|
|
|
spyware need help
|
|
Junior Member
|
24. July 2008 @ 20:37 |
Link to this message
|
avg 8 is saying "potentially unwanted program" everytinme i open firefox 3.1 file..... system32 404fix.exe any help thanz
|
|
Advertisement
|
|
|
|
Senior Member
|
25. July 2008 @ 02:48 |
Link to this message
|
Hi FatalAD
First, please boot into safe mode, which you can do by pressing the F8 key repeatedly after you press the power button. Delete C:\Windows\system32\404fix.exe from there.
Then, in normal mode, download Superantispyware Free, install it, and update it. Boot back into safe mode, and do a scan. Quarantine all detected items, and post the log here.
Just a question: have you run Smitfraudfix lately?
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
This message has been edited since posting. Last time this message was edited on 25. July 2008 @ 02:51
|
Junior Member
|
26. July 2008 @ 13:18 |
Link to this message
|
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/25/2008 at 07:15 AM
Application Version : 4.15.1000
Core Rules Database Version : 3514
Trace Rules Database Version: 1505
Scan type : Complete Scan
Total Scan Time : 00:20:18
Memory items scanned : 247
Memory threats detected : 0
Registry items scanned : 7588
Registry threats detected : 0
File items scanned : 23510
File threats detected : 0
I deleted file no more error
|
Senior Member
|
28. July 2008 @ 03:34 |
Link to this message
|
Hey FatalAD
Now, please download HijackThis, run it, and then post a log here.
After you have deleted 404fix.exe, does the warning still come up?
Also, did you happen to run Smitfraudfix lately?
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Junior Member
|
30. July 2008 @ 03:05 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:53 AM, on 7/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{5B929132-E04A-4BF5-872A-B07ABD722C0A}
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDriveServiceD - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 6293 bytes
|
Junior Member
|
30. July 2008 @ 03:06 |
Link to this message
|
|
no more errors after I deleted 404fix and i havent ran smitfraud in a longtime
|
Senior Member
|
31. July 2008 @ 08:02 |
Link to this message
|
Hey FatalAD
Please fix the following entries in HijackThis:
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
**O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe (file missing)
** This is part of a certain malware. Do the following to check if it is still present on your computer, and delete it if it is.
Next, please download Combofix. With Combofix, at the download window, please rename it to Combo-fix before downloading it.
Now, please boot into safe mode which you can do by repeatedly pressing the F8 key after you press the power button. Then run Combofix and follow the prompts. Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. Do not click on the Comobofix window, as it may cause it to stall. If it asks for a reboot, do it. Post the log (which will be locatd at C:\ComboFix.txt) here.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Junior Member
|
31. July 2008 @ 15:39 |
Link to this message
|
here it is
ComboFix 08-07-31.01 - A and J 2008-07-31 12:26:44.2 - NTFSx86 NETWORK
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1619 [GMT -7:00]
Running from: C:\Users\A and J\Downloads\Combo-Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\A and J\AppData\Roaming\inst.exe
C:\Users\AANDJ~1\AppData\Roaming\inst.exe
C:\Windows\system32\comsa32.sys
C:\Windows\system32\drmgs.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_perfmons
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.
2008-07-30 23:45 . 2008-07-30 23:45 <DIR> d-------- C:\Program Files\iTunes
2008-07-30 23:45 . 2008-07-30 23:45 <DIR> d-------- C:\Program Files\iPod
2008-07-30 00:46 . 2008-07-30 00:46 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-07-30 00:03 . 2008-07-30 00:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-29 03:26 . 2008-07-29 15:28 <DIR> d-------- C:\Users\AANDJ~1\AppData\Roaming\WinFF
2008-07-29 03:26 . 2008-07-29 15:28 <DIR> d-------- C:\Users\A and J\AppData\Roaming\WinFF
2008-07-25 20:41 . 2008-07-25 20:41 <DIR> d-------- C:\Program Files\winpwn
2008-07-25 06:51 . 2008-07-29 15:34 <DIR> d-------- C:\Users\AANDJ~1\AppData\Roaming\SUPERAntiSpyware.com
2008-07-25 06:51 . 2008-07-29 15:34 <DIR> d-------- C:\Users\A and J\AppData\Roaming\SUPERAntiSpyware.com
2008-07-24 16:57 . 2008-07-24 16:57 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-07-24 16:57 . 2008-07-24 16:57 <DIR> d-------- C:\Users\AANDJ~1\AppData\Roaming\Malwarebytes
2008-07-24 16:57 . 2008-07-24 16:57 <DIR> d-------- C:\Users\A and J\AppData\Roaming\Malwarebytes
2008-07-24 16:57 . 2008-07-24 16:57 <DIR> d-------- C:\PROGRA~2\Malwarebytes
2008-07-21 23:33 . 2008-07-21 23:33 <DIR> d-------- C:\Program Files\iLiberty
2008-07-10 13:36 . 2008-06-25 18:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-10 13:36 . 2008-06-25 18:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-10 13:36 . 2008-06-25 20:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-10 09:35 . 2008-07-10 09:35 32,000 --a------ C:\Windows\System32\drivers\usbaapl.sys
2008-06-24 16:06 . 2008-06-24 16:06 972,072 --a------ C:\Windows\UNNeroMediaHome.exe
2008-06-14 13:17 . 2008-04-22 21:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 13:17 . 2008-04-22 21:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 13:17 . 2008-04-22 21:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 13:17 . 2008-04-22 21:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-08 15:55 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-06-08 15:55 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-06-06 14:54 . 2008-06-06 14:54 972,072 --a------ C:\Windows\UNRecode.exe
2008-06-06 14:54 . 2008-06-06 14:54 95,600 --a------ C:\Windows\System32\NeroCo.dll
2008-06-05 13:29 . 2008-07-24 19:02 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-05 13:21 . 2008-07-31 12:08 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-06-05 13:21 . 2008-07-02 12:08 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-06-05 13:21 . 2008-06-05 13:21 10,520 --a------ C:\Windows\System32\avgrsstx.dll.old
2008-06-05 13:21 . 2008-07-02 12:08 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-06-05 13:20 . 2008-06-05 13:20 <DIR> d-------- C:\Users\All Users\avg8
2008-06-05 13:20 . 2008-06-05 13:20 <DIR> d-------- C:\Program Files\AVG
2008-06-05 13:20 . 2008-06-05 13:20 <DIR> d-------- C:\PROGRA~2\avg8
2008-06-03 06:22 . 2008-06-03 06:22 3,695,104 --a------ C:\Windows\System32\drivers\atikmdag.sys
2008-06-03 03:35 . 2008-06-03 03:35 413,696 --a------ C:\Windows\System32\ATIDEMGX.dll
2008-06-03 03:34 . 2008-06-03 03:34 262,144 --a------ C:\Windows\System32\Oemdspif.dll
2008-06-03 03:25 . 2008-06-03 03:25 1,563,648 --a------ C:\Windows\System32\atidxx32.dll
2008-06-03 02:50 . 2008-06-03 02:50 49,664 --a------ C:\Windows\System32\amdpcom32.dll
2008-06-03 02:49 . 2008-06-03 02:49 32,256 --a------ C:\Windows\System32\atiadlxx.dll
2008-06-03 02:48 . 2008-06-03 02:48 10,043,392 --a------ C:\Windows\System32\atioglxx.dll
2008-06-03 02:34 . 2008-06-03 02:34 49,152 --a------ C:\Windows\System32\drivers\ati2erec.dll
2008-06-02 12:48 . 2008-06-02 12:48 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-06-02 12:48 . 2008-06-02 12:48 <DIR> d-------- C:\PROGRA~2\WindowsSearch
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 08:47 --------- d-----w C:\Users\AANDJ~1\AppData\Roaming\LimeWire
2008-07-31 08:47 --------- d-----w C:\Users\A and J\AppData\Roaming\LimeWire
2008-07-30 07:56 --------- d---a-w C:\PROGRA~2\TEMP
2008-07-28 10:18 --------- d-----w C:\Users\AANDJ~1\AppData\Roaming\Vso
2008-07-28 10:18 --------- d-----w C:\Users\A and J\AppData\Roaming\Vso
2008-07-28 10:18 --------- d-----w C:\Program Files\DVDFab 5
2008-07-22 07:19 --------- d-----w C:\Users\AANDJ~1\AppData\Roaming\Apple Computer
2008-07-22 07:19 --------- d-----w C:\Users\A and J\AppData\Roaming\Apple Computer
2008-07-22 06:42 --------- d-----w C:\Program Files\Bonjour
2008-07-17 04:03 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-17 04:01 --------- d-----w C:\PROGRA~2\Nero
2008-07-11 20:34 --------- d-----w C:\Users\AANDJ~1\AppData\Roaming\Digidesign
2008-07-11 20:34 --------- d-----w C:\Users\A and J\AppData\Roaming\Digidesign
2008-07-10 20:39 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-07-09 14:36 --------- d-----w C:\Program Files\Windows Mail
2008-07-07 22:42 --------- d-----w C:\Program Files\LimeWire
2008-07-03 20:13 --------- d-----w C:\Program Files\Waves
2008-06-09 06:09 --------- d-----w C:\Users\AANDJ~1\AppData\Roaming\Simply Super Software
2008-06-09 06:09 --------- d-----w C:\Users\A and J\AppData\Roaming\Simply Super Software
2008-05-12 04:29 47,360 ----a-w C:\Users\AANDJ~1\AppData\Roaming\pcouffin.sys
2008-05-12 04:29 47,360 ----a-w C:\Users\A and J\AppData\Roaming\pcouffin.sys
2008-03-19 00:36 174 --sha-w C:\Program Files\desktop.ini
2008-01-13 06:01 2 --shatr C:\Windows\winstart.bat
2007-12-05 23:54 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-05 23:54 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-05 23:54 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-02-26 20:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008021820080225\index.dat
2008-02-26 20:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008022620080227\index.dat
2008-02-26 20:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2008-01-19 00:33 12800]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 01:35 77824]
"{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}"="C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe" [2007-04-18 14:27 159744]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-02 12:08 1232152]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 21:56 5367664]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 12:04 4423680 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-03-16 08:06 1822720 C:\Windows\SkyTel.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"= Digi32.dll
"midi2"= mbx2midu.dll
"MIDI3"= diomidi.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2E2DDA52-F83B-4481-8F5F-C8410FF18181}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C1B3DFF9-F13F-44C5-A3A8-16B8D8C32FF1}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{A42A4E14-C372-4801-BCBF-00D210A602AC}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{B79B75EB-35BC-40C6-B1C1-8E86E284314D}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{DD82BEE6-3B55-4A26-92C4-7EB4723E718C}"= UDP:10848:BitComet 10848 TCP
"{05FD6597-BC0A-44FD-9A89-F4371281C164}"= TCP:10848:BitComet 10848 UDP
"{E1270428-D1E7-4A77-A535-C422992A4B9E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{CE3C3F1A-92D0-4C11-8A51-BA255CDA83BE}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FEFACB2C-512D-48FF-BA59-A419D38123D6}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E51AA7E6-1A25-4DD4-87FA-1AE0E00E0AD7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6D349410-1053-41EA-A54B-0AEE4844817B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AF1213C3-1534-4C73-9BE9-25285D879DD1}"= UDP:10848:BitComet 10848 TCP
"{4FB7D45A-C48D-4272-AFD6-461918258EFB}"= TCP:10848:BitComet 10848 UDP
"{9F03B259-42C0-40E7-900B-92A86D573507}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7C769114-DD55-429C-95BE-6282F6C19179}"= UDP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
"{1EC6F098-92D1-4ED1-87F4-A40E6C6D18E5}"= TCP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
"{53D7726D-F110-407F-93E2-2B8FDAEEF2F2}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{FD0D265D-D8AA-4946-B8DE-193EF48946CC}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{6410C5AE-D11A-49D4-BB1A-CB7298E2D3B3}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{14BA0434-8C3A-456D-A488-B433E638E134}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{CA3DE49F-90D8-46BA-9D78-299D81EE111C}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{8566FE3A-DCCD-40F1-9895-473935E870B4}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{8FD80178-0BAA-4000-8161-9C3A1DB6348C}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{BA4E72E9-53D4-454C-BCE6-081E6D73741D}C:\\program files\\mpcstar\\codecs\\quicktime\\quicktimeplayer.exe"= UDP:C:\program files\mpcstar\codecs\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{B8E7756C-D719-4EB4-AEBE-6EA08E5C2948}C:\\program files\\mpcstar\\codecs\\quicktime\\quicktimeplayer.exe"= TCP:C:\program files\mpcstar\codecs\quicktime\quicktimeplayer.exe:QuickTime Player
"{E4BF8BA6-5BE5-4EA7-95BA-274AD365F9BB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7F5CEB4C-5BE4-4315-9B51-D00F86BB02A0}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9E9743FD-E8EB-4AF3-A258-CCF245ECC493}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AB4B8022-D5F2-4D8A-888E-B477B5E91D7D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys [2007-04-18 17:33]
R0 MDPMGRNT;MDPMGRNT;C:\Windows\system32\drivers\MDPMGRNT.sys [2007-02-28 12:15]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-02 12:08]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-15 16:18]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-02 12:08]
R2 DigiNet;Digidesign Ethernet Support;C:\Windows\system32\DRIVERS\diginet.sys [2007-10-31 03:16]
R2 MacDriveServiceD;MacDriveServiceD;C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe [2007-04-18 12:58]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2008-04-28 14:55]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 06:22]
S3 dalwdmservice;dal service;C:\Windows\system32\drivers\dalwdm.sys [2007-10-31 03:15]
S3 MBX2DFU;MBX2DFU;C:\Windows\system32\DRIVERS\MBX2DFU.sys [2007-10-31 03:16]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\Windows\system32\drivers\mbx2midk.sys [2007-10-31 03:16]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eead348f-fd00-11dc-bd5b-806e6f6e6963}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\autorun.exe
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\AANDJ~1\AppData\Roaming\Mozilla\Firefox\Profiles\j75j8gzj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.msn.com
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0_03\bin\npoji610.dll
FF -: plugin - C:\Program Files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 12:31:04
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Users\AANDJ~1\AppData\Roaming\Webroot\Spy Sweeper\Logs\080725094603.ses 1547 bytes
C:\Users\AANDJ~1\AppData\Local\Temp\SpySweeperUI.madExcept
scan completed successfully
hidden files: 2
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\IoctlSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-07-31 12:35:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 19:34:47
Pre-Run: 206,352,326,656 bytes free
Post-Run: 206,233,255,936 bytes free
246 --- E O F --- 2008-07-31 19:11:04
|
Senior Member
|
1. August 2008 @ 05:31 |
Link to this message
|
Hey FatalAD
Now, you are clean. The initial problem which you had with 404fix.exe was not malware, because 404fix is only a program which uses malware-like methods to destroy malware itself. If you will realize, AVG might also detect Combofix as a "potentially unwanted program" as well. Combofix cleaned out your computer of other malware, which was good.
Now, click on your Start button, click on Run, and type in Combofix -u. This will uninstall Combofix, which is a powerful program not to be used lightly.
Next, update your Java, which is sorely outdated, and outdated Java is a security vulnerability which can cause the worst malware, such as Vundo, to enter your system. It is recommended to update Java at all times, and after that, uninstall previous versions.
That's it!
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
Advertisement
|
|
|
Junior Member
|
1. August 2008 @ 15:23 |
Link to this message
|
|
thank u much for your hard work
|
|
