Tech Support Guy banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
28 Posts
Discussion Starter · #1 ·
Hi,

My friend has been having quite a number of problems recently which includes...
  • Cricket 07 showing multiple frames overlapping at the same time
  • He tried to unsuccessfully uninstall AVG AFTER installing avast, and now AVG is creating some error message each time he logs in
  • Although the folder options has been to open all links in same window in my computer, it opens the hard disk drives from my computer page alone in a new window whereas everything else opens in same page, i tried resetting it a lot of times, but to no change

I have run Hijackthis and here is the log for it...
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:20 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Softwares\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

--
End of file - 4817 bytes
Thanks,
Prav.
 

·
Registered
Joined
·
28 Posts
Discussion Starter · #4 ·
I ran ComboFix on his computer, both using the original combofix as well as using the MS Recovery Console as well...
The logs are as follows... Please help me out....

The CF-RC log:
Code:
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
And the original ComboFix log is as follows:
Code:
ComboFix 08-03-17.1 - premavathi 2008-03-18 15:26:54.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.658 [GMT 5.5:30]
Running from: C:\Documents and Settings\premavathi\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr0.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\amvo.exe
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://nxpagent.airtelbroadband.in
.
(((((((((((((((((((((((((   Files Created from 2008-02-18 to 2008-03-18  )))))))))))))))))))))))))))))))
.

2008-03-18 15:23 . 2008-03-18 15:23	<DIR>	d--------	C:\Program Files\MSECache
2008-03-17 12:51 . 2008-03-17 12:51	<DIR>	d--------	C:\Program Files\Boson Software
2008-03-14 22:05 . 2008-03-14 22:05	100,382	-r-hs----	C:\cayfq2.cmd
2008-03-13 20:44 . 2008-03-13 20:43	101,291	-r-hs----	C:\32e2.com
2008-03-12 10:03 . 2008-03-12 10:03	<DIR>	d--------	C:\Program Files\Counter-Strike 1.6
2008-03-12 10:00 . 2008-03-12 17:54	101,492	-r-hs----	C:\22wcb21o.exe
2008-03-10 18:00 . 2008-03-10 18:00	<DIR>	d--------	C:\Documents and Settings\premavathi\Application Data\Hamachi
2008-03-10 18:00 . 2008-03-10 18:00	25,280	--a------	C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-10 17:55 . 2008-03-10 17:55	<DIR>	d--------	C:\Program Files\hamachi
2008-03-10 12:02 . 2006-11-09 15:46	2,262,648	--a------	C:\WINDOWS\system32\Flash9b.ocx
2008-03-10 09:59 . 2008-03-10 09:59	<DIR>	d--hs----	C:\FOUND.011
2008-03-10 02:08 . 2008-03-10 02:08	<DIR>	d--------	C:\Documents and Settings\premavathi\Application Data\Apple Computer
2008-03-10 00:29 . 2008-03-10 00:29	<DIR>	d--------	C:\Program Files\Apple Software Update
2008-03-10 00:29 . 2008-03-10 00:29	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2008-03-10 00:29 . 2008-03-10 00:29	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2008-03-08 15:57 . 2008-03-08 15:57	<DIR>	d--hs----	C:\FOUND.010
2008-03-08 10:33 . 2008-03-09 11:33	102,536	-r-hs----	C:\v.com
2008-03-06 23:36 . 2008-03-06 23:35	107,849	-r-hs----	C:\a3g3.bat
2008-03-06 09:10 . 2008-03-06 09:09	106,249	-r-hs----	C:\ta2.cmd
2008-03-05 16:55 . 2008-03-05 16:55	107,272	-r-hs----	C:\8.bat
2008-03-02 20:23 . 2008-03-02 20:23	<DIR>	d--------	C:\Program Files\Common Files\xing shared
2008-03-02 10:56 . 2008-03-02 17:01	106,994	-r-hs----	C:\x6.bat
2008-03-01 17:11 . 2007-12-28 16:21	1,000,960	--a------	C:\ssl
2008-03-01 17:08 . 2008-03-01 17:08	<DIR>	d--------	C:\Program Files\Common Files\Jetstream Shared
2008-03-01 17:08 . 1998-11-13 04:25	119,056	--a------	C:\WINDOWS\system32\sqlstr.dll
2008-03-01 17:08 . 1998-11-11 21:51	98,576	--a------	C:\WINDOWS\system32\msrpjt40.dll
2008-03-01 17:06 . 2008-03-01 17:06	<DIR>	d--------	C:\Documents and Settings\premavathi\WINDOWS
2008-03-01 17:06 . 1998-07-30 12:51	305,152	--a------	C:\WINDOWS\IsUninst.exe
2008-03-01 17:06 . 2008-03-01 17:09	2,823	--a------	C:\WINDOWS\setup.iss
2008-02-29 21:37 . 2008-02-29 21:38	107,155	-r-hs----	C:\fppg1.exe
2008-02-28 13:55 . 2008-02-28 13:55	<DIR>	d--hs----	C:\FOUND.009
2008-02-26 13:23 . 2008-02-26 13:23	<DIR>	d--hs----	C:\FOUND.008
2008-02-26 12:17 . 2008-02-26 12:17	<DIR>	d--hs----	C:\FOUND.007
2008-02-23 20:50 . 2006-09-05 20:06	18,704	-ra------	C:\WINDOWS\system32\drivers\se59nd5.sys
2008-02-23 20:30 . 2008-02-23 20:30	<DIR>	d--------	C:\Documents and Settings\premavathi\Application Data\Teleca
2008-02-23 20:29 . 2008-02-23 20:29	<DIR>	d--------	C:\Documents and Settings\premavathi\Application Data\Sony Ericsson
2008-02-23 20:27 . 2008-02-23 20:27	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2008-02-23 20:26 . 2008-02-23 20:26	<DIR>	d--------	C:\WINDOWS\Downloaded Installations
2008-02-23 20:26 . 2008-02-23 20:26	<DIR>	d--------	C:\Program Files\Sony Ericsson
2008-02-23 20:26 . 2008-02-23 20:26	<DIR>	d--------	C:\Program Files\Common Files\Teleca Shared
2008-02-23 20:26 . 2008-02-23 20:26	<DIR>	d--------	C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-23 20:26 . 2008-02-23 20:26	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 06:48	---------	d-----w	C:\DOCUME~1\ALLUSE~1\APPLIC~1\LucasArts
2008-01-18 06:47	---------	d-----w	C:\Program Files\LucasArts
2007-12-18 09:51	179,584	----a-w	C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-08-18 14:12	92,064	----a-w	C:\Documents and Settings\premavathi\mqdmmdm.sys
2007-08-18 14:12	9,232	----a-w	C:\Documents and Settings\premavathi\mqdmmdfl.sys
2007-08-18 14:12	79,328	----a-w	C:\Documents and Settings\premavathi\mqdmserd.sys
2007-08-18 14:12	66,656	----a-w	C:\Documents and Settings\premavathi\mqdmbus.sys
2007-08-18 14:12	6,208	----a-w	C:\Documents and Settings\premavathi\mqdmcmnt.sys
2007-08-18 14:12	5,936	----a-w	C:\Documents and Settings\premavathi\mqdmwhnt.sys
2007-08-18 14:12	4,048	----a-w	C:\Documents and Settings\premavathi\mqdmcr.sys
2007-08-18 14:12	25,600	----a-w	C:\Documents and Settings\premavathi\usbsermptxp.sys
2007-08-18 14:12	22,768	----a-w	C:\Documents and Settings\premavathi\usbsermpt.sys
2007-07-07 18:31	19,992	----a-w	C:\Documents and Settings\premavathi\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:56 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 03:59 165784]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"nxpclient"="C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe" [2007-11-26 16:22 202016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 18:30 79224]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-02 20:23 185896]
"QuickTime Task"="F:\quick\QTTask.exe" [2008-01-31 23:13 385024]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--------- 2004-12-15 19:01 40960 C:\WINDOWS\VM_STI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
-ra------ 2005-11-01 00:45 163840 C:\WINDOWS\system32\S3Trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-03-28 01:07 593920 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2006-03-02 05:52 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2006-06-16 08:03 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-11 18:16 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"F:\\visual studio\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"F:\\Vtennis\\VIRTUA_TENNIS_PC.exe"=
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"C:\\Program Files\\Boson Software\\Boson NetSim\\Boson_NetSim.exe"=

R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe [2007-11-26 16:22]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-06-22 23:53]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt []
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-04-05 15:04]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 17:04]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist;C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [2007-11-01 15:20]
S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-07-23 16:57]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07e51da9-fe4f-11d5-a22d-806d6172696f}]
\Shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07e51daa-fe4f-11d5-a22d-806d6172696f}]
\Shell\AutoRun\command - xp19.com
\Shell\explore\Command - xp19.com
\Shell\open\Command - xp19.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07e51dab-fe4f-11d5-a22d-806d6172696f}]
\Shell\AutoRun\command - xp19.com
\Shell\explore\Command - xp19.com
\Shell\open\Command - xp19.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07e51dac-fe4f-11d5-a22d-806d6172696f}]
\Shell\AutoRun\command - xp19.com
\Shell\explore\Command - xp19.com
\Shell\open\Command - xp19.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07e51dad-fe4f-11d5-a22d-806d6172696f}]
\Shell\AutoRun\command - xp19.com
\Shell\explore\Command - xp19.com
\Shell\open\Command - xp19.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1924b910-e5e9-11dc-a82c-001731871c17}]
\Shell\AutoRun\command - I:\v.com
\Shell\explore\Command - I:\v.com
\Shell\open\Command - I:\v.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b26ab9c8-2b89-11dc-a687-001731871c17}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e457a90f-e3b2-11dc-a824-001731871c17}]
\Shell\AutoRun\command - h.cmd
\Shell\explore\Command - h.cmd
\Shell\open\Command - h.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdc2c3fc-e222-11dc-a821-001731871c17}]
\Shell\AutoRun\command - I:\v.com
\Shell\explore\Command - I:\v.com
\Shell\open\Command - I:\v.com

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 15:28:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
Completion time: 2008-03-18 15:28:26
ComboFix-quarantined-files.txt  2008-03-18 09:58:26
.
2008-03-13 06:53:12	--- E O F ---
Thanks,
Prav.
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top