bits of AVG8 blacked out..virus?
print screen
http://i124.photobucket.com/albums/p…untitled-4.jpg
i did a AVG scan and it dident find eneything
i started up in safe mode and avg wouldend do a stan in safe mode but spybot search and destroy dident find eneything
hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:49, on 16/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\MOTHERBOARD MONITOR 5\MBM5.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 – Toolbar: StylerToolBar – {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} – C:\Program Files\Styler\TB\StylerTB.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [MBM 5] "C:\PROGRAM FILES\MOTHERBOARD MONITOR 5\MBM5.EXE"
O4 – HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 – HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 – HKCU\..\Run: [TransBar] C:\Documents and Settings\peter’s PC\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe /s
O4 – HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)
O4 – Startup: Styler.lnk = ?
res://C:\Program
O10 – Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/ge…sh/swflash.cab
O23 – Service: AVG8 WatchDog (avg8wd) – AVG Technologies CZ, s.r.o. – C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: WUSB54GSv2SVC – GEMTEKS – C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
End of file – 4486 bytes
combo fix log
ComboFix 08-10-15.08 – peter’s PC 2008-10-16 14:04:54.7 – NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446 [GMT 1:00]
Running from: C:\Documents and Settings\peter’s PC\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\peter’s PC\Application Data\.#
—– BITS: Possible infected sites —–
hxxp://avehosting.freehostingz.com
.
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.
2008-10-16 03:49 . 2008-10-16 03:49 31 –a—— C:\WINDOWS\e2eSoft.ini
2008-10-16 03:41 . 2006-07-05 01:47 196,608 –a—— C:\WINDOWS\system32\StudioProProp.ax
2008-10-16 03:41 . 2007-01-05 21:18 120,320 –a—— C:\WINDOWS\system32\drivers\StudioPro.sys
2008-10-16 03:41 . 2007-04-22 19:27 38,784 –a—— C:\WINDOWS\system32\drivers\vrtaucbl.sys
2008-10-16 01:55 . 2008-10-16 01:55 <DIR> d——– C:\Program Files\Deskshare
2008-10-16 01:55 . 2008-10-16 01:55 <DIR> d——– C:\Program Files\Common Files\DeskShare Shared
2008-10-16 01:55 . 2008-10-16 01:55 356,352 –a—— C:\WINDOWS\eSellerateEngine.dll
2008-10-16 01:55 . 2004-12-07 10:11 258,352 –a—— C:\WINDOWS\system32\Unicows.dll
2008-10-16 01:55 . 2004-03-09 00:00 224,016 –a—— C:\WINDOWS\system32\TABCTL32.OCX
2008-10-16 01:00 . 2008-02-28 21:26 1,414,440 –a—— C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-10-16 01:00 . 2008-02-28 21:01 774,144 –a—— C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-10-15 16:52 . 2008-10-15 17:21 <DIR> d——– C:\Documents and Settings\peter’s PC\Application Data\iTALC
2008-10-14 02:03 . 2008-10-14 02:30 <DIR> d——– C:\Program Files\Tomb Raider – Anniversary
2008-10-13 17:13 . 2008-03-07 08:46 159,232 –a—— C:\WINDOWS\system32\ptpusd.dll
2008-10-13 17:13 . 2008-03-07 01:10 15,104 –a—— C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-13 17:13 . 2008-03-07 01:10 15,104 –a—— C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-13 17:13 . 2001-08-18 04:36 5,632 –a—— C:\WINDOWS\system32\ptpusb.dll
2008-10-13 05:00 . 2008-10-13 05:13 <DIR> d——– C:\Program Files\Jahshaka
2008-10-13 04:59 . 2008-10-13 05:12 <DIR> d——– C:\Program Files\OpenLibraries
2008-10-13 04:59 . 2008-10-13 04:59 262,144 –a—— C:\WINDOWS\system32\wrap_oal.dll
2008-10-13 04:59 . 2008-10-13 04:59 86,016 –a—— C:\WINDOWS\system32\OpenAL32.dll
2008-10-11 13:16 . 2008-10-11 13:16 <DIR> d——– C:\Program Files\NCH Software
2008-10-11 01:53 . 2008-10-11 02:02 <DIR> d——– C:\Program Files\Tiny Utilities
2008-10-11 01:11 . 2008-10-11 01:11 <DIR> d——– C:\Program Files\ZMatrix
2008-10-11 01:11 . 2008-10-13 01:41 <DIR> d——– C:\Documents and Settings\peter’s PC\Application Data\.ZMatrix
2008-10-11 01:11 . 2008-10-11 01:11 68 –a—— C:\WINDOWS\ZMatrixSS.ini
2008-10-10 21:49 . 2008-03-26 13:51 53,248 –a—— C:\WINDOWS\exitwx.exe
2008-10-10 12:58 . 2008-10-10 12:59 <DIR> d——– C:\Program Files\VirtualDJ
2008-10-10 12:58 . 2008-10-10 12:58 119,296 –a—— C:\WINDOWS\run32.sys
2008-10-10 12:58 . 2008-10-10 12:58 163 –a—— C:\WINDOWS\nurtab.bat
2008-10-09 16:36 . 2006-07-28 11:11 252,416 –a—— C:\WINDOWS\system32\ExTvw.ocx
2008-10-09 16:36 . 2003-06-05 22:01 231,424 –a—— C:\WINDOWS\system32\VBTablet.dll
2008-10-09 16:36 . 1998-09-14 21:43 65,536 –a—— C:\WINDOWS\system32\EZTW32.DLL
2008-10-09 16:35 . 2008-10-12 00:53 <DIR> d——– C:\Program Files\PD Artist
2008-10-09 16:35 . 1997-01-16 02:00 71,680 –a—— C:\WINDOWS\ST5UNST.EXE
2008-10-09 16:35 . 1997-01-16 02:00 29,696 –a—— C:\WINDOWS\system32\VB5StKit.dll
2008-10-09 13:36 . 2008-10-09 14:54 <DIR> d——– C:\Program Files\vLite
2008-10-08 22:29 . 2003-06-25 16:05 266,360 –a—— C:\WINDOWS\system32\TweakUI.exe
2008-10-08 22:29 . 2002-06-21 15:09 160,217 –a—— C:\WINDOWS\system32\PowerToysLicense.rtf
2008-10-08 16:23 . 2008-03-26 13:51 47,713 –a—— C:\WINDOWS\system32\drivers\HCDisk.sys
2008-10-08 16:22 . 2008-04-25 17:04 6,144 –a—— C:\WINDOWS\system32\drivers\sioctl.sys
2008-10-08 11:21 . 2002-06-06 23:13 1,077,344 –a—— C:\WINDOWS\system32\mscomctl.ocx
2008-10-07 13:57 . 2002-07-26 17:02 153,088 –a—— C:\WINDOWS\system32\UNWISE.EXE
2008-10-06 13:19 . 2008-10-06 13:41 2,828 –ahs—- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-10-06 13:19 . 2008-10-06 13:41 88 -r-hs—- C:\Documents and Settings\All Users\Application Data\AC1CEFCB12.sys
2008-10-06 13:10 . 2008-10-06 13:10 <DIR> d——– C:\Documents and Settings\peter’s PC\Application Data\InstallShield
2008-10-06 12:16 . 2008-10-06 12:45 88 -r-hs—- C:\WINDOWS\system32\AC1CEFCB12.sys
2008-10-06 11:59 . 2008-10-06 12:45 2,828 –ahs—- C:\WINDOWS\system32\KGyGaAvL.sys
2008-10-05 01:05 . 2008-10-05 01:05 <DIR> d——– C:\Program Files\Common Files\NSV
2008-10-02 08:12 . 2006-11-02 02:50 128,104 –a—— C:\WINDOWS\system32\drivers\WimFltr.sys
2008-09-29 21:41 . 2008-09-10 00:04 38,528 –a—— C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-29 20:32 . 2003-06-23 02:44 1,415,680 –a—— C:\WINDOWS\system32\WMV9VCM.DLL
2008-09-29 20:32 . 1999-12-16 00:01 49,152 –a—— C:\WINDOWS\system32\TSCCVID.DLL
2008-09-22 15:11 . 2008-10-11 13:42 <DIR> d——– C:\Documents and Settings\peter’s PC\Application Data\NCH Swift Sound
2008-09-22 15:11 . 2008-10-11 13:20 <DIR> d——– C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-09-21 21:21 . 2008-09-21 21:21 472,576 –a—— C:\WINDOWS\uninstall.exe
2008-09-21 21:21 . 2008-09-21 21:23 69,736 –a—— C:\WINDOWS\uninstall.dat
2008-09-21 21:21 . 2008-09-21 21:23 312 –a—— C:\WINDOWS\uninstall.xml
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-10-16 12:52 ——— d—–w C:\Program Files\Spybot – Search & Destroy
2008-10-16 04:54 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy
2008-10-16 04:39 ——— d—–w C:\Program Files\Common Files\Nero
2008-10-16 04:12 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-16 02:54 5,632 –sha-w C:\Program Files\Common Files\Thumbs.db
2008-10-15 19:24 ——— d—–w C:\Program Files\Common Files\Download Manager
2008-10-13 18:30 ——— d—–w C:\Program Files\Steam
2008-10-13 04:14 ——— d–h–w C:\Program Files\InstallShield Installation Information
2008-10-12 01:24 ——— d—–w C:\Program Files\RocketDock
2008-10-11 12:41 118,784 —-a-w C:\WINDOWS\Web\Wallpaper\Scenic- Earth Moon Orbit Wallpaper.exe
2008-10-10 23:52 118,784 —-a-w C:\WINDOWS\Web\Wallpaper\Scenic- Earth Moon Orbit Wallpaper dir\uninstall.exe
2008-10-09 19:13 ——— d—–w C:\Program Files\Folder Lock
2008-10-09 16:47 10,520 —-a-w C:\WINDOWS\system32\avgrsstx.dll
2008-10-09 16:47 ——— d—–w C:\Documents and Settings\All Users\Application Data\avg8
2008-10-09 00:36 ——— d—–w C:\Documents and Settings\peter’s PC\Application Data\vghd
2008-10-09 00:08 ——— d—–w C:\Program Files\MotoKit
2008-10-09 00:07 ——— d—–w C:\Program Files\DivX
2008-10-06 06:53 ——— d—–w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-05 01:05 118,784 —-a-w C:\WINDOWS\Web\Wallpaper\Flight Over New York Wallpaper.exe
2008-10-04 00:18 ——— d—–w C:\Program Files\Styler
2008-10-03 23:08 118,784 —-a-w C:\WINDOWS\Web\Wallpaper\Flight Over New York Wallpaper dir\uninstall.exe
2008-10-03 11:17 ——— d—–w C:\Program Files\Common Files\Adobe
2008-09-30 14:06 ——— d—–w C:\Program Files\Malwarebytes’ Anti-Malware
2008-09-27 00:41 ——— d—–w C:\Documents and Settings\peter’s PC\Application Data\dvdcss
2008-09-18 19:39 ——— d—–w C:\Documents and Settings\peter’s PC\Application Data\OpenOffice.org2
2008-09-15 14:41 ——— d—–w C:\Documents and Settings\peter’s PC\Application Data\Winamp
2008-09-13 13:03 133,872 —-a-w C:\WINDOWS\~GLC0001.TMP
2008-09-13 13:01 133,872 —-a-w C:\WINDOWS\~GLC0000.TMP
2008-09-13 12:56 152,920 —-a-w C:\WINDOWS\system32\vghd.scr
2008-09-09 23:03 17,200 —-a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-06 22:57 107,888 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-06 22:57 ——— d–h–r C:\Documents and Settings\peter’s PC\Application Data\SecuROM
2008-09-02 18:17 ——— d—–w C:\Program Files\Applications
2008-09-01 10:38 ——— d—–w C:\Program Files\MSN Messenger
2008-09-01 10:38 ——— d—–w C:\Program Files\Messenger Plus! Live
2008-09-01 03:15 97,928 —-a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-30 01:58 ——— d—–w C:\Program Files\OpenOffice.org 2.1
2008-08-28 22:31 ——— d—–w C:\Program Files\Windows Live
2008-08-27 21:34 ——— d—–w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-25 23:00 ——— d—–w C:\Program Files\Motherboard Monitor 5
2008-08-25 23:00 ——— d—–w C:\Program Files\FREE Hi-Q Recorder
2008-08-25 22:56 ——— d—–w C:\Program Files\Winamp
2008-08-17 16:30 8,704 –sha-w C:\Program Files\Thumbs.db
2008-07-25 18:06 720,896 —-a-w C:\WINDOWS\iun6002.exe
2008-07-17 13:38 51,712 —-a-w C:\WINDOWS\system32\sirenacm.dll
2008-05-24 23:16 89 -c–a-w C:\WINDOWS\system32\config\systemprofile\Del20DA.b at
2008-05-24 23:16 89 —-a-w C:\Documents and Settings\Default User\Del20DA.bat
2008-05-13 09:54 89 ——w C:\Documents and Settings\Default User\Del20DE.bat
2008-03-19 20:55 113,664 -c–a-w C:\WINDOWS\inf\hdaudio.sys
2001-11-23 19:08 712,704 -c—-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2008-05-24 23:23 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
2008-05-24 23:23 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-05-24 23:23 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052420080 525\index.dat
2008-05-24 23:23 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
——- Sigcheck ——-
2008-03-19 21:55 361344 cef393e4697b14d310320a62c3643f77 C:\WINDOWS\system32\drivers\tcpip.sys
2008-03-19 21:59 2227072 0ee1df3c80ee02cf2bd1ef43ae443d80 C:\WINDOWS\system32\ntkrnlpa.exe
2008-03-19 21:54 2350208 6ca4f9e8435530a6791e40a62f0bcc8e C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"TransBar"="C:\Documents and Settings\peter’s PC\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe" [2005-06-01 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"MBM 5"="C:\PROGRAM FILES\MOTHERBOARD MONITOR 5\MBM5.EXE" [2004-06-12 594944]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-09 1235736]
"C-Media Mixer"="Mixer.exe" [2002-07-13 C:\WINDOWS\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2008-03-19 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\peter’s PC\Start Menu\Programs\Startup\
Styler.lnk – C:\Documents and Settings\peter’s PC\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [5/25/2008 12:25:04 AM 15086]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMHelp"= 01000000
"NoResolveSearch"= 1 (0×1)
"NoResolveTrack"= 1 (0×1)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\andy_birk\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"8054:TCP"= 8054:TCP:BitComet 8054 TCP
"8054:UDP"= 8054:UDP:BitComet 8054 UDP
"85:TCP"= 85:TCP:BroadWave Web Server
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-01 97928]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 231704]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GSv2.exe [ ]
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]
S2 StudioPro;StudioPro webcam;C:\WINDOWS\system32\DRIVERS\StudioPro.sys [2007-01-05 120320]
S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2007-04-22 38784]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRI VERS\motccgpfl.sys [2007-01-22 7680]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 SIoctl;SIoctl;c:\windows\system32\drivers\sioctl.s ys [2008-04-25 6144]
S4 icas;iTALC Client;C:\Program Files\iTALC\ica.exe [ ]
*Newly Created Service* – GTNDIS5
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
.
——- Supplementary Scan ——-
.
FireFox -: Profile – C:\Documents and Settings\peter’s PC\Application Data\Mozilla\Firefox\Profiles\w6863rbh.default\
FireFox -: prefs.js – STARTUP.HOMEPAGE – www.google.com
.
.
——- File Associations ——-
.
inffile=C:\WINDOWS\system32\Notepad2.exe %1
inifile=C:\WINDOWS\system32\Notepad2.exe %1
txtfile=C:\WINDOWS\system32\Notepad2.exe %1
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista – rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 14:07:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files:
************************************************** ************************
.
Completion time: 2008-10-16 14:07:59
ComboFix-quarantined-files.txt 2008-10-16 13:07:55
Pre-Run: 44,946,411,520 bytes free
Post-Run: 44,951,990,272 bytes free
215