|
|
|
hijackthis & SUPERAntiSpyware log
|
|
|
thegrunt
Senior Member
|
30. October 2008 @ 22:10 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:19 PM, on 10/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\helppane.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\AVG\AVG8\avgui.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11973 bytes
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/30/2008 at 08:06 PM
Application Version : 4.21.1004
Core Rules Database Version : 3603
Trace Rules Database Version: 1589
Scan type : Complete Scan
Total Scan Time : 00:32:38
Memory items scanned : 209
Memory threats detected : 0
Registry items scanned : 8292
Registry threats detected : 3
File items scanned : 26520
File threats detected : 0
Adware.Vundo Variant/Rel
HKU\S-1-5-21-48042132-4294239952-4204044125-1000\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Users\Owner\AppData\Local\Temp\vtUlMFUo.dll,#1 ]
HKU\S-1-5-21-48042132-4294239952-4204044125-1000\Software\Microsoft\Windows\CurrentVersion\Run#cmds [ rundll32.exe C:\Users\Owner\AppData\Local\Temp\jkkHWNFY.dll,c ]
HKU\S-1-5-21-48042132-4294239952-4204044125-1000\Software\Microsoft\rdfa
Thanks for the help
Houston Rockets,its our year.Yao,T-Mac,Francis,Scola,James,Alston,Battier,Wells,and so much more talent,its inevitable. |
|
Advertisement
|
|
|
|
Senior Member
|
31. October 2008 @ 02:33 |
Link to this message
|
|
Hi thegrunt
So... what problems do you have exactly?
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
thegrunt
Senior Member
|
31. October 2008 @ 15:20 |
Link to this message
|
avg detects virus win32/heur & Trojan generic something.I get alot of pop ups to porn websites and programs to "clean" my computer.
Thanks
Houston Rockets,its our year.Yao,T-Mac,Francis,Scola,James,Alston,Battier,Wells,and so much more talent,its inevitable. |
Senior Member
|
1. November 2008 @ 03:24 |
Link to this message
|
Hey thegrunt
Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
thegrunt
Senior Member
|
1. November 2008 @ 13:15 |
Link to this message
|
ComboFix 08-10-31.02 - Owner 2008-11-01 11:50:18.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.222 [GMT -5:00]
Running from: C:\Users\Owner\Downloads\Desktop\Combo-Fix.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))
.
2008-10-31 16:39 . 2008-08-11 22:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-31 16:39 . 2008-09-17 23:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-31 16:39 . 2008-09-17 23:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-30 21:29 . 2008-08-05 04:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-30 21:29 . 2008-08-05 04:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-30 21:29 . 2008-08-05 04:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-30 21:29 . 2008-08-05 04:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-30 21:29 . 2008-08-05 04:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-30 20:50 . 2008-10-30 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-21 17:52 . 2008-10-21 17:52 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-10-21 17:52 . 2008-10-21 17:52 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-10-21 17:51 . 2008-10-21 17:51 <DIR> d-------- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2008-10-21 17:51 . 2008-10-21 17:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-21 17:48 . 2008-10-21 17:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-19 17:55 . 2008-10-19 17:55 2,100 --a------ C:\Windows\System32\requestBody.xml
2008-10-19 17:55 . 2008-10-19 17:55 1,883 --a------ C:\Windows\System32\responseBody.xml
2008-10-19 17:55 . 2008-10-19 17:55 513 --a------ C:\Windows\System32\request.gzip
2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Videos
2008-10-17 23:12 . 2006-11-02 05:23 <DIR> d-------- C:\Users\Mcx2\Saved Games
2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Pictures
2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Music
2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Links
2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Downloads
2008-10-17 23:12 . 2008-10-17 23:12 <DIR> dr------- C:\Users\Mcx2\Documents
2008-10-17 23:12 . 2008-10-17 23:14 <DIR> d--h----- C:\Users\Mcx2\AppData
2008-10-17 23:12 . 2008-10-17 23:12 <DIR> d-------- C:\Users\Mcx2
2008-10-17 22:01 . 2008-10-25 15:44 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-17 14:27 . 2008-10-30 20:53 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-10-17 14:27 . 2008-10-17 14:27 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-10-17 14:27 . 2008-10-17 14:27 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-10-17 14:27 . 2008-10-17 14:27 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- C:\Users\All Users\avg8
2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- C:\ProgramData\avg8
2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- C:\Program Files\AVG
2008-10-16 10:46 . 2008-10-16 10:46 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-10-15 19:59 . 2008-09-17 21:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 19:59 . 2008-08-26 20:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-15 19:58 . 2008-09-18 00:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 19:58 . 2008-09-18 00:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 19:58 . 2008-10-01 20:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 19:58 . 2008-10-01 22:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-09 10:40 . 2008-10-09 10:40 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-10-09 10:40 . 2008-10-09 10:40 <DIR> d-------- C:\ProgramData\Yahoo!
2008-10-03 14:14 . 2008-10-03 14:14 187,952 --a------ C:\Windows\System32\drivers\symtdi.sys
2008-10-03 14:14 . 2008-10-03 14:14 146,096 --a------ C:\Windows\System32\drivers\symfw.sys
2008-10-03 14:14 . 2008-10-03 14:14 39,984 --a------ C:\Windows\System32\drivers\symids.sys
2008-10-03 14:14 . 2008-10-03 14:14 37,936 --a------ C:\Windows\System32\drivers\symndisv.sys
2008-10-03 14:14 . 2008-10-03 14:14 27,696 --a------ C:\Windows\System32\drivers\symredrv.sys
2008-10-03 14:14 . 2008-10-03 14:14 12,848 --a------ C:\Windows\System32\drivers\symdns.sys
2008-10-03 14:14 . 2008-10-03 14:14 10,804 --a------ C:\Windows\System32\drivers\SymRedir.cat
2008-10-03 14:14 . 2008-10-03 14:14 1,358 --a------ C:\Windows\System32\drivers\SymRedir.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 16:42 --------- d-----w C:\Program Files\Hp
2008-11-01 03:30 25,159 ----a-w C:\Users\Owner\AppData\Roaming\nvModes.dat
2008-10-31 02:22 --------- d-----w C:\Program Files\Norton Internet Security
2008-10-31 02:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-22 23:23 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-20 00:20 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-10-20 00:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-20 00:20 --------- d-----w C:\Program Files\Bonjour
2008-10-20 00:19 --------- d-----w C:\Users\Owner\AppData\Roaming\uTorrent
2008-10-20 00:19 --------- d-----w C:\ProgramData\FLEXnet
2008-10-20 00:19 --------- d-----w C:\ProgramData\CyberLink
2008-10-20 00:19 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-20 00:19 --------- d-----w C:\Program Files\Windows Mail
2008-10-20 00:19 --------- d-----w C:\Program Files\Windows Defender
2008-10-20 00:19 --------- d-----w C:\Program Files\uTorrent
2008-10-20 00:19 --------- d-----w C:\Program Files\Picasa2
2008-10-20 00:19 --------- d-----w C:\Program Files\iTunes
2008-10-20 00:19 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-16 01:28 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-15 18:14 --------- d-----w C:\Users\Owner\AppData\Roaming\ZoomBrowser EX
2008-10-15 17:23 --------- d-----w C:\ProgramData\ZoomBrowser
2008-10-14 15:48 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-10-14 15:48 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-10-14 15:48 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-10-14 15:48 --------- d-----w C:\Program Files\Symantec
2008-10-12 22:32 1,710 ----a-w C:\Users\Owner\AppData\Roaming\wklnhst.dat
2008-10-08 16:50 --------- d-----w C:\Program Files\Yahoo!
2008-09-28 16:53 --------- d-----w C:\Users\Owner\AppData\Roaming\Roxio
2008-09-28 16:51 --------- d-----w C:\ProgramData\Roxio
2008-09-27 01:08 --------- d-----w C:\Users\Owner\AppData\Roaming\MSNInstaller
2008-09-10 08:04 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 23:26 --------- d-----w C:\Program Files\Common Files\Research In Motion
2008-09-05 15:46 --------- d-----w C:\Users\Owner\AppData\Roaming\Apple Computer
2008-09-05 15:45 --------- d-----w C:\ProgramData\Apple Computer
2008-09-05 15:45 --------- d-----w C:\Program Files\iPod
2008-09-05 15:39 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-23 05:11 174 --sha-w C:\Program Files\desktop.ini
2007-09-16 22:50 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-29 4670704]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-07-05 77824]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-27 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-27 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-27 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-17 1234712]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 1 (0x1)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1FCD3DBA-2A5A-45E1-89AE-B5AB9D63F26D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BCD0A13A-C93A-4D4B-B822-1505AC562213}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6AE9CC49-59DE-48E5-8275-98B2D6AD5984}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{A7A42F00-FEA0-445A-BF66-6AE384225EC8}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6AA6F9D7-4677-4147-93EB-500C335A7E4E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{53E8E1BE-2A8E-4EB1-A46C-DAB57FD0700B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EBDE8B00-7377-4DD8-84C7-012895411F1F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{47B6B233-7B9F-4F8B-B0C2-AEFEBF2AC745}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D256A9D5-9D48-4CE3-AA83-D9CFB5C07710}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3474B845-518D-4323-A8CB-DB4BD7D1F591}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{938819F0-0491-4195-BCCB-2FF87C511E9D}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{E4970EF8-7B00-49A4-861B-6BEAE350CF85}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{5D1D5026-2951-47C1-9872-A86221A87C66}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{BB07A53F-DFE3-4CCC-BF1A-CC96A143AF10}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{F1201F6E-70EF-4AA6-8DAB-CC2287D4B1E8}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{02988C0A-2107-4B78-A52D-86B8216FFC60}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{4248240B-DFEA-41E5-B356-71234D1776F7}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{F28CFA14-7302-493B-8AAC-4816F3452E83}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{B6AA12E7-647F-43BE-8290-C286E2C001E2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4E6E76D5-E1E4-40C8-8889-718BD4D68C91}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7649AF57-7393-4B6E-83C2-30AAC4014EDF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2643B593-E385-4077-94CA-91205EF1FCC9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{DA7BDBAC-E259-4501-93CC-CAE22D179D91}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{24573C1E-BDB8-4204-9F94-42CB82EF79C7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{5139616E-B1EA-4931-8780-B03709804C44}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AF571E30-0582-4A46-A5E5-83714F645493}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6AFDA3A7-5E3D-4924-9D32-2A515D0E83AB}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5B204309-AA2F-409C-94B4-D67A49A8ED44}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DA02BD84-34C4-4A75-90AC-1623DF0D376A}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AAFA6C42-781C-4672-96E6-A39393246586}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{CF064D1F-3794-4417-BB9B-4025F4A9D565}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{B2D3C36C-FE71-43FB-B98F-D116CD956357}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 1 (0x1)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 1 (0x1)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-10-17 97928]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071113.001\IDSvix86.sys [2007-11-06 180272]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-17 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-17 231704]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-10-17 69128]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-10-03 37936]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09c4c0c4-715e-11dc-af9e-0016d3a4c825}]
\shell\AutoRun\command - H:\LaunchU3.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-19 C:\Windows\Tasks\HPCeeScheduleForOwner.job
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-23 16:23]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 11:58:49
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-01 12:04:42
ComboFix-quarantined-files.txt 2008-11-01 17:04:24
Pre-Run: 91,895,820,288 bytes free
Post-Run: 91,934,457,856 bytes free
244 --- E O F --- 2008-10-31 21:51:59
Houston Rockets,its our year.Yao,T-Mac,Francis,Scola,James,Alston,Battier,Wells,and so much more talent,its inevitable. |
Senior Member
|
2. November 2008 @ 02:02 |
Link to this message
|
Hey thegrunt
Please download A-squared Free and install it. Follow the prompts and reboot if required.
Launch A-Squared Free either by running E:\Program Files\a-squared Free\a2free.exe or double-click the a-squared Free shortcut on your Desktop.
Updating A-Squared
? At the main window, click on Update now.
? Wait for A-Squared to be fully updated.
Scanning Time
? Click on Scan PC.
? Click on Deep Scan and then Scan.
? Wait for the scan to complete, and then click on Save Report.
? Save the file to a convenient location.
? Open the file, and post the contents here.
NOTE:: DO NOT REMOVE ANYTHING YET!!
Also, post the alert from AVG here. Where does AVG detect the trojan?
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
thegrunt
Senior Member
|
2. November 2008 @ 17:43 |
Link to this message
|
a-squared Free - Version 3.5
Last update: 11/2/2008 11:20:59 AM
Scan settings:
Objects: Memory, Traces, Cookies, C:\, D:\, F:\
Scan archives: On
Heuristics: On
ADS Scan: On
Scan start: 11/2/2008 11:22:53 AM
Key: HKEY_USERS\S-1-5-21-48042132-4294239952-4204044125-1000\software\kazaa detected: Trace.Registry.KaZaA!A2
C:\Program Files\HP Games\Flip Words\FlipWords.exe detected: Packed.Win32.PePatch.gk!A2
C:\Program Files\HP Games\Lemonade Tycoon 2\Lemonade2.exe detected: Backdoor.Win32.Rbot.aeu!A2
C:\Program Files\HP Games\Mah Jong Quest\mahjong.exe detected: Trojan-Spy.Win32.Pophot.aww!A2
C:\Program Files\HP Games\Otto\otto.exe detected: Backdoor.Win32.Wootbot.gen!A2
C:\Program Files\HP Games\SCRABBLE\Scrabble.exe detected: Backdoor.Win32.Bifrose.kt!A2
Scanned
Files: 134161
Traces: 516804
Cookies: 2
Processes: 76
Found
Files: 5
Traces: 1
Cookies: 0
Processes: 0
Registry keys: 0
Scan end: 11/2/2008 2:40:02 PM
Scan time: 3:17:09
And for the avg alert,the files were quarintined so they dont show up on the scan anymore.Thanks for the ongoing help
Houston Rockets,its our year.Yao,T-Mac,Francis,Scola,James,Alston,Battier,Wells,and so much more talent,its inevitable. |
Senior Member
|
2. November 2008 @ 22:15 |
Link to this message
|
Hey thegrunt
Looks almost clean!
However, one more thing to do:
Upload these files to Virustotal.com, and post the results here.
C:\Program Files\HP Games\Otto\otto.exe detected: Backdoor.Win32.Wootbot.gen!A2
C:\Program Files\HP Games\SCRABBLE\Scrabble.exe detected: Backdoor.Win32.Bifrose.kt!A2
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
thegrunt
Senior Member
|
3. November 2008 @ 15:19 |
Link to this message
|
Heres the results,sorry if i added things that werent needed
Thanks for the help
Antivirus Version Last Update Result
AhnLab-V3 2008.11.1.0 2008.11.03 -
AntiVir 7.9.0.10 2008.11.03 -
Authentium 5.1.0.4 2008.11.03 -
Avast 4.8.1248.0 2008.11.03 -
AVG 8.0.0.161 2008.11.03 -
BitDefender 7.2 2008.11.03 -
CAT-QuickHeal 9.50 2008.11.03 -
ClamAV 0.94.1 2008.11.03 -
DrWeb 4.44.0.09170 2008.11.03 -
eSafe 7.0.17.0 2008.11.03 -
eTrust-Vet 31.6.6188 2008.11.03 -
Ewido 4.0 2008.11.03 -
F-Prot 4.4.4.56 2008.11.03 -
F-Secure 8.0.14332.0 2008.11.03 -
Fortinet 3.117.0.0 2008.11.02 -
GData 19 2008.11.03 -
Ikarus T3.1.1.45.0 2008.11.03 -
K7AntiVirus 7.10.515 2008.11.03 -
Kaspersky 7.0.0.125 2008.11.03 -
McAfee 5422 2008.11.02 -
Microsoft 1.4005 2008.11.03 -
NOD32 3579 2008.11.03 -
Norman 5.80.02 2008.11.03 -
Panda 9.0.0.4 2008.11.02 -
PCTools 4.4.2.0 2008.11.03 -
Prevx1 V2 2008.11.03 Suspicious
Rising 21.02.02.00 2008.11.03 -
SecureWeb-Gateway 6.7.6 2008.11.03 -
Sophos 4.35.0 2008.11.03 -
Sunbelt 3.1.1777.2 2008.11.03 -
Symantec 10 2008.11.03 -
TheHacker 6.3.1.1.137 2008.11.03 -
TrendMicro 8.700.0.1004 2008.11.03 -
VBA32 3.12.8.9 2008.11.03 -
ViRobot 2008.11.3.1449 2008.11.03 -
VirusBuster 4.5.11.0 2008.11.03 -
Additional information
File size: 786432 bytes
MD5...: f0e713bbe097529ecb055fcb963c54a4
SHA1..: cfe1ba7b4287796c7de17de97401c9be8cf53252
SHA256: d697963ba1f642d781a2d1bab69277bc02f9e9893070a4ac200c2adb51c013da
SHA512: 4ed2f8f3b3847c38e420ed8ddb7895585434551a7841c1eb478820d6ce35d8f8
360a1ec02b203eec5efd8a80362ab2199cccc0267f4ccae3bbd8db28768f95b5
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x49bd8a
timedatestamp.....: 0x44b42e3a (Tue Jul 11 23:03:22 2006)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xa0875 0xa1000 0.00 c63ae5ffab0156a589df2e8eb3c4c848
.rdata 0xa2000 0xa618 0xb000 0.00 c324946ce1884cae603d6f4aa055ac8c
.data 0xad000 0x32fcc 0xf000 0.00 84c48b8da7e9b9d3c5667ad9819debd9
.rsrc 0xe0000 0x38d0 0x4000 3.64 3376b181cbf4d0cf0a1767424ae23a2a
( 0 imports )
( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.aspx?...b055fcb963c54a4
Prevx info: http://info.prevx.com/aboutprogramtext.a...43F9300D742B03F
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - Trojan.Bifrose-2491
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious File With Code Injection Technology
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: 925efc60cb1b27a4e111aa215e586291
SHA1: 12326708bf2d719733944c87669389131ee1bad0
SHA256: eff40d282286d1feb9ad65dd1076d429ac7e767eb5c175fd7e7bbb1dc4e72536
SHA512: 960a3631beb9bf36aeb5d1e417224270bffb40b275b7f8cf0b2f52e2d8e42699a94ec6b2cdfa23b3f1623856f50921ff01a1e10f7aab210d46e59b398a822f02
Houston Rockets,its our year.Yao,T-Mac,Francis,Scola,James,Alston,Battier,Wells,and so much more talent,its inevitable. |
|
Advertisement
|
|
|
Senior Member
|
4. November 2008 @ 04:53 |
Link to this message
|
|
Hey thegrunt
Wonderful! You look clean! Enjoy!
Cheers :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
