Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Clean up after avenger infection

1K views 0 replies 1 participant last post by  gjdunga 
#1 ·
I can't quite figure out how I got nailed with avenger, but I did.. Here's the HJT log after Cleaning.. Please Digest this for me, as I've stared too long at the screen, Please!!!

Thank you in advance.
------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 00:05, on 2007-06-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
c:\program files\sitedevelopers.com\dynamic dns client .net edition - service\dyndnswinservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\RunOnce: [TIF-Clean] c:\windows\TIF-CLN.BAT
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Startup: re-tif.bat
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: re-tif.bat
O4 - Global Startup: YPOPs.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Trillian - {2ef50289-0ea7-482e-a30b-4947a81e44cf} - C:\Program Files\Trillian\Trillian (file missing)
O9 - Extra 'Tools' menuitem: Trillian - {2ef50289-0ea7-482e-a30b-4947a81e44cf} - C:\Program Files\Trillian\Trillian (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1176917361203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1176917355296
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host-d.oddcast.com/hostClientIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA Personal Firewall ASEM - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Dynamic DNS Client for Windows (service) (dyndnsWin) - Mike Hacker - c:\program files\sitedevelopers.com\dynamic dns client .net edition - service\dyndnswinservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

------------------------------------------------------------------------------------------------------
Combo Fix Logs...

"gjdunga" - 2007-06-09 0:17:41 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\files\"

((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))

2007-06-08 23:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-08 00:15 d----c--- C:\Program Files\Lavasoft
2007-06-08 00:15 d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-08 00:15 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-07 22:24 81,024 --a--c--- C:\WINDOWS\system32\drivers\msfwdrv.sys
2007-06-07 22:24 105,856 --a--c--- C:\WINDOWS\system32\drivers\msfwhlpr.sys
2007-06-07 22:23 67,784 --a--c--- C:\WINDOWS\system32\drivers\MpFilter.sys
2007-06-07 22:21 d----c--- C:\Program Files\Microsoft Windows OneCare Live
2007-06-07 11:57 d----c--- C:\Program Files\Windows Live Safety Center
2007-06-07 01:29 86,056 --a--c--- C:\WINDOWS\system32\build_dol.exe
2007-06-04 15:18 9,344 --a--c--- C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a--c--- C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a--c--- C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 13:58 d----c--- C:\Program Files\autofind
2007-06-03 18:21 25,856 --a--c--- C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-02 12:06 d----c--- C:\DOCUME~1\Guest\APPLIC~1\Palo Alto Software
2007-06-02 11:53 d----c--- C:\DOCUME~1\Guest\APPLIC~1\Talkback
2007-06-02 06:05 1,310,720 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-05-27 21:48 20,992 --a--c--- C:\WINDOWS\jestertb.dll
2007-05-27 20:46 d----c--- C:\DOCUME~1\Gabriel\APPLIC~1\MobileAction
2007-05-27 20:40 d----c--- C:\Program Files\Mobile Action
2007-05-27 20:36 52,565 --a--c--- C:\WINDOWS\system32\drivers\mam4410u.sys
2007-05-27 20:36 49,867 --a--c--- C:\WINDOWS\system32\drivers\mardp2k.sys
2007-05-27 20:36 49,484 --a--c--- C:\WINDOWS\system32\drivers\mardpnp.sys
2007-05-27 20:36 36,586 --a--c--- C:\WINDOWS\system32\drivers\mavcomm.sys
2007-05-27 20:36 25,044 --a--c--- C:\WINDOWS\system32\drivers\mam4410m.sys
2007-05-27 20:36 24,789 --a--c--- C:\WINDOWS\system32\drivers\MaVctrl.sys
2007-05-27 20:36 24,784 --a--c--- C:\WINDOWS\system32\drivers\mam4410c.sys
2007-05-27 20:36 11,473 --a--c--- C:\WINDOWS\system32\drivers\MaVc2K.sys
2007-05-26 16:57 d----c--- C:\DOCUME~1\Gabriel\APPLIC~1\Palo Alto Software
2007-05-26 16:56 d----c--- C:\Program Files\Common Files\Intuit
2007-05-26 16:55 d----c--- C:\Program Files\Palo Alto Software
2007-05-26 16:55 d----c--- C:\Program Files\Common Files\Palo Alto Software
2007-05-26 16:55 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PAS
2007-05-26 16:55 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Palo Alto Software
2007-05-25 21:39 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-05-25 21:38 57,344 -----c--- C:\WINDOWS\system32\mfc70enu.dll
2007-05-25 21:31 d----c--- C:\Program Files\Common Files\Macromedia Shared
2007-05-24 02:33 d----c--- C:\DOCUME~1\Gabriel\APPLIC~1\AdobeUM
2007-05-24 01:12 d----c--- C:\DOCUME~1\Gabriel\APPLIC~1\acccore
2007-05-24 01:12 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-05-24 01:12 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-05-24 01:11 d----c--- C:\Program Files\Viewpoint
2007-05-24 01:11 d----c--- C:\Program Files\Common Files\AOL
2007-05-24 01:11 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-05-24 01:10 d----c--- C:\Program Files\AIM6
2007-05-24 01:09 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-05-24 00:15 d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-24 00:14 d----c--- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-22 23:18 d----c--- C:\Program Files\Common Files\eEye Digital Security
2007-05-17 04:09 d----c--- C:\Grampas
2007-05-17 00:04 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
2007-05-17 00:04 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
2007-05-17 00:03 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-05-16 23:46 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
2007-05-16 17:18 d----c--- C:\Program Files\MagicISO
2007-05-16 15:10 d----c--- C:\Winxp
2007-05-16 15:10 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
2007-05-16 15:08 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-05-16 14:54 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
2007-05-16 14:49 221,184 --a--c--- C:\WINDOWS\system32\wmpns.dll
2007-05-16 14:49 d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Windows Desktop Search
2007-05-16 14:23 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-15 02:19 d----c--- C:\Program Files\Windows Installer Clean Up
2007-05-15 02:18 d----c--- C:\Program Files\MSECACHE
2007-05-15 01:53 d--hs---- C:\WINDOWS\CSC
2007-05-14 23:55 d----c--- C:\WINDOWS\system32\appmgmt
2007-05-14 22:28 d----c--- C:\DOCUME~1\Gabriel\Contacts
2007-05-14 22:27 d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-14 22:27 d----c--- C:\Program Files\MSN Messenger
2007-05-11 22:48 d----c--- C:\Program Files\MSXML 6.0
2007-05-11 12:10 8 --a--c--- C:\WINDOWS\system32\winsusrx.dll
2007-05-11 12:10 136 --a--c--- C:\WINDOWS\system32\winsusrm.dll
2007-05-11 12:10 d----c--- C:\WINDOWS\5374-8831-2029-7643-5722
2007-05-09 12:28 d----c--- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-09 11:00 d--h-c--- C:\WINDOWS\$hf_mig$

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-09 06:14:38 -------- dc----w C:\Program Files\YPOPs
2007-06-09 05:49:23 -------- dc----w C:\Program Files\Torrent-Search
2007-06-08 04:21:13 -------- dc----w C:\Program Files\DAEMON Tools
2007-06-07 17:51:03 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Azureus
2007-06-02 19:05:54 -------- dc----w C:\Program Files\iTunes
2007-06-02 19:05:50 -------- dc----w C:\Program Files\iPod
2007-06-02 18:55:42 -------- dc----w C:\Program Files\Trillian
2007-06-02 07:29:04 -------- dc----w C:\Program Files\Azureus
2007-05-26 03:38:26 -------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-05-24 07:10:43 335 -c--a-w C:\WINDOWS\nsreg.dat
2007-05-17 05:45:37 1,606 -c--a-w C:\WINDOWS\mozver.dat
2007-05-16 22:57:05 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-05-15 05:55:26 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Apple Computer
2007-05-08 04:48:48 -------- dc----w C:\Program Files\Microsoft Office Outlook Connector
2007-05-03 13:45:36 -------- dc----w C:\Program Files\QuickTime
2007-05-03 13:42:10 -------- dc----w C:\Program Files\Apple Software Update
2007-04-30 02:01:57 2,560 -c--a-w C:\WINDOWS\_MSRSTRT.EXE
2007-04-29 19:08:02 -------- dc----w C:\Program Files\Smart Projects
2007-04-29 17:56:49 -------- dc----w C:\Program Files\SiteDevelopers.com
2007-04-29 04:18:30 3,919 -c--a-w C:\WINDOWS\tif-cln.bat
2007-04-28 21:41:58 -------- dc----w C:\Program Files\FileZilla
2007-04-22 09:40:54 57 -c--a-w C:\WINDOWS\sysdefrag.bat
2007-04-22 09:32:02 139 -c--a-w C:\WINDOWS\re-tif.bat
2007-04-22 07:30:59 -------- dc----w C:\Program Files\SysInternals
2007-04-20 23:06:28 -------- dc----w C:\Program Files\xwinlogon
2007-04-20 22:40:00 280,184 -c--a-w C:\WINDOWS\system32\DebugRpt.dll
2007-04-20 22:40:00 194,168 -c--a-w C:\WINDOWS\system32\LocalStorage.dll
2007-04-20 22:31:01 -------- dc----w C:\Program Files\WinSCP
2007-04-20 22:29:43 -------- dc----w C:\Program Files\PuTTY
2007-04-20 22:11:34 -------- dc----w C:\Program Files\CA
2007-04-18 22:22:26 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Ahead
2007-04-18 16:12:23 2,854,400 -c--a-w C:\WINDOWS\system32\msi.dll
2007-04-17 04:47:36 33,624 -c--a-w C:\WINDOWS\system32\wups.dll
2007-04-17 04:45:54 1,710,936 -c--a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 04:45:48 549,720 -c--a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 04:45:42 325,976 -c--a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 04:45:36 203,096 -c--a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 04:45:28 92,504 -c--a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 04:45:20 53,080 -c--a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 04:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 04:44:20 271,224 -c--a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 04:44:18 208,248 -c--a-w C:\WINDOWS\system32\muweb.dll
2007-04-14 23:44:54 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Windows Desktop Search
2007-04-14 23:43:11 -------- dc----w C:\Program Files\Windows Desktop Search
2007-04-14 23:30:22 -------- dc----w C:\Program Files\Common Files\Ahead
2007-04-14 23:29:29 -------- dc----w C:\Program Files\Nero
2007-04-14 23:05:04 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Media Player Classic
2007-04-14 23:02:28 -------- dc----w C:\Program Files\K-Lite Codec Pack
2007-04-14 22:19:42 -------- dc----w C:\Program Files\Alcohol Soft
2007-04-14 21:54:16 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\WinRAR
2007-04-14 18:30:17 -------- dc----w C:\Program Files\Microsoft Works
2007-04-14 18:27:31 -------- dc----w C:\Program Files\Microsoft.NET
2007-04-14 18:22:55 -------- dc----w C:\Program Files\Microsoft Visual Studio 8
2007-04-14 07:17:32 -------- dc----w C:\Program Files\MSXML 4.0
2007-04-14 07:12:26 -------- dc----w C:\Program Files\Debugging Tools for Windows
2007-04-14 06:55:04 124,288 -c--a-w C:\WINDOWS\Contig.exe
2007-04-14 06:54:16 25,992 -c--a-w C:\WINDOWS\system32\pgdfgsvc.exe
2007-04-14 05:57:26 -------- dc----w C:\Program Files\MSBuild
2007-04-14 05:52:05 -------- dc----w C:\Program Files\Reference Assemblies
2007-04-14 05:51:05 -------- dc----w C:\Program Files\Windows Media Connect 2
2007-04-14 05:42:30 -------- dc----w C:\Program Files\Messenger
2007-04-14 05:11:15 -------- dc----w C:\Program Files\Movie Maker
2007-04-14 05:10:03 -------- dc----w C:\Program Files\Windows NT
2007-04-14 04:33:58 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Talkback
2007-04-14 03:51:58 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Creative
2007-04-14 03:51:57 -------- dc----w C:\DOCUME~1\Gabriel\APPLIC~1\Help
2007-04-14 03:50:17 -------- dc----w C:\Program Files\Creative
2007-04-14 03:41:22 -------- dc----w C:\Program Files\Common Files\InstallShield
2007-04-14 03:39:15 -------- dc----w C:\Program Files\Windows Media Components
2007-04-14 03:38:36 -------- dc----w C:\Program Files\Common Files\CyberLink
2007-04-14 03:33:57 -------- dc----w C:\Program Files\ATI Technologies
2007-04-14 02:02:54 -------- dc----w C:\Program Files\microsoft frontpage
2007-04-14 02:02:26 0 -csha-r C:\MSDOS.SYS
2007-04-14 02:02:26 0 -csha-r C:\IO.SYS
2007-04-14 02:02:26 0 -c--a-w C:\CONFIG.SYS
2007-04-14 02:02:26 0 -c--a-w C:\AUTOEXEC.BAT
2007-04-14 01:59:58 -------- dc----w C:\Program Files\Common Files\MSSoap
2007-04-14 01:59:06 21,640 -c--a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-14 01:58:41 -------- dc-h--w C:\Program Files\WindowsUpdate
2007-04-14 01:58:29 -------- dc----w C:\Program Files\MSN Gaming Zone
2007-04-13 21:19:52 7,680 -c--a-w C:\WINDOWS\system32\lsdelete.exe
2007-04-13 19:49:35 -------- dc----w C:\Program Files\Common Files\ODBC
2007-04-13 19:49:32 -------- dc----w C:\Program Files\Common Files\SpeechEngines
2007-04-05 21:00:06 119,296 -c--a-w C:\WINDOWS\system32\zlibwapi.dll
2007-04-05 21:00:06 119,296 -c--a-w C:\WINDOWS\system32\zlib.dll
2007-03-23 12:07:56 1,683,280 -c--a-w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 12:07:54 583,504 -c--a-w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 02:25:02 124,928 -c--a-w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 01:27:58 972,336 -c--a-w C:\WINDOWS\UNRecode.exe
2007-03-15 01:19:56 95,864 -c--a-w C:\WINDOWS\system32\NeroCo.dll
2007-03-15 01:19:26 972,336 -c--a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-03-12 19:51:08 972,336 -c--a-w C:\WINDOWS\UNNeroMediaHome.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"@"="" []
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-05-16 09:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 16:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"TIF-Clean"=c:\windows\TIF-CLN.BAT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\OneCareMP]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun\splash.hta

Contents of the 'Scheduled Tasks' folder
2007-06-07 02:12:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-09 00:19:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-09 0:20:47

--- E O F ---
 
See less See more
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top