Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dont Know


  • This topic is locked This topic is locked
4 replies to this topic

#1 jimbean

jimbean

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 21 February 2008 - 05:25 PM

i am using win xp pro with ie6 ive visited a couple of sites that threw me about 10 virus`s according to avg free edition
i also run spybot {latest} with all updates
this is a fresh install of xp pro
now all of the time i keep getting a message on my computer screen that say`s {quote}
work offline
no connection to the internet is currently available
to view content that has been saved on your computer click work offline click try again to attempt to connect
then in 2 boxes below that, one of them says
work offline
and the other says try again


this is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:34 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - C:\WINDOWS\system32\vtuvtro.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O20 - Winlogon Notify: vtuvtro - C:\WINDOWS\SYSTEM32\vtuvtro.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5650 bytes

sorry guys
i know this is somekind of glitch in the registry
its happened about 20 times before
and ive always either reinstalled windows over itsself
or used linux
and i know its either spyware or a virus
i have clicked the option in the file menu for working online and it keeps resetting
to working offline
ive also clicked network settings to disable notification of offline avalibility
i dont want to be a pain but you guys know more than i do

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:54 AM

Posted 21 February 2008 - 05:50 PM

Hello jimbean,

Welcome to Bleeping Computer :thumbsup:

Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As":
http://www.mvps.org/winhelp2002/DelDomains.inf
Save the file to the desktop. Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal. Then please restart your computer, and post a new HijackThis log.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 jimbean

jimbean
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 21 February 2008 - 06:40 PM

thanks for reply

hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:41 PM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - C:\WINDOWS\system32\vtuvtro.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O20 - Winlogon Notify: vtuvtro - C:\WINDOWS\SYSTEM32\vtuvtro.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4990 bytes


ComboFix 08-02-21 - l 2008-02-21 18:12:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.604 [GMT -5:00]
Running from: C:\Documents and Settings\l\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\l\Application Data\inst.exe
C:\Temp\isgTi19
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\urqolll.dll
C:\WINDOWS\system32\vtutrpm.dll
C:\WINDOWS\system32\vtuvtro.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-18 18:20 . 2008-02-18 18:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-18 17:14 . 2008-02-18 17:14 <DIR> d-------- C:\Program Files\Download Manager
2008-02-18 17:13 . 2008-02-18 17:42 <DIR> d-------- C:\Documents and Settings\l\Application Data\IGN_DLM
2008-02-18 05:25 . 2008-02-18 05:25 31,744 --a------ C:\Documents and Settings\l\win.exe
2008-02-17 12:04 . 2008-02-17 12:07 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-02-17 12:04 . 2008-02-17 12:07 54,736 --a------ C:\WINDOWS\War3Unin.dat
2008-02-17 12:04 . 2008-02-17 12:07 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-02-17 11:44 . 2008-02-17 11:44 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-17 08:47 . 2008-02-17 09:31 <DIR> d-------- C:\Program Files\DOSBox-0.72
2008-02-17 08:43 . 2008-02-17 08:43 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-17 08:00 . 2008-02-17 08:02 <DIR> d-------- C:\sdd53a
2008-02-17 08:00 . 1996-04-09 23:04 175,104 --a------ C:\WINDOWS\hdk3ctnt.dll
2008-02-17 06:30 . 2008-02-21 18:12 <DIR> d-------- C:\Temp
2008-02-10 17:44 . 2008-02-10 17:44 <DIR> d-------- C:\WINDOWS\desktop
2008-02-10 17:44 . 2008-02-10 17:44 <DIR> d-------- C:\Program Files\LucasArts
2008-02-10 17:41 . 2008-02-10 17:42 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-10 14:38 . 1997-01-18 10:40 299,520 --a------ C:\WINDOWS\uninst.exe
2008-02-10 12:53 . 2008-02-10 12:53 <DIR> d-------- C:\Program Files\Microsoft Games
2008-02-09 15:49 . 2008-02-10 18:02 <DIR> d-------- C:\pictures
2008-02-09 08:42 . 2008-02-09 08:42 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-08 06:59 . 2008-02-09 21:26 67 --a------ C:\WINDOWS\SOLITUDE.INI
2008-02-04 17:35 . 2008-02-18 16:41 <DIR> d-------- C:\Program Files\Warcraft III
2008-02-03 20:24 . 2008-02-03 20:24 <DIR> d-------- C:\Documents and Settings\s\mahjongg3d
2008-02-03 20:11 . 2008-02-03 20:11 42 --a------ C:\WINDOWS\PIN.INI
2008-02-03 20:09 . 2008-02-03 20:09 <DIR> d-------- C:\Documents and Settings\l\mahjongg3d
2008-02-03 20:07 . 2008-02-03 20:09 <DIR> d-------- C:\Program Files\soldeluxe
2008-02-03 20:02 . 2008-02-03 20:02 <DIR> d-------- C:\Program Files\Cards.2005.01
2008-02-03 19:58 . 2008-02-03 19:58 <DIR> d-------- C:\WINDOWS\Preferences
2008-02-03 19:58 . 2008-02-06 07:36 <DIR> d-------- C:\Program Files\Solitude for Windows
2008-02-03 19:58 . 2008-02-03 19:58 <DIR> d-------- C:\Program Files\PySol-4.41
2008-02-03 19:58 . 2008-02-03 19:58 <DIR> d-------- C:\Documents and Settings\l\WINDOWS
2008-02-03 19:58 . 1997-08-26 12:06 315,904 --a------ C:\WINDOWS\IsUninst.exe
2008-02-03 19:33 . 2008-02-03 20:22 <DIR> d-------- C:\Program Files\Bikini Solitaire V1.0.3
2008-02-03 19:33 . 2005-06-26 11:06 77,824 --a------ C:\WINDOWS\system32\GkSui20.EXE
2008-02-03 19:33 . 2008-02-03 20:22 58 --a------ C:\WINDOWS\wyvern.ini
2008-02-03 19:04 . 2008-02-03 19:04 <DIR> d-------- C:\Program Files\FastStone Image Viewer
2008-02-03 19:04 . 2008-02-03 19:04 <DIR> d-------- C:\Documents and Settings\l\Application Data\FastStone
2008-02-03 18:59 . 2008-02-03 18:59 <DIR> d-------- C:\Program Files\IrfanView
2008-02-03 18:17 . 2008-02-03 18:17 <DIR> d-------- C:\Program Files\Analog Devices
2008-02-03 18:15 . 2008-02-03 18:15 19,579 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-02-03 18:15 . 2004-04-27 02:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-02-03 18:15 . 2004-08-12 21:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-02-03 17:42 . 2008-02-03 17:42 <DIR> d-------- C:\WINDOWS\Bus Driver
2008-02-03 17:42 . 2008-02-03 17:42 <DIR> d-------- C:\Program Files\Bus Driver
2008-02-03 16:21 . 2008-02-03 16:21 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-02-03 16:18 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-02-03 16:16 . 2008-02-03 16:16 <DIR> d-------- C:\Program Files\Evolved Games
2008-02-03 08:44 . 2008-02-03 08:44 <DIR> d-------- C:\Program Files\dbackup
2008-02-01 21:10 . 2006-12-18 16:34 446,464 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2008-02-01 21:10 . 2006-04-14 14:00 208,896 --a------ C:\WINDOWS\system32\nvuide.exe
2008-02-01 21:10 . 2006-02-20 13:00 1,570 --a------ C:\WINDOWS\system32\nvide.nvu
2008-02-01 21:09 . 2008-02-01 21:09 <DIR> d-------- C:\Documents and Settings\l\Application Data\InstallShield
2008-02-01 21:09 . 2006-12-18 16:33 356,352 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-02-01 21:09 . 2006-12-18 16:33 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2008-02-01 21:09 . 2006-02-17 11:28 101,632 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
2008-02-01 21:09 . 2005-12-08 12:06 3,657 --a------ C:\WINDOWS\system32\nvnrm.nvu
2008-02-01 21:09 . 2006-02-20 13:00 1,864 --a------ C:\WINDOWS\system32\nvsmb.nvu
2008-02-01 21:07 . 2008-02-01 21:07 <DIR> d-------- C:\WINDOWS\nview
2008-02-01 21:07 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-02-01 21:07 . 2008-02-01 16:12 140,158 --a------ C:\WINDOWS\system32\nvapps.xml
2008-02-01 21:07 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-02-01 21:06 . 2008-02-01 16:10 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-02-01 21:06 . 2007-10-04 18:16 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-02-01 21:05 . 2008-02-01 21:08 <DIR> d-------- C:\NVIDIA
2008-02-01 19:10 . 2008-02-21 08:00 <DIR> d-------- C:\Documents and Settings\s\Application Data\AVG7
2008-02-01 18:34 . 2008-02-01 18:34 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-02-01 18:34 . 2008-02-01 18:34 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-02-01 18:34 . 2008-02-01 18:34 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-02-01 18:21 . 2008-02-01 18:21 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-02-01 18:21 . 2008-02-01 18:29 34,760 --a------ C:\WINDOWS\DIIUnin.dat
2008-02-01 18:21 . 2008-02-01 18:21 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-02-01 18:18 . 2008-02-03 05:56 <DIR> d-------- C:\Program Files\Diablo II
2008-02-01 17:49 . 2008-02-01 17:49 <DIR> d-------- C:\Program Files\VSO
2008-02-01 17:49 . 2008-02-17 07:40 <DIR> d-------- C:\Documents and Settings\l\Application Data\Vso
2008-02-01 17:49 . 2008-02-01 17:49 94,208 --a------ C:\WINDOWS\system32\drivers\ezplay.sys
2008-02-01 17:49 . 2008-02-01 17:49 94,208 --a------ C:\Documents and Settings\l\Application Data\ezplay.sys
2008-02-01 17:49 . 2008-02-01 17:49 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-01 17:49 . 2008-02-01 17:49 47,360 --a------ C:\Documents and Settings\l\Application Data\pcouffin.sys
2008-02-01 17:48 . 2008-02-01 17:48 <DIR> d-------- C:\Program Files\7-Zip
2008-02-01 17:30 . 2008-02-01 17:30 <DIR> d-------- C:\Documents and Settings\l\Application Data\DAEMON Tools
2008-02-01 17:29 . 2008-02-01 17:31 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-01 17:27 . 2008-02-01 17:27 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-01 16:45 . 2008-02-01 16:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-01 16:45 . 2008-02-01 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 16:34 . 2008-02-01 16:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-01 16:34 . 2008-02-21 16:27 <DIR> d-------- C:\Documents and Settings\l\Application Data\AVG7
2008-02-01 16:34 . 2008-02-01 16:34 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-01 16:34 . 2008-02-01 16:34 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-02-01 16:33 . 2008-02-01 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-01 16:33 . 2008-02-02 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-01 16:11 . 2008-02-01 16:11 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-02-01 16:11 . 2008-02-03 18:17 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-02-01 16:11 . 2008-02-01 16:11 1,024 --a------ C:\.rnd
2008-02-01 16:11 . 2008-02-01 16:11 22 --a------ C:\WINDOWS\FileName
2008-02-01 15:00 . 2001-08-17 08:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 01:06 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 11:51 486856]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57 1103480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40 270336]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-01 16:33 579072]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 20:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35 716800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-01 16:33 219136]


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 18:26:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2008-02-21 18:26:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-21 23:26:49

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:54 AM

Posted 25 February 2008 - 06:17 PM

Hello,

Hope you had a nice weekend. :thumbsup:

Looks like Tea Timer interfered there. :blink: So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

Now please run ComboFix again and post the report.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:54 AM

Posted 05 March 2008 - 04:02 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users