hijackthis & SUPERAntiSpyware log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:19 PM, on 10/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\helppane.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\AVG\AVG8\avgui.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe



--
End of file - 11973 bytes



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/30/2008 at 08:06 PM

Application Version : 4.21.1004

Core Rules Database Version : 3603
Trace Rules Database Version: 1589

Scan type : Complete Scan
Total Scan Time : 00:32:38

Memory items scanned : 209
Memory threats detected : 0
Registry items scanned : 8292
Registry threats detected : 3
File items scanned : 26520
File threats detected : 0

Adware.Vundo Variant/Rel
HKU\S-1-5-21-48042132-4294239952-4204044125-1000\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Users\Owner\AppData\Local\Temp\vtUlMFUo.dll,#1 ]
HKU\S-1-5-21-48042132-4294239952-4204044125-1000\Software\Microsoft\Windows\CurrentVersion\Run#cmds [ rundll32.exe C:\Users\Owner\AppData\Local\Temp\jkkHWNFY.dll,c ]
HKU\S-1-5-21-48042132-4294239952-4204044125-1000\Software\Microsoft\rdfa

Thanks for the help

 

Hi thegrunt

So... what problems do you have exactly?

 

avg detects virus win32/heur & Trojan generic something.I get alot of pop ups to porn websites and programs to "clean" my computer.
Thanks

 

Hey thegrunt

Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

• Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

Best Regards

 

ComboFix 08-10-31.02 - Owner 2008-11-01 11:50:18.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.222 [GMT -5:00]
Running from: C:\Users\Owner\Downloads\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))
.

2008-10-31 16:39 . 2008-08-11 22:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-31 16:39 . 2008-09-17 23:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-31 16:39 . 2008-09-17 23:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-30 21:29 . 2008-08-05 04:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-30 21:29 . 2008-08-05 04:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-30 21:29 . 2008-08-05 04:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-30 21:29 . 2008-08-05 04:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-30 21:29 . 2008-08-05 04:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-30 20:50 . 2008-10-30 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-21 17:52 . 2008-10-21 17:52 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-10-21 17:52 . 2008-10-21 17:52 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-10-21 17:51 . 2008-10-21 17:51 <DIR> d-------- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2008-10-21 17:51 . 2008-10-21 17:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-21 17:48 . 2008-10-21 17:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-19 17:55 . 2008-10-19 17:55 2,100 --a------ C:\Windows\System32\requestBody.xml
2008-10-19 17:55 . 2008-10-19 17:55 1,883 --a------ C:\Windows\System32\responseBody.xml
2008-10-19 17:55 . 2008-10-19 17:55 513 --a------ C:\Windows\System32\request.gzip
2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Videos
2008-10-17 23:12 . 2006-11-02 05:23 <DIR> d-------- C:\Users\Mcx2\Saved Games
2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Pictures
2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Music
2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Links
2008-10-17 23:12 . 2006-11-02 05:23 <DIR> dr------- C:\Users\Mcx2\Downloads
2008-10-17 23:12 . 2008-10-17 23:12 <DIR> dr------- C:\Users\Mcx2\Documents
2008-10-17 23:12 . 2008-10-17 23:14 <DIR> d--h----- C:\Users\Mcx2\AppData
2008-10-17 23:12 . 2008-10-17 23:12 <DIR> d-------- C:\Users\Mcx2
2008-10-17 22:01 . 2008-10-25 15:44 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-17 14:27 . 2008-10-30 20:53 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-10-17 14:27 . 2008-10-17 14:27 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-10-17 14:27 . 2008-10-17 14:27 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-10-17 14:27 . 2008-10-17 14:27 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- C:\Users\All Users\avg8
2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- C:\ProgramData\avg8
2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- C:\Program Files\AVG
2008-10-16 10:46 . 2008-10-16 10:46 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-10-15 19:59 . 2008-09-17 21:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 19:59 . 2008-08-26 20:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-15 19:58 . 2008-09-18 00:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 19:58 . 2008-09-18 00:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 19:58 . 2008-10-01 20:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 19:58 . 2008-10-01 22:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-09 10:40 . 2008-10-09 10:40 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-10-09 10:40 . 2008-10-09 10:40 <DIR> d-------- C:\ProgramData\Yahoo!
2008-10-03 14:14 . 2008-10-03 14:14 187,952 --a------ C:\Windows\System32\drivers\symtdi.sys
2008-10-03 14:14 . 2008-10-03 14:14 146,096 --a------ C:\Windows\System32\drivers\symfw.sys
2008-10-03 14:14 . 2008-10-03 14:14 39,984 --a------ C:\Windows\System32\drivers\symids.sys
2008-10-03 14:14 . 2008-10-03 14:14 37,936 --a------ C:\Windows\System32\drivers\symndisv.sys
2008-10-03 14:14 . 2008-10-03 14:14 27,696 --a------ C:\Windows\System32\drivers\symredrv.sys
2008-10-03 14:14 . 2008-10-03 14:14 12,848 --a------ C:\Windows\System32\drivers\symdns.sys
2008-10-03 14:14 . 2008-10-03 14:14 10,804 --a------ C:\Windows\System32\drivers\SymRedir.cat
2008-10-03 14:14 . 2008-10-03 14:14 1,358 --a------ C:\Windows\System32\drivers\SymRedir.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 16:42 --------- d-----w C:\Program Files\Hp
2008-11-01 03:30 25,159 ----a-w C:\Users\Owner\AppData\Roaming\nvModes.dat
2008-10-31 02:22 --------- d-----w C:\Program Files\Norton Internet Security
2008-10-31 02:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-22 23:23 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-20 00:20 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-10-20 00:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-20 00:20 --------- d-----w C:\Program Files\Bonjour
2008-10-20 00:19 --------- d-----w C:\Users\Owner\AppData\Roaming\uTorrent
2008-10-20 00:19 --------- d-----w C:\ProgramData\FLEXnet
2008-10-20 00:19 --------- d-----w C:\ProgramData\CyberLink
2008-10-20 00:19 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-20 00:19 --------- d-----w C:\Program Files\Windows Mail
2008-10-20 00:19 --------- d-----w C:\Program Files\Windows Defender
2008-10-20 00:19 --------- d-----w C:\Program Files\uTorrent
2008-10-20 00:19 --------- d-----w C:\Program Files\Picasa2
2008-10-20 00:19 --------- d-----w C:\Program Files\iTunes
2008-10-20 00:19 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-16 01:28 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-15 18:14 --------- d-----w C:\Users\Owner\AppData\Roaming\ZoomBrowser EX
2008-10-15 17:23 --------- d-----w C:\ProgramData\ZoomBrowser
2008-10-14 15:48 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-10-14 15:48 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-10-14 15:48 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-10-14 15:48 --------- d-----w C:\Program Files\Symantec
2008-10-12 22:32 1,710 ----a-w C:\Users\Owner\AppData\Roaming\wklnhst.dat
2008-10-08 16:50 --------- d-----w C:\Program Files\Yahoo!
2008-09-28 16:53 --------- d-----w C:\Users\Owner\AppData\Roaming\Roxio
2008-09-28 16:51 --------- d-----w C:\ProgramData\Roxio
2008-09-27 01:08 --------- d-----w C:\Users\Owner\AppData\Roaming\MSNInstaller
2008-09-10 08:04 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 23:26 --------- d-----w C:\Program Files\Common Files\Research In Motion
2008-09-05 15:46 --------- d-----w C:\Users\Owner\AppData\Roaming\Apple Computer
2008-09-05 15:45 --------- d-----w C:\ProgramData\Apple Computer
2008-09-05 15:45 --------- d-----w C:\Program Files\iPod
2008-09-05 15:39 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-23 05:11 174 --sha-w C:\Program Files\desktop.ini
2007-09-16 22:50 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-02-29 4670704]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-07-05 77824]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-27 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-27 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-27 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-17 1234712]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 1 (0x1)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1FCD3DBA-2A5A-45E1-89AE-B5AB9D63F26D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BCD0A13A-C93A-4D4B-B822-1505AC562213}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6AE9CC49-59DE-48E5-8275-98B2D6AD5984}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{A7A42F00-FEA0-445A-BF66-6AE384225EC8}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6AA6F9D7-4677-4147-93EB-500C335A7E4E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{53E8E1BE-2A8E-4EB1-A46C-DAB57FD0700B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EBDE8B00-7377-4DD8-84C7-012895411F1F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{47B6B233-7B9F-4F8B-B0C2-AEFEBF2AC745}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D256A9D5-9D48-4CE3-AA83-D9CFB5C07710}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3474B845-518D-4323-A8CB-DB4BD7D1F591}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{938819F0-0491-4195-BCCB-2FF87C511E9D}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{E4970EF8-7B00-49A4-861B-6BEAE350CF85}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{5D1D5026-2951-47C1-9872-A86221A87C66}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{BB07A53F-DFE3-4CCC-BF1A-CC96A143AF10}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{F1201F6E-70EF-4AA6-8DAB-CC2287D4B1E8}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{02988C0A-2107-4B78-A52D-86B8216FFC60}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{4248240B-DFEA-41E5-B356-71234D1776F7}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{F28CFA14-7302-493B-8AAC-4816F3452E83}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{B6AA12E7-647F-43BE-8290-C286E2C001E2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4E6E76D5-E1E4-40C8-8889-718BD4D68C91}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7649AF57-7393-4B6E-83C2-30AAC4014EDF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2643B593-E385-4077-94CA-91205EF1FCC9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{DA7BDBAC-E259-4501-93CC-CAE22D179D91}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{24573C1E-BDB8-4204-9F94-42CB82EF79C7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{5139616E-B1EA-4931-8780-B03709804C44}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AF571E30-0582-4A46-A5E5-83714F645493}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6AFDA3A7-5E3D-4924-9D32-2A515D0E83AB}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5B204309-AA2F-409C-94B4-D67A49A8ED44}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DA02BD84-34C4-4A75-90AC-1623DF0D376A}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AAFA6C42-781C-4672-96E6-A39393246586}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{CF064D1F-3794-4417-BB9B-4025F4A9D565}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{B2D3C36C-FE71-43FB-B98F-D116CD956357}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 1 (0x1)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 1 (0x1)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-10-17 97928]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071113.001\IDSvix86.sys [2007-11-06 180272]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-17 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-17 231704]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-10-17 69128]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-10-03 37936]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09c4c0c4-715e-11dc-af9e-0016d3a4c825}]
\shell\AutoRun\command - H:\LaunchU3.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-19 C:\Windows\Tasks\HPCeeScheduleForOwner.job
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-23 16:23]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 11:58:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-01 12:04:42
ComboFix-quarantined-files.txt 2008-11-01 17:04:24

Pre-Run: 91,895,820,288 bytes free
Post-Run: 91,934,457,856 bytes free

244 --- E O F --- 2008-10-31 21:51:59

 

Hey thegrunt

Please download A-squared Free and install it. Follow the prompts and reboot if required.

Launch A-Squared Free either by running E:\Program Files\a-squared Free\a2free.exe or double-click the a-squared Free shortcut on your Desktop.

Updating A-Squared

• At the main window, click on Update now.
• Wait for A-Squared to be fully updated.

Scanning Time

• Click on Scan PC.
• Click on Deep Scan and then Scan.
• Wait for the scan to complete, and then click on Save Report.
• Save the file to a convenient location.
• Open the file, and post the contents here.

NOTE:: DO NOT REMOVE ANYTHING YET!!

Also, post the alert from AVG here. Where does AVG detect the trojan?

Best Regards

 

a-squared Free - Version 3.5
Last update: 11/2/2008 11:20:59 AM

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\, F:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 11/2/2008 11:22:53 AM

Key: HKEY_USERS\S-1-5-21-48042132-4294239952-4204044125-1000\software\kazaa detected: Trace.Registry.KaZaA!A2
C:\Program Files\HP Games\Flip Words\FlipWords.exe detected: Packed.Win32.PePatch.gk!A2
C:\Program Files\HP Games\Lemonade Tycoon 2\Lemonade2.exe detected: Backdoor.Win32.Rbot.aeu!A2
C:\Program Files\HP Games\Mah Jong Quest\mahjong.exe detected: Trojan-Spy.Win32.Pophot.aww!A2
C:\Program Files\HP Games\Otto\otto.exe detected: Backdoor.Win32.Wootbot.gen!A2
C:\Program Files\HP Games\SCRABBLE\Scrabble.exe detected: Backdoor.Win32.Bifrose.kt!A2

Scanned

Files: 134161
Traces: 516804
Cookies: 2
Processes: 76

Found

Files: 5
Traces: 1
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 11/2/2008 2:40:02 PM
Scan time: 3:17:09

And for the avg alert,the files were quarintined so they dont show up on the scan anymore.Thanks for the ongoing help

 

Hey thegrunt

Looks almost clean!

However, one more thing to do:

Upload these files to Virustotal.com, and post the results here.

Code:

C:\Program Files\HP Games\Otto\otto.exe detected: Backdoor.Win32.Wootbot.gen!A2 
C:\Program Files\HP Games\SCRABBLE\Scrabble.exe detected: Backdoor.Win32.Bifrose.kt!A2 

Best Regards

 

Heres the results,sorry if i added things that werent needed
Thanks for the help

Antivirus Version Last Update Result
AhnLab-V3 2008.11.1.0 2008.11.03 -
AntiVir 7.9.0.10 2008.11.03 -
Authentium 5.1.0.4 2008.11.03 -
Avast 4.8.1248.0 2008.11.03 -
AVG 8.0.0.161 2008.11.03 -
BitDefender 7.2 2008.11.03 -
CAT-QuickHeal 9.50 2008.11.03 -
ClamAV 0.94.1 2008.11.03 -
DrWeb 4.44.0.09170 2008.11.03 -
eSafe 7.0.17.0 2008.11.03 -
eTrust-Vet 31.6.6188 2008.11.03 -
Ewido 4.0 2008.11.03 -
F-Prot 4.4.4.56 2008.11.03 -
F-Secure 8.0.14332.0 2008.11.03 -
Fortinet 3.117.0.0 2008.11.02 -
GData 19 2008.11.03 -
Ikarus T3.1.1.45.0 2008.11.03 -
K7AntiVirus 7.10.515 2008.11.03 -
Kaspersky 7.0.0.125 2008.11.03 -
McAfee 5422 2008.11.02 -
Microsoft 1.4005 2008.11.03 -
NOD32 3579 2008.11.03 -
Norman 5.80.02 2008.11.03 -
Panda 9.0.0.4 2008.11.02 -
PCTools 4.4.2.0 2008.11.03 -
Prevx1 V2 2008.11.03 Suspicious
Rising 21.02.02.00 2008.11.03 -
SecureWeb-Gateway 6.7.6 2008.11.03 -
Sophos 4.35.0 2008.11.03 -
Sunbelt 3.1.1777.2 2008.11.03 -
Symantec 10 2008.11.03 -
TheHacker 6.3.1.1.137 2008.11.03 -
TrendMicro 8.700.0.1004 2008.11.03 -
VBA32 3.12.8.9 2008.11.03 -
ViRobot 2008.11.3.1449 2008.11.03 -
VirusBuster 4.5.11.0 2008.11.03 -
Additional information
File size: 786432 bytes
MD5...: f0e713bbe097529ecb055fcb963c54a4
SHA1..: cfe1ba7b4287796c7de17de97401c9be8cf53252
SHA256: d697963ba1f642d781a2d1bab69277bc02f9e9893070a4ac200c2adb51c013da
SHA512: 4ed2f8f3b3847c38e420ed8ddb7895585434551a7841c1eb478820d6ce35d8f8
360a1ec02b203eec5efd8a80362ab2199cccc0267f4ccae3bbd8db28768f95b5
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x49bd8a
timedatestamp.....: 0x44b42e3a (Tue Jul 11 23:03:22 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xa0875 0xa1000 0.00 c63ae5ffab0156a589df2e8eb3c4c848
.rdata 0xa2000 0xa618 0xb000 0.00 c324946ce1884cae603d6f4aa055ac8c
.data 0xad000 0x32fcc 0xf000 0.00 84c48b8da7e9b9d3c5667ad9819debd9
.rsrc 0xe0000 0x38d0 0x4000 3.64 3376b181cbf4d0cf0a1767424ae23a2a

( 0 imports )

( 0 exports )

ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=f0e713bbe097529ecb055fcb963c54a4
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=F0C34D0C00D9CF3500B80CBB243F9300D742B03F


Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - Trojan.Bifrose-2491
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious File With Code Injection Technology
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: 925efc60cb1b27a4e111aa215e586291
SHA1: 12326708bf2d719733944c87669389131ee1bad0
SHA256: eff40d282286d1feb9ad65dd1076d429ac7e767eb5c175fd7e7bbb1dc4e72536
SHA512: 960a3631beb9bf36aeb5d1e417224270bffb40b275b7f8cf0b2f52e2d8e42699a94ec6b2cdfa23b3f1623856f50921ff01a1e10f7aab210d46e59b398a822f02

 

Hey thegrunt

Wonderful! You look clean! Enjoy!

Cheers