229 Function Name: NtSetInformationThread Status: Not hooked #: 230 Function Name: NtSetInformationToken Status: Not hooked #: 231 Function Name: NtSetIntervalProfile Status: Not hooked #: 232 Function Name: NtSetIoCompletion Status: Not hooked #: 233 Function Name: NtSetLdtEntries Status: Not hooked #: 234 Function Name: NtSetLowEventPair Status: Not hooked #: 235 Function Name: NtSetLowWaitHighEventPair Status: Not hooked #: 236 Function Name: NtSetQuotaInformationFile Status: Not hooked #: 237 Function Name: NtSetSecurityObject Status: Not hooked #: 238 Function Name: NtSetSystemEnvironmentValue Status: Not hooked #: 239 Function Name: NtSetSystemEnvironmentValueEx Status: Not hooked #: 240 Function Name: NtSetSystemInformation Status: Not hooked #: 241 Function Name: NtSetSystemPowerState Status: Not hooked #: 242 Function Name: NtSetSystemTime Status: Not hooked #: 243 Function Name: NtSetThreadExecutionState Status: Not hooked #: 244 Function Name: NtSetTimer Status: Not hooked #: 245 Function Name: NtSetTimerResolution Status: Not hooked #: 246 Function Name: NtSetUuidSeed Status: Not hooked #: 247 Function Name: NtSetValueKey Status: Hooked by "spdf.sys" at address 0xb7ec619c #: 248 Function Name: NtSetVolumeInformationFile Status: Not hooked #: 249 Function Name: NtShutdownSystem Status: Not hooked #: 250 Function Name: NtSignalAndWaitForSingleObject Status: Not hooked #: 251 Function Name: NtStartProfile Status: Not hooked #: 252 Function Name: NtStopProfile Status: Not hooked #: 253 Function Name: NtSuspendProcess Status: Not hooked #: 254 Function Name: NtSuspendThread Status: Not hooked #: 255 Function Name: NtSystemDebugControl Status: Not hooked #: 256 Function Name: NtTerminateJobObject Status: Not hooked #: 257 Function Name: NtTerminateProcess Status: Not hooked #: 258 Function Name: NtTerminateThread Status: Not hooked #: 259 Function Name: NtTestAlert Status: Not hooked #: 260 Function Name: NtTraceEvent Status: Not hooked #: 261 Function Name: NtTranslateFilePath Status: Not hooked #: 262 Function Name: NtUnloadDriver Status: Not hooked #: 263 Function Name: NtUnloadKey Status: Not hooked #: 264 Function Name: NtUnloadKeyEx Status: Not hooked #: 265 Function Name: NtUnlockFile Status: Not hooked #: 266 Function Name: NtUnlockVirtualMemory Status: Not hooked #: 267 Function Name: NtUnmapViewOfSection Status: Not hooked #: 268 Function Name: NtVdmControl Status: Not hooked #: 269 Function Name: NtWaitForDebugEvent Status: Not hooked #: 270 Function Name: NtWaitForMultipleObjects Status: Not hooked #: 271 Function Name: NtWaitForSingleObject Status: Not hooked #: 272 Function Name: NtWaitHighEventPair Status: Not hooked #: 273 Function Name: NtWaitLowEventPair Status: Not hooked #: 274 Function Name: NtWriteFile Status: Not hooked #: 275 Function Name: NtWriteFileGather Status: Not hooked #: 276 Function Name: NtWriteRequestData Status: Not hooked #: 277 Function Name: NtWriteVirtualMemory Status: Not hooked #: 278 Function Name: NtYieldExecution Status: Not hooked #: 279 Function Name: NtCreateKeyedEvent Status: Not hooked #: 280 Function Name: NtOpenKeyedEvent Status: Not hooked #: 281 Function Name: NtReleaseKeyedEvent Status: Not hooked #: 282 Function Name: NtWaitForKeyedEvent Status: Not hooked #: 283 Function Name: NtQueryPortInformationProcess Status: Not hooked
  4. I have not had any further effects of the infection. I did three passes after I wiped the .sys with RootRepeal. The first scan was with definitions that came with MWbytes. At that time it detected 7 items and wiped them. I did another scan with updated definitions as after the first cleaning I could now update, it found three more bugs and killed them. For the sake of being thorough, I did a full all HD scan and nothing was reported past that point. Here are the reports you wanted me to upload. DDS.txt Attach.txt DDS.txt Attach.txt
  5. As I said I do believe that a squashed it. But I do have a dump of the .sys file that was actively blocking your program from running...if you would like it that is. But, there is the info, looking forward to reading what you see.
  6. Malwarebytes' Anti-Malware 1.36 Database version: 2138 Windows 5.1.2600 Service Pack 3 5/17/2009 12:28:37 AM mbam-log-2009-05-17 (00-28-37).txt Scan type: Quick Scan Objects scanned: 106847 Time elapsed: 6 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:29:18 AM, on 5/17/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Documents and Settings\SyberSmoke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe E:\games\valve\steam\steam.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\SyberSmoke\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\SyberSmoke\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\SyberSmoke\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\SyberSmoke\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://download.gigabyte.com.tw/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SyberSmoke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "e:\games\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1234920038828 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8651 bytes
  7. Actually, I think I killed it. I say that cause for now I am using my PC and not my wifes mac to write this. I tend to use AVG free edition...I was just stupid. I admit it completly, I was stupid. But now I know...and knowing is half the battle. Could not resist. But I only did it due to this site, so...all the better.
  8. Sigh, I need to learn to read. If this could please be moved to the proper forum, I would appreciate it. It has been a crudy day.
  9. Well...being stupid has a cost and time is it. SO, for the last 8 hours plus some last night I have been looking up ways to remove this cockroack from my system. But I think I need more help then random forums can provide. On top of it, I am on my wife's mac cause my PC will not goto this site. SO, what I know. I know this is a form of TDSS. - I came to this in time and after using Avira bootable virus scanner. But the virus was not in one neet location, it was scattered in multiple directories of the system and in my account. Plus there are a number of temp files that have other trojans waiting in the wings, I assume. - I tried to use Malwarebytes on my PC and the program was being blocked from running. But I read the self help section and was able to use RootRepeal to dump and wipe a rogue .sys file. About 32 letters of gibberish, I saved the dump for you all. I can now get malwarebytes to operate, but can not update it to run. All the URL's appear to be blocked. - There were no other files or hidden drivers reported by RootRepeal. But I know they are still hiding in here some where, and I want them gone. SO, that all said, tell me what to do please. Sincerely, Kent Campbell
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.