Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

007guard.com


  • Please log in to reply
1 reply to this topic

#1 deadlyskull1977

deadlyskull1977

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 04 November 2007 - 05:27 AM

Hello, i have been looking at my netstat and my computer keeps connection to www.007guard.com once in a while i will get a popup on my screen telling me that i am infected with something and to download the scanner to remove it.

any help would be appreciated,


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:28:54 AM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1192328639453
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 4473 bytes

Here Is My Combofix Log

ComboFix 07-11-01.1 - Administrator 2007-11-04 16:06:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2636 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.
ADS - svchost.exe: deleted 88 bytes in 2 streams.

((((((((((((((((((((((((( Files Created from 2007-10-04 to 2007-11-04 )))))))))))))))))))))))))))))))
.

2007-11-04 16:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-04 05:51 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2007-11-04 05:50 <DIR> d-------- C:\Program Files\The Cleaner Free
2007-11-04 05:32 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-04 05:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-04 05:05 <DIR> d-------- C:\Program Files\BillP Studios
2007-11-04 05:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\WinPatrol
2007-11-04 04:56 <DIR> d-------- C:\Program Files\WhatsRunning
2007-11-04 04:44 <DIR> d-------- C:\Program Files\Karen's Power Tools
2007-11-04 03:18 <DIR> d-------- C:\Program Files\Jetico
2007-11-04 03:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Kerio
2007-11-04 02:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-04 02:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-04 02:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-04 02:31 <DIR> d-------- C:\VundoFix Backups
2007-11-04 02:04 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-04 01:54 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-04 01:19 <DIR> d-------- C:\WINDOWS\$NtIninstallie7beta2$
2007-11-03 15:43 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-03 15:36 <DIR> d-------- C:\Program Files\Rockstar Games
2007-11-03 14:33 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2007-11-03 14:29 <DIR> d-------- C:\Program Files\cdv Software Entertainment USA
2007-11-03 03:32 <DIR> d-------- C:\Program Files\Zero Popup
2007-11-03 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
2007-11-02 21:47 <DIR> d-------- C:\Program Files\Windows Resource Kits
2007-11-01 19:30 352,137 --a------ C:\swlist.reg
2007-11-01 19:07 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-01 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-01 15:20 <DIR> d-------- C:\Program Files\Logitech
2007-11-01 15:20 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-11-01 02:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2007-11-01 01:19 <DIR> d-------- C:\Program Files\MySpeed PC Lite Edition
2007-11-01 00:26 <DIR> d-------- C:\Program Files\Microsoft User Agent String Utility
2007-10-31 03:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2007-10-31 03:00 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2007-10-31 02:43 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-10-31 02:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlarySoft
2007-10-30 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cheat Badger
2007-10-30 23:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AweSEM
2007-10-30 23:18 402,784 --a------ C:\WINDOWS\system32\deploytk.dll
2007-10-30 21:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PopupCop
2007-10-29 17:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Premium Security Suite
2007-10-29 17:38 <DIR> d-------- C:\Program Files\Avira
2007-10-29 17:38 68,776 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2007-10-29 17:38 61,096 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2007-10-29 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Eset
2007-10-29 16:42 <DIR> d-------- C:\Program Files\GameHouse
2007-10-28 15:44 30,601 --a------ C:\Documents and Settings\Administrator\x.exe
2007-10-28 15:40 <DIR> d-------- C:\Program Files\VisualRoute Lite Edition
2007-10-28 15:39 <DIR> d-------- C:\Documents and Settings\Administrator\vw
2007-10-28 15:39 <DIR> d-------- C:\Documents and Settings\Administrator\MySpeed PC
2007-10-28 04:49 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-10-28 04:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2007-10-28 04:49 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-28 04:49 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-28 04:49 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-28 04:49 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-28 04:49 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-28 04:49 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-28 04:28 <DIR> d-------- C:\Program Files\a-squared Free
2007-10-28 04:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2007-10-28 04:04 675,328 --a------ C:\WINDOWS\is-T7R36.exe
2007-10-28 04:04 344,064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2007-10-28 04:04 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-10-25 14:47 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-25 04:02 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
2007-10-25 03:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DMCache
2007-10-24 21:00 <DIR> d-------- C:\Program Files\Ventrilo
2007-10-24 21:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo
2007-10-24 20:59 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-24 20:59 <DIR> d-------- C:\Program Files\VentSrv
2007-10-24 17:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2007-10-24 17:35 <DIR> d-------- C:\Program Files\Uniblue
2007-10-24 02:19 <DIR> d-------- C:\Program Files\FriendBlasterPro
2007-10-24 02:19 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-10-23 18:05 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2007-10-23 18:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-22 16:08 30,976 --a------ C:\WINDOWS\rascntrl.dll
2007-10-22 16:08 23,104 --a------ C:\WINDOWS\system32\svcprmpt.dll
2007-10-22 04:18 4 --a------ C:\WINDOWS\system32\vm.exe
2007-10-21 16:18 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-21 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-21 16:18 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-21 16:17 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-21 02:49 271 --a------ C:\WINDOWS\PowerReg.dat
2007-10-21 02:48 <DIR> d-------- C:\Program Files\Infogrames Interactive
2007-10-21 02:47 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-10-20 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-19 23:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sandbox
2007-10-19 23:36 <DIR> d-------- C:\Program Files\Sandboxie
2007-10-19 17:33 <DIR> d-------- C:\WINDOWS\system32\ebay
2007-10-19 17:33 <DIR> d-------- C:\Program Files\Ashampoo
2007-10-19 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2007-10-19 17:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ashampoo
2007-10-18 20:33 <DIR> d-------- C:\Program Files\AC3Filter
2007-10-17 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2007-10-17 02:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2007-10-16 22:58 16 --a------ C:\WINDOWS\popcinfo.dat
2007-10-16 22:56 <DIR> d-------- C:\Program Files\Bejeweled 2 Deluxe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-04 08:27 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-11-04 08:18 5,906 ----a-w C:\WINDOWS\system32\drivers\kwflower.log
2007-11-04 08:17 2,937 ----a-w C:\WINDOWS\system32\drivers\kwfupper.log
2007-11-03 05:20 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-10-25 09:02 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-10-25 09:02 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-10-23 22:51 103,296 ----a-w C:\WINDOWS\system32\drivers\Rtenicxp.sys
2007-10-22 07:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 07:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-14 04:38 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-10-12 19:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 19:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-04 02:55 80,424 ----a-w C:\WINDOWS\system32\drivers\SI3132.sys
2007-10-04 02:55 19,240 ----a-w C:\WINDOWS\system32\drivers\SiWinAcc.sys
2007-10-04 02:55 15,400 ----a-w C:\WINDOWS\system32\drivers\SiRemFil.sys
2007-10-04 02:55 119,848 ----a-w C:\WINDOWS\system32\SilSupp.dll
2007-10-02 13:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-09-28 16:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-09-28 16:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-09-28 16:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-09-14 00:41 51,608 ----a-w C:\WINDOWS\system32\drivers\WmXlCore.sys
2007-09-14 00:41 29,976 ----a-w C:\WINDOWS\system32\drivers\WmFilter.sys
2007-09-14 00:41 14,744 ----a-w C:\WINDOWS\system32\drivers\WmVirHid.sys
2007-09-14 00:40 234,008 ----a-w C:\WINDOWS\system32\WmJoyFrc.dll
2007-09-14 00:40 19,352 ----a-w C:\WINDOWS\system32\drivers\WmBEnum.sys
2007-09-13 13:45 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2007-08-13 23:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 23:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 23:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 23:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 23:42 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
2007-08-13 23:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 23:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 23:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 23:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 23:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-04_ 1.52.55.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-04 07:04:39 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2007-11-04 07:04:39 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2007-11-04 07:04:39 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2007-11-04 07:04:41 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2007-10-25 15:26:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-10-25 15:26:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2007-11-04 07:04:42 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2007-11-04 07:04:39 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2007-10-25 15:26:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2007-10-25 15:26:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2007-11-04 07:49:07 34,304 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2007-11-04 07:49:07 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-11-04 10:32:10 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2007-11-04 10:32:10 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2007-11-04 10:32:10 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2007-11-04 10:32:10 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2007-07-11 19:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 18:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-28 13:48:24 65,024 ----a-w C:\WINDOWS\system32\drivers\kvpndrv.sys
+ 2007-08-07 18:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-06-06 23:58:20 1,163,264 ----a-w C:\WINDOWS\system32\kticonv80.dll
+ 2007-06-06 23:58:20 921,600 ----a-w C:\WINDOWS\system32\ktlibeay80_0.9.8.2.dll
+ 2007-06-06 23:58:30 188,416 ----a-w C:\WINDOWS\system32\ktssleay80_0.9.8.2.dll
+ 2007-06-06 23:58:30 102,400 ----a-w C:\WINDOWS\system32\ktzlib80.dll
+ 2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
- 2007-11-04 06:18:10 70,124 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-04 08:19:06 70,124 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-04 06:18:10 436,360 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-04 08:19:06 436,360 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2007-10-29 17:41]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-23 12:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe"
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE"
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe"
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys
S3 jswmidin;jswmidin;\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jswmidin.sys
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys
S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter LmHosts RemoteRegistry upnphost SSDPSRV

.
Contents of the 'Scheduled Tasks' folder
"2007-11-04 08:24:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 16:07:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-04 16:07:17
.
--- E O F ---

Edited by deadlyskull1977, 04 November 2007 - 04:09 PM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:58 AM

Posted 23 November 2007 - 10:33 AM

I apologize for the very long delay. We have been very busy and it has been taking us greater time than normal to get the logs caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. DO not attach them.

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users