1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hijackthis & SUPERAntiSpyware log

Discussion in 'Windows - Virus and spyware problems' started by thegrunt, Oct 30, 2008.

  1. thegrunt

    thegrunt Regular member

    Joined:
    Jun 4, 2007
    Messages:
    638
    Likes Received:
    0
    Trophy Points:
    26
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:51:19 PM, on 10/30/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\System32\notepad.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\helppane.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\AVG\AVG8\avgui.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe



    --
    End of file - 11973 bytes



    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/30/2008 at 08:06 PM

    Application Version : 4.21.1004

    Core Rules Database Version : 3603
    Trace Rules Database Version: 1589

    Scan type : Complete Scan
    Total Scan Time : 00:32:38

    Memory items scanned : 209
    Memory threats detected : 0
    Registry items scanned : 8292
    Registry threats detected : 3
    File items scanned : 26520
    File threats detected : 0

    Adware.Vundo Variant/Rel
    HKU\S-1-5-21-48042132-4294239952-4204044125-1000\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Users\Owner\AppData\Local\Temp\vtUlMFUo.dll,#1 ]
    HKU\S-1-5-21-48042132-4294239952-4204044125-1000\Software\Microsoft\Windows\CurrentVersion\Run#cmds [ rundll32.exe C:\Users\Owner\AppData\Local\Temp\jkkHWNFY.dll,c ]
    HKU\S-1-5-21-48042132-4294239952-4204044125-1000\Software\Microsoft\rdfa

    Thanks for the help
     
  2. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hi thegrunt

    So... what problems do you have exactly?

     
  3. thegrunt

    thegrunt Regular member

    Joined:
    Jun 4, 2007
    Messages:
    638
    Likes Received:
    0
    Trophy Points:
    26
    avg detects virus win32/heur & Trojan generic something.I get alot of pop ups to porn websites and programs to "clean" my computer.
    Thanks
     
  4. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey thegrunt

    Now, please download ComboFix.
    With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

    Please disable all security programs, such as antiviruses, antispywares, and firewalls.
    Also disable your internet connection.


    • Run Combo-Fix.exe and follow the prompts.
    **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Do not click on the ComoboFix window, as it may cause it to stall.

    Best Regards :D
     
  5. thegrunt

    thegrunt Regular member

    Joined:
    Jun 4, 2007
    Messages:
    638
    Likes Received:
    0
    Trophy Points:
    26
    ComboFix 08-10-31.02 - Owner 2008-11-01 11:50:18.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.222 [GMT -5:00]
    Running from: C:\Users\Owner\Downloads\Desktop\Combo-Fix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))
    .

    2008-10-31 16:39 . 2008-08-11 22:39 443,392 --a------ C:\Windows\System32\win32spl.dll
    2008-10-31 16:39 . 2008-09-17 23:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
    2008-10-31 16:39 . 2008-09-17 23:56 125,952 --a------ C:\Windows\System32\wersvc.dll
    2008-10-30 21:29 . 2008-08-05 04:49 428,544 --a------ C:\Windows\System32\EncDec.dll
    2008-10-30 21:29 . 2008-08-05 04:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
    2008-10-30 21:29 . 2008-08-05 04:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
    2008-10-30 21:29 . 2008-08-05 04:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
    2008-10-30 21:29 . 2008-08-05 04:48 80,896 --a------ C:\Windows\System32\MSNP.ax
    2008-10-30 20:50 . 2008-10-30 20:50 <DIR> d-------- C:\Program Files\Trend Micro
    2008-10-21 17:52 . 2008-10-21 17:52 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
    2008-10-21 17:52 . 2008-10-21 17:52 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
    2008-10-21 17:51 . 2008-10-21 17:51 <DIR> d-------- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    2008-10-21 17:51 . 2008-10-21 17:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-10-21 17:48 . 2008-10-21 17:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-19 17:55 . 2008-10-19 17:55 2,100 --a------ C:\Windows\System32\requestBody.xml
    2008-10-19 17:55 . 2008-10-19 17:55 1,883 --a------ C:\Windows\System32\responseBody.xml
    2008-10-19 17:55 . 2008-10-19 17:55 513 --a------ C:\Windows\System32\request.gzip
    2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Videos
    2008-10-17 23:12 . 2006-11-02 05:23 <DIR> d-------- C:\Users\Mcx2\Saved Games
    2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Pictures
    2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Music
    2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Links
    2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Downloads
    2008-10-17 23:12 . 2008-10-17 23:12 <DIR> dr------- C:\Users\Mcx2\Documents
    2008-10-17 23:12 . 2008-10-17 23:14 <DIR> d--h----- C:\Users\Mcx2\AppData
    2008-10-17 23:12 . 2008-10-17 23:12 <DIR> d-------- C:\Users\Mcx2
    2008-10-17 22:01 . 2008-10-25 15:44 <DIR> d--h----- C:\$AVG8.VAULT$
    2008-10-17 14:27 . 2008-10-30 20:53 <DIR> d-------- C:\Windows\System32\drivers\Avg
    2008-10-17 14:27 . 2008-10-17 14:27 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys
    2008-10-17 14:27 . 2008-10-17 14:27 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
    2008-10-17 14:27 . 2008-10-17 14:27 10,520 --a------ C:\Windows\System32\avgrsstx.dll
    2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- C:\Users\All Users\avg8
    2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- C:\ProgramData\avg8
    2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- C:\Program Files\AVG
    2008-10-16 10:46 . 2008-10-16 10:46 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-10-15 19:59 . 2008-09-17 21:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
    2008-10-15 19:59 . 2008-08-26 20:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
    2008-10-15 19:58 . 2008-09-18 00:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-10-15 19:58 . 2008-09-18 00:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
    2008-10-15 19:58 . 2008-10-01 20:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-10-15 19:58 . 2008-10-01 22:49 827,392 --a------ C:\Windows\System32\wininet.dll
    2008-10-09 10:40 . 2008-10-09 10:40 <DIR> d-------- C:\Users\All Users\Yahoo!
    2008-10-09 10:40 . 2008-10-09 10:40 <DIR> d-------- C:\ProgramData\Yahoo!
    2008-10-03 14:14 . 2008-10-03 14:14 187,952 --a------ C:\Windows\System32\drivers\symtdi.sys
    2008-10-03 14:14 . 2008-10-03 14:14 146,096 --a------ C:\Windows\System32\drivers\symfw.sys
    2008-10-03 14:14 . 2008-10-03 14:14 39,984 --a------ C:\Windows\System32\drivers\symids.sys
    2008-10-03 14:14 . 2008-10-03 14:14 37,936 --a------ C:\Windows\System32\drivers\symndisv.sys
    2008-10-03 14:14 . 2008-10-03 14:14 27,696 --a------ C:\Windows\System32\drivers\symredrv.sys
    2008-10-03 14:14 . 2008-10-03 14:14 12,848 --a------ C:\Windows\System32\drivers\symdns.sys
    2008-10-03 14:14 . 2008-10-03 14:14 10,804 --a------ C:\Windows\System32\drivers\SymRedir.cat
    2008-10-03 14:14 . 2008-10-03 14:14 1,358 --a------ C:\Windows\System32\drivers\SymRedir.inf

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-01 16:42 --------- d-----w C:\Program Files\Hp
    2008-11-01 03:30 25,159 ----a-w C:\Users\Owner\AppData\Roaming\nvModes.dat
    2008-10-31 02:22 --------- d-----w C:\Program Files\Norton Internet Security
    2008-10-31 02:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-22 23:23 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-10-20 00:20 --------- d-----w C:\Program Files\Common Files\LightScribe
    2008-10-20 00:20 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-10-20 00:20 --------- d-----w C:\Program Files\Bonjour
    2008-10-20 00:19 --------- d-----w C:\Users\Owner\AppData\Roaming\uTorrent
    2008-10-20 00:19 --------- d-----w C:\ProgramData\FLEXnet
    2008-10-20 00:19 --------- d-----w C:\ProgramData\CyberLink
    2008-10-20 00:19 --------- d-----w C:\Program Files\Windows Sidebar
    2008-10-20 00:19 --------- d-----w C:\Program Files\Windows Mail
    2008-10-20 00:19 --------- d-----w C:\Program Files\Windows Defender
    2008-10-20 00:19 --------- d-----w C:\Program Files\uTorrent
    2008-10-20 00:19 --------- d-----w C:\Program Files\Picasa2
    2008-10-20 00:19 --------- d-----w C:\Program Files\iTunes
    2008-10-20 00:19 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-10-16 01:28 --------- d-----w C:\ProgramData\Microsoft Help
    2008-10-15 18:14 --------- d-----w C:\Users\Owner\AppData\Roaming\ZoomBrowser EX
    2008-10-15 17:23 --------- d-----w C:\ProgramData\ZoomBrowser
    2008-10-14 15:48 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
    2008-10-14 15:48 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
    2008-10-14 15:48 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
    2008-10-14 15:48 --------- d-----w C:\Program Files\Symantec
    2008-10-12 22:32 1,710 ----a-w C:\Users\Owner\AppData\Roaming\wklnhst.dat
    2008-10-08 16:50 --------- d-----w C:\Program Files\Yahoo!
    2008-09-28 16:53 --------- d-----w C:\Users\Owner\AppData\Roaming\Roxio
    2008-09-28 16:51 --------- d-----w C:\ProgramData\Roxio
    2008-09-27 01:08 --------- d-----w C:\Users\Owner\AppData\Roaming\MSNInstaller
    2008-09-10 08:04 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-08 23:26 --------- d-----w C:\Program Files\Common Files\Research In Motion
    2008-09-05 15:46 --------- d-----w C:\Users\Owner\AppData\Roaming\Apple Computer
    2008-09-05 15:45 --------- d-----w C:\ProgramData\Apple Computer
    2008-09-05 15:45 --------- d-----w C:\Program Files\iPod
    2008-09-05 15:39 --------- d-----w C:\Program Files\Common Files\Apple
    2008-03-23 05:11 174 --sha-w C:\Program Files\desktop.ini
    2007-09-16 22:50 22 --sha-w C:\Windows\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
    "HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-29 4670704]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 176128]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
    "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-07-05 77824]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-27 90191]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-27 7770112]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-27 81920]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-17 1234712]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]

    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "DefaultOutboundAction"= 1 (0x1)
    "DefaultInboundAction"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{1FCD3DBA-2A5A-45E1-89AE-B5AB9D63F26D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{BCD0A13A-C93A-4D4B-B822-1505AC562213}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{6AE9CC49-59DE-48E5-8275-98B2D6AD5984}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
    "{A7A42F00-FEA0-445A-BF66-6AE384225EC8}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{6AA6F9D7-4677-4147-93EB-500C335A7E4E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{53E8E1BE-2A8E-4EB1-A46C-DAB57FD0700B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{EBDE8B00-7377-4DD8-84C7-012895411F1F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{47B6B233-7B9F-4F8B-B0C2-AEFEBF2AC745}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{D256A9D5-9D48-4CE3-AA83-D9CFB5C07710}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{3474B845-518D-4323-A8CB-DB4BD7D1F591}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{938819F0-0491-4195-BCCB-2FF87C511E9D}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
    "{E4970EF8-7B00-49A4-861B-6BEAE350CF85}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
    "{5D1D5026-2951-47C1-9872-A86221A87C66}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
    "{BB07A53F-DFE3-4CCC-BF1A-CC96A143AF10}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
    "{F1201F6E-70EF-4AA6-8DAB-CC2287D4B1E8}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
    "{02988C0A-2107-4B78-A52D-86B8216FFC60}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
    "{4248240B-DFEA-41E5-B356-71234D1776F7}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
    "{F28CFA14-7302-493B-8AAC-4816F3452E83}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
    "{B6AA12E7-647F-43BE-8290-C286E2C001E2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{4E6E76D5-E1E4-40C8-8889-718BD4D68C91}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{7649AF57-7393-4B6E-83C2-30AAC4014EDF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{2643B593-E385-4077-94CA-91205EF1FCC9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{DA7BDBAC-E259-4501-93CC-CAE22D179D91}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{24573C1E-BDB8-4204-9F94-42CB82EF79C7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{5139616E-B1EA-4931-8780-B03709804C44}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{AF571E30-0582-4A46-A5E5-83714F645493}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{6AFDA3A7-5E3D-4924-9D32-2A515D0E83AB}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{5B204309-AA2F-409C-94B4-D67A49A8ED44}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{DA02BD84-34C4-4A75-90AC-1623DF0D376A}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{AAFA6C42-781C-4672-96E6-A39393246586}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{CF064D1F-3794-4417-BB9B-4025F4A9D565}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
    "{B2D3C36C-FE71-43FB-B98F-D116CD956357}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "DefaultOutboundAction"= 1 (0x1)
    "DefaultInboundAction"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)
    "DefaultOutboundAction"= 1 (0x1)
    "DefaultInboundAction"= 1 (0x1)
    "DoNotAllowExceptions"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-10-17 97928]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071113.001\IDSvix86.sys [2007-11-06 180272]
    R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-17 875288]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-17 231704]
    R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-10-17 69128]
    R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-10-03 37936]
    S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09c4c0c4-715e-11dc-af9e-0016d3a4c825}]
    \shell\AutoRun\command - H:\LaunchU3.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder

    2008-10-19 C:\Windows\Tasks\HPCeeScheduleForOwner.job
    - C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-23 16:23]
    .
    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
    R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
    R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-01 11:58:49
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-11-01 12:04:42
    ComboFix-quarantined-files.txt 2008-11-01 17:04:24

    Pre-Run: 91,895,820,288 bytes free
    Post-Run: 91,934,457,856 bytes free

    244 --- E O F --- 2008-10-31 21:51:59
     
  6. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey thegrunt

    Please download A-squared Free and install it. Follow the prompts and reboot if required.

    Launch A-Squared Free either by running E:\Program Files\a-squared Free\a2free.exe or double-click the a-squared Free shortcut on your Desktop.

    Updating A-Squared

    • At the main window, click on Update now.
    • Wait for A-Squared to be fully updated.

    Scanning Time

    • Click on Scan PC.
    • Click on Deep Scan and then Scan.
    • Wait for the scan to complete, and then click on Save Report.
    Save the file to a convenient location.
    • Open the file, and post the contents here.

    NOTE:: DO NOT REMOVE ANYTHING YET!!

    Also, post the alert from AVG here. Where does AVG detect the trojan?

    Best Regards :D
     
  7. thegrunt

    thegrunt Regular member

    Joined:
    Jun 4, 2007
    Messages:
    638
    Likes Received:
    0
    Trophy Points:
    26
    a-squared Free - Version 3.5
    Last update: 11/2/2008 11:20:59 AM

    Scan settings:

    Objects: Memory, Traces, Cookies, C:\, D:\, F:\
    Scan archives: On
    Heuristics: On
    ADS Scan: On

    Scan start: 11/2/2008 11:22:53 AM

    Key: HKEY_USERS\S-1-5-21-48042132-4294239952-4204044125-1000\software\kazaa detected: Trace.Registry.KaZaA!A2
    C:\Program Files\HP Games\Flip Words\FlipWords.exe detected: Packed.Win32.PePatch.gk!A2
    C:\Program Files\HP Games\Lemonade Tycoon 2\Lemonade2.exe detected: Backdoor.Win32.Rbot.aeu!A2
    C:\Program Files\HP Games\Mah Jong Quest\mahjong.exe detected: Trojan-Spy.Win32.Pophot.aww!A2
    C:\Program Files\HP Games\Otto\otto.exe detected: Backdoor.Win32.Wootbot.gen!A2
    C:\Program Files\HP Games\SCRABBLE\Scrabble.exe detected: Backdoor.Win32.Bifrose.kt!A2

    Scanned

    Files: 134161
    Traces: 516804
    Cookies: 2
    Processes: 76

    Found

    Files: 5
    Traces: 1
    Cookies: 0
    Processes: 0
    Registry keys: 0

    Scan end: 11/2/2008 2:40:02 PM
    Scan time: 3:17:09

    And for the avg alert,the files were quarintined so they dont show up on the scan anymore.Thanks for the ongoing help
     
  8. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey thegrunt

    Looks almost clean!

    However, one more thing to do:

    Upload these files to Virustotal.com, and post the results here.
    Code:
    C:\Program Files\HP Games\Otto\otto.exe detected: Backdoor.Win32.Wootbot.gen!A2 
    C:\Program Files\HP Games\SCRABBLE\Scrabble.exe detected: Backdoor.Win32.Bifrose.kt!A2 
    Best Regards :D
     
  9. thegrunt

    thegrunt Regular member

    Joined:
    Jun 4, 2007
    Messages:
    638
    Likes Received:
    0
    Trophy Points:
    26
    Heres the results,sorry if i added things that werent needed
    Thanks for the help

    Antivirus Version Last Update Result
    AhnLab-V3 2008.11.1.0 2008.11.03 -
    AntiVir 7.9.0.10 2008.11.03 -
    Authentium 5.1.0.4 2008.11.03 -
    Avast 4.8.1248.0 2008.11.03 -
    AVG 8.0.0.161 2008.11.03 -
    BitDefender 7.2 2008.11.03 -
    CAT-QuickHeal 9.50 2008.11.03 -
    ClamAV 0.94.1 2008.11.03 -
    DrWeb 4.44.0.09170 2008.11.03 -
    eSafe 7.0.17.0 2008.11.03 -
    eTrust-Vet 31.6.6188 2008.11.03 -
    Ewido 4.0 2008.11.03 -
    F-Prot 4.4.4.56 2008.11.03 -
    F-Secure 8.0.14332.0 2008.11.03 -
    Fortinet 3.117.0.0 2008.11.02 -
    GData 19 2008.11.03 -
    Ikarus T3.1.1.45.0 2008.11.03 -
    K7AntiVirus 7.10.515 2008.11.03 -
    Kaspersky 7.0.0.125 2008.11.03 -
    McAfee 5422 2008.11.02 -
    Microsoft 1.4005 2008.11.03 -
    NOD32 3579 2008.11.03 -
    Norman 5.80.02 2008.11.03 -
    Panda 9.0.0.4 2008.11.02 -
    PCTools 4.4.2.0 2008.11.03 -
    Prevx1 V2 2008.11.03 Suspicious
    Rising 21.02.02.00 2008.11.03 -
    SecureWeb-Gateway 6.7.6 2008.11.03 -
    Sophos 4.35.0 2008.11.03 -
    Sunbelt 3.1.1777.2 2008.11.03 -
    Symantec 10 2008.11.03 -
    TheHacker 6.3.1.1.137 2008.11.03 -
    TrendMicro 8.700.0.1004 2008.11.03 -
    VBA32 3.12.8.9 2008.11.03 -
    ViRobot 2008.11.3.1449 2008.11.03 -
    VirusBuster 4.5.11.0 2008.11.03 -
    Additional information
    File size: 786432 bytes
    MD5...: f0e713bbe097529ecb055fcb963c54a4
    SHA1..: cfe1ba7b4287796c7de17de97401c9be8cf53252
    SHA256: d697963ba1f642d781a2d1bab69277bc02f9e9893070a4ac200c2adb51c013da
    SHA512: 4ed2f8f3b3847c38e420ed8ddb7895585434551a7841c1eb478820d6ce35d8f8
    360a1ec02b203eec5efd8a80362ab2199cccc0267f4ccae3bbd8db28768f95b5
    PEiD..: -
    TrID..: File type identification
    Generic Win/DOS Executable (49.9%)
    DOS Executable Generic (49.8%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x49bd8a
    timedatestamp.....: 0x44b42e3a (Tue Jul 11 23:03:22 2006)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0xa0875 0xa1000 0.00 c63ae5ffab0156a589df2e8eb3c4c848
    .rdata 0xa2000 0xa618 0xb000 0.00 c324946ce1884cae603d6f4aa055ac8c
    .data 0xad000 0x32fcc 0xf000 0.00 84c48b8da7e9b9d3c5667ad9819debd9
    .rsrc 0xe0000 0x38d0 0x4000 3.64 3376b181cbf4d0cf0a1767424ae23a2a

    ( 0 imports )

    ( 0 exports )

    ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=f0e713bbe097529ecb055fcb963c54a4
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=F0C34D0C00D9CF3500B80CBB243F9300D742B03F


    Antivirus Version Last Update Result
    AhnLab-V3 - - -
    AntiVir - - -
    Authentium - - -
    Avast - - -
    AVG - - -
    BitDefender - - -
    CAT-QuickHeal - - -
    ClamAV - - Trojan.Bifrose-2491
    DrWeb - - -
    eSafe - - -
    eTrust-Vet - - -
    Ewido - - -
    F-Prot - - -
    F-Secure - - -
    FileAdvisor - - -
    Fortinet - - -
    Ikarus - - -
    Kaspersky - - -
    McAfee - - -
    Microsoft - - -
    NOD32v2 - - -
    Norman - - -
    Panda - - -
    Prevx1 - - Heuristic: Suspicious File With Code Injection Technology
    Rising - - -
    Sophos - - -
    Sunbelt - - -
    Symantec - - -
    TheHacker - - -
    VBA32 - - -
    VirusBuster - - -
    Webwasher-Gateway - - -
    Additional information
    MD5: 925efc60cb1b27a4e111aa215e586291
    SHA1: 12326708bf2d719733944c87669389131ee1bad0
    SHA256: eff40d282286d1feb9ad65dd1076d429ac7e767eb5c175fd7e7bbb1dc4e72536
    SHA512: 960a3631beb9bf36aeb5d1e417224270bffb40b275b7f8cf0b2f52e2d8e42699a94ec6b2cdfa23b3f1623856f50921ff01a1e10f7aab210d46e59b398a822f02
     
  10. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey thegrunt

    Wonderful! You look clean! Enjoy!

    Cheers :D
     

Share This Page