New Posts  All Forums:Forum Nav:

Is this a virus?? - Page 5

post #41 of 113
Be assured its not an virus/malware/spyware/adware....

You have just chipped of the uxtheme.dll which is responsible for themes on xp and runs when you just log in..
This uxtheme.dll and your luna theme in c:\\windows\
esources
is required to be intact..

the cure for u'r problem is find and del uxtheme.dll and luna theme when win xp cd is in cd drive it will replace automatically....restart...download uxtheme patcher patch theme and use your downloaded themes....

No need to reinstall or format hdd.
post #42 of 113
If you haven't been able to delete them, you might have problems trying to use IE.

If you have deleted them and still having issues, try resetting IE6

Control Panel > (classic view) > Internet Options > Programs Tab > reset web settings. Then try again.

There is also www.bitdefender.com housecall.trendmicro.com etc
post #43 of 113
Thread Starter 
i cant delete it either.
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
post #44 of 113
Thread Starter 
Quote:
Originally Posted by bver View Post
Also after you finish, restart into safemode w net and run a scan just to be safe.

www.eset.com/onlinescan ( I happen to like this one, Its free )

sorry to say, but the site's full of ads and popups...it doesnt work on my firefox as well as IE.
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
post #45 of 113
Quote:
Originally Posted by AVR512 View Post
sorry to say, but the site's full of ads and popups...it doesnt work on my firefox as well as IE.
I just oppened the website, and i had no issues with pop ups in IE7.
    
CPUMotherboardGraphicsRAM
Core2 Quad Q6600 Asus Striker Extreme EVGA 88000GTS KO 640MB 2x2Gig PATRIOT Viper Fin 
Hard DriveOptical DriveOSMonitor
250Gb Hitachi // 160Gb Samsung 20X LG DVD R/RW Vista Business 64bit/Fedora9/Slackware Syncmaster 2232 BW 22" 
KeyboardPowerCaseMouse
Logitech G15 Sigma Shark SP-635W Coolermaster Stacker 830 SE Logitech G5 
Mouse Pad
CMSTACKER 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core2 Quad Q6600 Asus Striker Extreme EVGA 88000GTS KO 640MB 2x2Gig PATRIOT Viper Fin 
Hard DriveOptical DriveOSMonitor
250Gb Hitachi // 160Gb Samsung 20X LG DVD R/RW Vista Business 64bit/Fedora9/Slackware Syncmaster 2232 BW 22" 
KeyboardPowerCaseMouse
Logitech G15 Sigma Shark SP-635W Coolermaster Stacker 830 SE Logitech G5 
Mouse Pad
CMSTACKER 
  hide details  
Reply
post #46 of 113
ComboFix.

Download and run it.
Do not click anywhere else or it might cause your system to freeze.

It may or may not restart your computer. Please save all your works before running this tool.

Then just post the C:\\combofix.txt here.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenon II X4 946 3Ghz A790GXM-AD3 Black Series XFX HD5750 1GB 4GB DDR3 
OSMonitorKeyboardPower
Windows 7 Ultimate X64 Samsung 932BW Clone ZM500-HP 
CaseMouseMouse Pad
CaseMall ATX R120-V2 SE Black Logitech G5 Steelpad 5L 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenon II X4 946 3Ghz A790GXM-AD3 Black Series XFX HD5750 1GB 4GB DDR3 
OSMonitorKeyboardPower
Windows 7 Ultimate X64 Samsung 932BW Clone ZM500-HP 
CaseMouseMouse Pad
CaseMall ATX R120-V2 SE Black Logitech G5 Steelpad 5L 
  hide details  
Reply
post #47 of 113
Thread Starter 
i use ie6, and remember my pc is full of viruses right now....they might have caused it....my apologies if that's true.
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
post #48 of 113
Configure a clean boot.

Start > Run > msconfig > general tab

Selective startup > Uncheck everything but load system services, and use original boot.ini

Click on the services tab > check "Hide all Microsoft Services" then click disable all.

Click OK > and then click restart > Tap F8 as soon as your screen goes blank and select Safe Mode with Networking.

Once in Safe W Networking run Hijack This and try and delete them again.

IF you can delete them make sure you reset IE before opening the page.
post #49 of 113
Thread Starter 
ComboFix 08-05-27.4 - Abhishek 2008-05-29 0:29:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.596 [GMT 5.5:30]
Running from: D:\\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\\WINDOWS\\BM7fb07650.xml
C:\\WINDOWS\\pskt.ini
C:\\WINDOWS\\system32\\efcAqPGV.dll
C:\\WINDOWS\\system32\\fftumemf.ini
C:\\WINDOWS\\system32\\jtcqduxs.dll
C:\\WINDOWS\\system32\\lkxvjnoc.dll
C:\\WINDOWS\\system32\\mcrh.tmp
C:\\WINDOWS\\system32\\SCIPstwa.ini
C:\\WINDOWS\\system32\\SCIPstwa.ini2
C:\\WINDOWS\\system32\\sxudqctj.ini
C:\\WINDOWS\\system32\\VGPqAcfe.ini
C:\\WINDOWS\\system32\\VGPqAcfe.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.

2008-05-28 23:49 . 2008-05-28 23:49<DIR>d--------C:\\Program Files\\Trend Micro
2008-05-28 22:33 . 2008-05-28 22:3359,392--a------C:\\WINDOWS\\system32\\iifdbBTK.dll
2008-05-28 22:33 . 2008-05-28 22:3317,878--ah-----C:\\WINDOWS\\system32\\vcmgcd32.dl_
2008-05-28 19:01 . 2008-05-28 21:3636,864--a------C:\\WINDOWS\\system32\\vcmgcd32.dll
2008-05-28 18:54 . 2008-05-28 18:54<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\InfraRecorder
2008-05-28 18:51 . 2008-05-28 18:51359,040--a------C:\\WINDOWS\\system32\\drivers\\TCPIP.SYS.ORIGINAL
2008-05-28 18:50 . 2008-05-28 18:50104--a------C:\\WINDOWS\\_vmtxp.ini
2008-05-28 16:02 . 2008-05-28 16:15972--a------C:\\WINDOWS\\_delis32.ini
2008-05-28 15:01 . 2008-05-28 15:02<DIR>d--------C:\\WINDOWS\\system32\\NtmsData
2008-05-28 13:49 . 2008-05-28 21:36<DIR>d--------C:\\Program Files\\Common Files\\Symantec Shared
2008-05-28 13:49 . 2008-05-28 21:36<DIR>d--------C:\\Documents and Settings\\All Users\\Application Data\\Symantec
2008-05-28 13:38 . 2008-05-28 13:39<DIR>d--------C:\\Program Files\\bleem
2008-05-28 12:58 . 2008-05-28 12:58<DIR>d--------C:\\Documents and Settings\\Administrator
2008-05-28 01:31 . 2008-05-28 22:02<DIR>d--------C:\\Program Files\\Internet Download Manager
2008-05-28 01:31 . 2008-05-28 18:04<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\IDM
2008-05-28 01:31 . 2008-05-29 00:27<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\DMCache
2008-05-28 01:17 . 2008-05-28 01:17<DIR>d--------C:\\Program Files\\Golden FTP Server
2008-05-27 22:02 . 2008-05-27 22:02<DIR>d--------C:\\Program Files\\MSECache
2008-05-27 21:47 . 2008-05-27 21:47<DIR>dr-h-----C:\\MSOCache
2008-05-27 21:43 . 2008-05-27 21:43<DIR>d--h-----C:\\WINDOWS\\system32\\GroupPolicy
2008-05-27 21:25 . 2008-05-27 21:25<DIR>d--------C:\\Program Files\\beetel ADSL
2008-05-27 21:25 . 2008-05-27 21:0498,304--a------C:\\WINDOWS\\system32\\instDll.dll
2008-05-27 21:25 . 2008-05-27 21:0424,576--a------C:\\WINDOWS\\system32\\delaySpawn.exe
2008-05-27 21:25 . 2008-05-27 21:0413,809---------C:\\WINDOWS\\wwdslcfg.ini
2008-05-27 16:04 . 2008-05-27 16:04<DIR>d--------C:\\Program Files\\Pixarra
2008-05-27 14:46 . 2008-05-27 14:4659,392--a------C:\\WINDOWS\\system32\\yayxwwvU.dll
2008-05-27 14:45 . 2008-05-27 14:4559,392--a------C:\\WINDOWS\\system32\\cbXQgGWo.dll
2008-05-27 14:43 . 2008-05-27 14:43<DIR>d--------C:\\Program Files\\Stardock
2008-05-27 14:43 . 2002-11-22 00:00221,184--a------C:\\WINDOWS\\system32\\DartSock.dll
2008-05-27 14:43 . 2002-11-25 00:00118,784--a------C:\\WINDOWS\\system32\\DartWeb.dll
2008-05-27 14:43 . 2000-10-10 00:0049,152--a------C:\\WINDOWS\\system32\\DartObjects.dll
2008-05-26 19:48 . 2008-05-26 19:48<DIR>d--------C:\\Program Files\\uTorrent
2008-05-26 19:48 . 2008-05-28 11:44<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\uTorrent
2008-05-26 19:42 . 2008-05-26 19:42<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\Media Player Classic
2008-05-26 19:33 . 2008-05-26 19:33<DIR>d--------C:\\Program Files\\ffdshow
2008-05-26 19:33 . 2007-01-01 00:0060,273--a------C:\\WINDOWS\\system32\\pthreadGC2.dll
2008-05-26 19:33 . 2007-10-21 19:087,680--a------C:\\WINDOWS\\system32\\ff_vfw.dll
2008-05-26 19:33 . 2007-10-21 19:086,144--a------C:\\WINDOWS\\system32\\ff_acm.acm
2008-05-26 19:33 . 2007-01-01 00:00547--a------C:\\WINDOWS\\system32\\ff_vfw.dll.manifest
2008-05-26 19:22 . 2008-05-26 19:221,169--a------C:\\WINDOWS\\mozver.dat
2008-05-26 07:01 . 2008-05-28 21:5869--a------C:\\WINDOWS\\NeroDigital.ini
2008-05-26 05:04 . 2001-08-17 19:293,072--a------C:\\WINDOWS\\system32\\drivers\\audstub.sys
2008-05-26 05:03 . 2004-08-04 06:2674,240--a------C:\\WINDOWS\\system32\\usbui.dll
2008-05-26 05:03 . 2004-08-04 04:2957,472--a------C:\\WINDOWS\\system32\\drivers\
edbook.sys
2008-05-26 05:03 . 2004-08-04 04:3746,464--a------C:\\WINDOWS\\system32\\drivers\\GAGP30KX.SYS
2008-05-26 05:03 . 2001-08-17 17:4327,165--a------C:\\WINDOWS\\system32\\drivers\\fetnd5.sys
2008-05-26 05:01 . 2008-05-29 00:32<DIR>d--------C:\\WINDOWS\\system32\\CatRoot2
2008-05-26 05:01 . 2008-05-27 14:45<DIR>dr-------C:\\Documents and Settings\\All Users\\Documents
2008-05-26 05:00 . 2008-05-26 00:17261--a------C:\\WINDOWS\\system32\\$winnt$.inf
2008-05-26 03:59 . 2008-05-26 03:59<DIR>d--------C:\\Unzipped
2008-05-26 01:21 . 2008-05-26 01:243,635--a------C:\\WINDOWS\\VGSCDAPI.VXD
2008-05-26 01:18 . 2008-05-26 03:14<DIR>d--h-----C:\\WINDOWS\\$hf_mig$
2008-05-26 01:16 . 2008-05-26 01:160--a------C:\\WINDOWS\
sreg.dat
2008-05-12 18:26 . 2008-02-15 20:42206,256--a------C:\\WINDOWS\\system32\\idmmbc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-28 13:21359,040----a-wC:\\WINDOWS\\system32\\drivers\\TCPIP.SYS
2008-05-28 07:54176,128----a-wC:\\WINDOWS\\system32\\NeroCheck.exe
2008-05-27 15:55---------d--h--wC:\\Program Files\\InstallShield Installation Information
2008-05-25 19:25---------d-----wC:\\Program Files\\PowerISO
2008-05-25 19:21---------d-----wC:\\Program Files\\Ahead
2008-05-25 19:20---------d-----wC:\\Program Files\\Common Files\\Ahead
2008-05-25 19:18---------d-----wC:\\Program Files\\Logitech
2008-05-25 19:18---------d-----wC:\\Program Files\\Common Files\\Logitech
2008-05-25 19:11---------d-----wC:\\Program Files\\ASUS
2008-05-25 19:10---------d-----wC:\\Program Files\\Common Files\\Adobe
2008-05-25 19:07---------d-----wC:\\Program Files\\Common Files\\InstallShield
2008-05-25 19:07---------d-----wC:\\Program Files\\AMD
2008-05-25 19:05---------d-----wC:\\Program Files\\Analog Devices
2008-05-25 19:01---------d-----wC:\\Program Files\\VIA
2008-05-25 18:51---------d-----wC:\\Program Files\\Alwil Software
2008-05-25 18:45---------d-----wC:\\Program Files\\microsoft frontpage
.

------- Sigcheck -------

2008-05-28 18:51 359040 27a5959c94ee173a063ca06bd14f021aC:\\WINDOWS\\system32\\dllcache\\TCPIP.SYS
2008-05-28 18:51 359040 27a5959c94ee173a063ca06bd14f021aC:\\WINDOWS\\system32\\drivers\\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{129FA2A1-408C-4824-83A4-5001581FD01E}]
2008-05-27 14:4559392--a------C:\\WINDOWS\\system32\\cbXQgGWo.dll

[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{56705D87-C14F-4867-9B5D-5AB4A7DE77D6}]
C:\\WINDOWS\\system32\\awtsPICS.dll

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\ CurrentVersion\\Run]
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binari es\\MSConfig.exe" [2004-08-04 17:30 158208]

[hkey_local_machine\\software\\microsoft\\windows\\ currentversion\\explorer\\shellexecutehooks]
"{129FA2A1-408C-4824-83A4-5001581FD01E}"= C:\\WINDOWS\\system32\\cbXQgGWo.dll [2008-05-27 14:45 59392]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\
otify\\cbXQgGWo]
cbXQgGWo.dll 2008-05-27 14:45 59392 C:\\WINDOWS\\system32\\cbXQgGWo.dll

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk
backup=C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\7c8345cc]
C:\\WINDOWS\\system32\\fmemutff.dll

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\avast!]
C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BM7fb07650]
C:\\WINDOWS\\system32\\lkxvjnoc.dll

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DSLAGENTEXE]


[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\GoldenFTPserver]
C:\\Program Files\\Golden FTP Server\\gftp.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\GSICONEXE]


[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\GsiFinal]


[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IDMan]
--a------ 2008-05-28 01:31 2594224 C:\\Program Files\\Internet Download Manager\\IDMan.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Logitech Utility]
--------- 2004-03-03 15:20 40448 C:\\WINDOWS\\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
--a------ 2008-05-28 12:59 1688064 C:\\Program Files\\Messenger\\msmsgs.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
--a------ 2008-05-28 13:24 176128 C:\\WINDOWS\\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PWRISOVM.EXE]
--a------ 2007-08-07 05:35 221184 C:\\Program Files\\PowerISO\\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RaidTool]
--a------ 2005-04-28 08:52 610304 C:\\Program Files\\VIA\\RAID\
aid_tool.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SoundMAX]
--a------ 2004-03-26 14:40 815104 C:\\Program Files\\Analog Devices\\SoundMAX\\smax4.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SoundMAXPnP]
--a------ 2004-04-01 10:52 1388544 C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VTTimer]
-ra------ 2005-03-09 09:03 53248 C:\\WINDOWS\\system32\\VTTimer.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VTTrayp]
-ra------ 2005-03-12 23:03 147456 C:\\WINDOWS\\system32\\VTTrayp.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\\~\\services\\sharedaccess\\parameters\\firew allpolicy\\standardprofile\\AuthorizedApplications \\List]
"%windir%\\\\system32\\\\sessmgr.exe"=
"D:\\\\GAMES\\\\QUAKE III ARENA\\\\quake3.exe"=
"C:\\\\Program Files\\\\uTorrent\\\\utorrent.exe"=
"C:\\\\Program Files\\\\Internet Download Manager\\\\IDMan.exe"=

[HKLM\\~\\services\\sharedaccess\\parameters\\firew allpolicy\\standardprofile\\GloballyOpenPorts\\Lis t]
"19962:TCP"= 19962:TCP:Utorrent
"19960:TCP"= 19960:TCP:Utorrent
"19961:TCP"= 19961:TCP:Utorrent
"19963:TCP"= 19963:TCP:Utorrent

R3 USB_RNDIS_51;USB Remote NDIS Device Driver;C:\\WINDOWS\\system32\\DRIVERS\\usb8023.sys [2004-08-04 17:30]

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 00:34:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\\WINDOWS\\system32\\winlogon.exe
-> C:\\WINDOWS\\system32\\cbXQgGWo.dll
.
Completion time: 2008-05-29 0:35:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 19:05:24

Pre-Run: 76,170,874,880 bytes free
Post-Run: 76,160,876,544 bytes free

186
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
post #50 of 113
Thread Starter 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:20 AM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\explorer.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll
O2 - BHO: (no name) - {129FA2A1-408C-4824-83A4-5001581FD01E} - C:\\WINDOWS\\system32\\cbXQgGWo.dll
O2 - BHO: (no name) - {56705D87-C14F-4867-9B5D-5AB4A7DE77D6} - C:\\WINDOWS\\system32\\awtsPICS.dll (file missing)
O4 - HKLM\\..\\Run: [MSConfig] C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig .exe /auto
O8 - Extra context menu item: Download all links with IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\\Program Files\\Internet Download Manager\\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{E1809FBD-21D4-4787-86ED-664B9F67CB81}: NameServer = 203.145.184.13,202.56.250.5
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{FE023927-BC5A-4C38-90E1-89E737DF146B}: NameServer = 203.145.184.13,202.56.250.5
O20 - Winlogon Notify: cbXQgGWo - C:\\WINDOWS\\SYSTEM32\\cbXQgGWo.dll
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe

--
End of file - 2305 bytes
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Operating Systems