New Posts  All Forums:Forum Nav:

Is this a virus?? - Page 8

post #71 of 113
Quote:
Originally Posted by Black Magix View Post
No it doesn't. I use Keygens for software I legitmately own. I'm to damn lazy to open the box and type in all those numbers.
That's just sad. Still no excuse.
BladeRunner v3.0
(11 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-5930K @ 4.6GHz Core, 4.4GHz Cache ASUS X99 Sabertooth Sapphire R9 380 Dual-X OC G.Skill TridentZ 32GB DDR4 @ 13-15-13-33-1T 320... 
Hard DriveCoolingOSKeyboard
Samsung 850 Pro 512GB Noctua NH-D15S Windows 10 Home 64-bit Logitech G910 Orion Spark 
PowerCaseMouse
EVGA SuperNova 1000W T2 NZXT Phantom 820 Black Logitech G5 
  hide details  
Reply
BladeRunner v3.0
(11 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-5930K @ 4.6GHz Core, 4.4GHz Cache ASUS X99 Sabertooth Sapphire R9 380 Dual-X OC G.Skill TridentZ 32GB DDR4 @ 13-15-13-33-1T 320... 
Hard DriveCoolingOSKeyboard
Samsung 850 Pro 512GB Noctua NH-D15S Windows 10 Home 64-bit Logitech G910 Orion Spark 
PowerCaseMouse
EVGA SuperNova 1000W T2 NZXT Phantom 820 Black Logitech G5 
  hide details  
Reply
post #72 of 113
Thread Starter 
ComboFix 08-05-27.4 - Abhishek 2008-05-29 2:11:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.622 [GMT 5.5:30]
Running from: C:\\Documents and Settings\\Abhishek\\Desktop\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\Abhishek\\Desktop\\cfscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.

2008-05-29 00:40 . 2008-05-29 00:4065,080--a------C:\\WINDOWS\\system32\\efcDSlKE.dll
2008-05-29 00:40 . 2008-05-29 00:4236,864--a------C:\\WINDOWS\\system32\\vcmgcd32.dll
2008-05-29 00:40 . 2008-05-29 02:1317,878--ah-----C:\\WINDOWS\\system32\\vcmgcd32.dl_
2008-05-28 23:49 . 2008-05-28 23:49<DIR>d--------C:\\Program Files\\Trend Micro
2008-05-28 22:33 . 2008-05-28 22:3359,392--a------C:\\WINDOWS\\system32\\iifdbBTK.dll
2008-05-28 18:54 . 2008-05-28 18:54<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\InfraRecorder
2008-05-28 18:51 . 2008-05-28 18:51359,040--a------C:\\WINDOWS\\system32\\drivers\\TCPIP.SYS.ORIGINAL
2008-05-28 18:50 . 2008-05-28 18:50104--a------C:\\WINDOWS\\_vmtxp.ini
2008-05-28 16:02 . 2008-05-28 16:15972--a------C:\\WINDOWS\\_delis32.ini
2008-05-28 15:01 . 2008-05-28 15:02<DIR>d--------C:\\WINDOWS\\system32\\NtmsData
2008-05-28 13:49 . 2008-05-28 21:36<DIR>d--------C:\\Program Files\\Common Files\\Symantec Shared
2008-05-28 13:49 . 2008-05-28 21:36<DIR>d--------C:\\Documents and Settings\\All Users\\Application Data\\Symantec
2008-05-28 13:38 . 2008-05-28 13:39<DIR>d--------C:\\Program Files\\bleem
2008-05-28 12:58 . 2008-05-28 12:58<DIR>d--------C:\\Documents and Settings\\Administrator
2008-05-28 01:31 . 2008-05-28 22:02<DIR>d--------C:\\Program Files\\Internet Download Manager
2008-05-28 01:31 . 2008-05-28 18:04<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\IDM
2008-05-28 01:31 . 2008-05-29 02:10<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\DMCache
2008-05-28 01:17 . 2008-05-28 01:17<DIR>d--------C:\\Program Files\\Golden FTP Server
2008-05-27 22:02 . 2008-05-27 22:02<DIR>d--------C:\\Program Files\\MSECache
2008-05-27 21:47 . 2008-05-27 21:47<DIR>dr-h-----C:\\MSOCache
2008-05-27 21:43 . 2008-05-27 21:43<DIR>d--h-----C:\\WINDOWS\\system32\\GroupPolicy
2008-05-27 21:25 . 2008-05-27 21:25<DIR>d--------C:\\Program Files\\beetel ADSL
2008-05-27 21:25 . 2008-05-27 21:0498,304--a------C:\\WINDOWS\\system32\\instDll.dll
2008-05-27 21:25 . 2008-05-27 21:0424,576--a------C:\\WINDOWS\\system32\\delaySpawn.exe
2008-05-27 21:25 . 2008-05-27 21:0413,809---------C:\\WINDOWS\\wwdslcfg.ini
2008-05-27 16:04 . 2008-05-27 16:04<DIR>d--------C:\\Program Files\\Pixarra
2008-05-27 14:46 . 2008-05-27 14:4659,392--a------C:\\WINDOWS\\system32\\yayxwwvU.dll
2008-05-27 14:45 . 2008-05-27 14:4559,392--a------C:\\WINDOWS\\system32\\cbXQgGWo.dll
2008-05-27 14:43 . 2008-05-27 14:43<DIR>d--------C:\\Program Files\\Stardock
2008-05-27 14:43 . 2002-11-22 00:00221,184--a------C:\\WINDOWS\\system32\\DartSock.dll
2008-05-27 14:43 . 2002-11-25 00:00118,784--a------C:\\WINDOWS\\system32\\DartWeb.dll
2008-05-27 14:43 . 2000-10-10 00:0049,152--a------C:\\WINDOWS\\system32\\DartObjects.dll
2008-05-26 19:48 . 2008-05-26 19:48<DIR>d--------C:\\Program Files\\uTorrent
2008-05-26 19:48 . 2008-05-29 02:13<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\uTorrent
2008-05-26 19:42 . 2008-05-26 19:42<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\Media Player Classic
2008-05-26 19:33 . 2008-05-26 19:33<DIR>d--------C:\\Program Files\\ffdshow
2008-05-26 19:33 . 2007-01-01 00:0060,273--a------C:\\WINDOWS\\system32\\pthreadGC2.dll
2008-05-26 19:33 . 2007-10-21 19:087,680--a------C:\\WINDOWS\\system32\\ff_vfw.dll
2008-05-26 19:33 . 2007-10-21 19:086,144--a------C:\\WINDOWS\\system32\\ff_acm.acm
2008-05-26 19:33 . 2007-01-01 00:00547--a------C:\\WINDOWS\\system32\\ff_vfw.dll.manifest
2008-05-26 19:22 . 2008-05-26 19:221,169--a------C:\\WINDOWS\\mozver.dat
2008-05-26 07:01 . 2008-05-28 21:5869--a------C:\\WINDOWS\\NeroDigital.ini
2008-05-26 05:04 . 2001-08-17 19:293,072--a------C:\\WINDOWS\\system32\\drivers\\audstub.sys
2008-05-26 05:03 . 2004-08-04 06:2674,240--a------C:\\WINDOWS\\system32\\usbui.dll
2008-05-26 05:03 . 2004-08-04 04:2957,472--a------C:\\WINDOWS\\system32\\drivers\
edbook.sys
2008-05-26 05:03 . 2004-08-04 04:3746,464--a------C:\\WINDOWS\\system32\\drivers\\GAGP30KX.SYS
2008-05-26 05:03 . 2001-08-17 17:4327,165--a------C:\\WINDOWS\\system32\\drivers\\fetnd5.sys
2008-05-26 05:01 . 2008-05-29 01:08<DIR>d--------C:\\WINDOWS\\system32\\CatRoot2
2008-05-26 05:01 . 2008-05-27 14:45<DIR>dr-------C:\\Documents and Settings\\All Users\\Documents
2008-05-26 05:00 . 2008-05-26 00:17261--a------C:\\WINDOWS\\system32\\$winnt$.inf
2008-05-26 03:59 . 2008-05-26 03:59<DIR>d--------C:\\Unzipped
2008-05-26 01:21 . 2008-05-26 01:243,635--a------C:\\WINDOWS\\VGSCDAPI.VXD
2008-05-26 01:18 . 2008-05-26 03:14<DIR>d--h-----C:\\WINDOWS\\$hf_mig$
2008-05-26 01:16 . 2008-05-26 01:160--a------C:\\WINDOWS\
sreg.dat
2008-05-12 18:26 . 2008-02-15 20:42206,256--a------C:\\WINDOWS\\system32\\idmmbc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-28 13:21359,040----a-wC:\\WINDOWS\\system32\\drivers\\TCPIP.SYS
2008-05-28 07:54176,128----a-wC:\\WINDOWS\\system32\\NeroCheck.exe
2008-05-27 15:55---------d--h--wC:\\Program Files\\InstallShield Installation Information
2008-05-25 19:25---------d-----wC:\\Program Files\\PowerISO
2008-05-25 19:21---------d-----wC:\\Program Files\\Ahead
2008-05-25 19:20---------d-----wC:\\Program Files\\Common Files\\Ahead
2008-05-25 19:18---------d-----wC:\\Program Files\\Logitech
2008-05-25 19:18---------d-----wC:\\Program Files\\Common Files\\Logitech
2008-05-25 19:11---------d-----wC:\\Program Files\\ASUS
2008-05-25 19:10---------d-----wC:\\Program Files\\Common Files\\Adobe
2008-05-25 19:07---------d-----wC:\\Program Files\\Common Files\\InstallShield
2008-05-25 19:07---------d-----wC:\\Program Files\\AMD
2008-05-25 19:05---------d-----wC:\\Program Files\\Analog Devices
2008-05-25 19:01---------d-----wC:\\Program Files\\VIA
2008-05-25 18:51---------d-----wC:\\Program Files\\Alwil Software
2008-05-25 18:45---------d-----wC:\\Program Files\\microsoft frontpage
.

------- Sigcheck -------

2008-05-28 18:51 359040 27a5959c94ee173a063ca06bd14f021aC:\\WINDOWS\\system32\\dllcache\\TCPIP.SYS
2008-05-28 18:51 359040 27a5959c94ee173a063ca06bd14f021aC:\\WINDOWS\\system32\\drivers\\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-05-29_ 0.35.10.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 19:03:362,048--s-a-wC:\\WINDOWS\\bootstat.dat
+ 2008-05-28 19:11:522,048--s-a-wC:\\WINDOWS\\bootstat.dat
- 2005-10-20 14:32:28163,328----a-wC:\\WINDOWS\\erdnt\\subs\\ERDNT.EXE
+ 2005-10-20 14:32:28183,808----a-wC:\\WINDOWS\\erdnt\\subs\\ERDNT.EXE
- 2000-08-31 02:30:0089,504----a-wC:\\WINDOWS\\fdsv.exe
+ 2000-08-31 02:30:00106,496----a-wC:\\WINDOWS\\fdsv.exe
- 2000-08-31 02:30:0080,412----a-wC:\\WINDOWS\\grep.exe
+ 2000-08-31 02:30:00100,864----a-wC:\\WINDOWS\\grep.exe
- 2004-08-04 12:00:00158,208----a-wC:\\WINDOWS\\pchealth\\helpctr\\binaries\\msconfig .exe
+ 2004-08-04 12:00:00178,688----a-wC:\\WINDOWS\\pchealth\\helpctr\\binaries\\msconfig .exe
- 2000-08-31 02:30:0098,816----a-wC:\\WINDOWS\\sed.exe
+ 2000-08-31 02:30:00119,296----a-wC:\\WINDOWS\\sed.exe
- 2000-08-31 02:30:00136,704----a-wC:\\WINDOWS\\swsc.exe
+ 2000-08-31 02:30:00157,184----a-wC:\\WINDOWS\\swsc.exe
- 2000-08-31 02:30:00212,480----a-wC:\\WINDOWS\\swxcacls.exe
+ 2000-08-31 02:30:00232,960----a-wC:\\WINDOWS\\swxcacls.exe
- 2000-08-31 02:30:0049,152----a-wC:\\WINDOWS\\VFind.exe
+ 2000-08-31 02:30:0069,632----a-wC:\\WINDOWS\\VFind.exe
- 2000-08-31 02:30:0068,096----a-wC:\\WINDOWS\\zip.exe
+ 2000-08-31 02:30:0088,576----a-wC:\\WINDOWS\\zip.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{129FA2A1-408C-4824-83A4-5001581FD01E}]
2008-05-27 14:4559392--a------C:\\WINDOWS\\system32\\cbXQgGWo.dll

[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{56705D87-C14F-4867-9B5D-5AB4A7DE77D6}]
C:\\WINDOWS\\system32\\awtsPICS.dll

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\C urrentVersion\\Run]
"IDMan"="C:\\Program Files\\Internet Download Manager\\IDMan.exe" [2008-05-28 01:31 2594224]

[hkey_local_machine\\software\\microsoft\\windows\\ currentversion\\explorer\\shellexecutehooks]
"{129FA2A1-408C-4824-83A4-5001581FD01E}"= C:\\WINDOWS\\system32\\cbXQgGWo.dll [2008-05-27 14:45 59392]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\
otify\\cbXQgGWo]
cbXQgGWo.dll 2008-05-27 14:45 59392 C:\\WINDOWS\\system32\\cbXQgGWo.dll

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk
backup=C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\7c8345cc]
C:\\WINDOWS\\system32\\fmemutff.dll

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\avast!]
C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BM7fb07650]
C:\\WINDOWS\\system32\\lkxvjnoc.dll

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DSLAGENTEXE]


[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\GoldenFTPserver]
C:\\Program Files\\Golden FTP Server\\gftp.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\GSICONEXE]


[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\GsiFinal]


[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IDMan]
--a------ 2008-05-28 01:31 2594224 C:\\Program Files\\Internet Download Manager\\IDMan.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Logitech Utility]
--------- 2004-03-03 15:20 40448 C:\\WINDOWS\\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
--a------ 2008-05-28 12:59 1688064 C:\\Program Files\\Messenger\\msmsgs.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
--a------ 2008-05-28 13:24 176128 C:\\WINDOWS\\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PWRISOVM.EXE]
--a------ 2007-08-07 05:35 221184 C:\\Program Files\\PowerISO\\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RaidTool]
--a------ 2005-04-28 08:52 610304 C:\\Program Files\\VIA\\RAID\
aid_tool.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SoundMAX]
--a------ 2004-03-26 14:40 815104 C:\\Program Files\\Analog Devices\\SoundMAX\\smax4.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SoundMAXPnP]
--a------ 2004-04-01 10:52 1388544 C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VTTimer]
-ra------ 2005-03-09 09:03 53248 C:\\WINDOWS\\system32\\VTTimer.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VTTrayp]
-ra------ 2005-03-12 23:03 147456 C:\\WINDOWS\\system32\\VTTrayp.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\services]
"SoundMAX Agent Service (default)"=2 (0x2)

[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\\~\\services\\sharedaccess\\parameters\\firew allpolicy\\standardprofile\\AuthorizedApplications \\List]
"%windir%\\\\system32\\\\sessmgr.exe"=
"D:\\\\GAMES\\\\QUAKE III ARENA\\\\quake3.exe"=
"C:\\\\Program Files\\\\uTorrent\\\\utorrent.exe"=
"C:\\\\Program Files\\\\Internet Download Manager\\\\IDMan.exe"=

[HKLM\\~\\services\\sharedaccess\\parameters\\firew allpolicy\\standardprofile\\GloballyOpenPorts\\Lis t]
"19962:TCP"= 19962:TCP:Utorrent
"19960:TCP"= 19960:TCP:Utorrent
"19961:TCP"= 19961:TCP:Utorrent
"19963:TCP"= 19963:TCP:Utorrent

R3 USB_RNDIS_51;USB Remote NDIS Device Driver;C:\\WINDOWS\\system32\\DRIVERS\\usb8023.sys [2004-08-04 17:30]

*Newly Created Service* - CATCHME
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 02:13:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\\WINDOWS\\system32\\winlogon.exe
-> C:\\WINDOWS\\system32\\cbXQgGWo.dll

PROCESS: C:\\WINDOWS\\explorer.exe
-> C:\\WINDOWS\\system32\\vcmgcd32.dll
.
Completion time: 2008-05-29 2:14:21
ComboFix-quarantined-files.txt 2008-05-28 20:44:15
ComboFix2.txt 2008-05-28 19:05:28

Pre-Run: 76,063,023,104 bytes free
Post-Run: 76,050,694,144 bytes free

202
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
post #73 of 113
Thread Starter 
DONT OPEN THIS!!....THIS IS ONE OF THE POPUPS THAT COME UP EVERY 2MINUTES WITH THE RUNDLL32 PROCESS RUNNING....AND WHEN I'M NOT CONNECTED, IT ANNOYS ME WITH A WORK OFFLINE/TRY AGAIN WINDOW.

http://89.188.16.23/go//?cmp=nm_fire...eature=related
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
post #74 of 113
Could you please re-run the combofix again using this attached file?

Right click and choose Save as...
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenon II X4 946 3Ghz A790GXM-AD3 Black Series XFX HD5750 1GB 4GB DDR3 
OSMonitorKeyboardPower
Windows 7 Ultimate X64 Samsung 932BW Clone ZM500-HP 
CaseMouseMouse Pad
CaseMall ATX R120-V2 SE Black Logitech G5 Steelpad 5L 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenon II X4 946 3Ghz A790GXM-AD3 Black Series XFX HD5750 1GB 4GB DDR3 
OSMonitorKeyboardPower
Windows 7 Ultimate X64 Samsung 932BW Clone ZM500-HP 
CaseMouseMouse Pad
CaseMall ATX R120-V2 SE Black Logitech G5 Steelpad 5L 
  hide details  
Reply
post #75 of 113
Thread Starter 
i guess that b****** who sent this virus is tracking me.
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
post #76 of 113
Thread Starter 
gimme a quarter of an hour.
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
post #77 of 113
Woah man.

Seriously, if you just posted a pop-up for spyware or adware or a virus you need to stop everything and re-format. The CD that came with your mobo and has drivers doesn't contain any viruses and can't be written to unless you somehow overwrote it.
Vegeta 2.0
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 @ 3.2GHz (400 x 8 @ 1.4v) «Lapped» DFI Lan Party UT P35 T2R BFG 8800GTS 640MB (625/1950/1400) 4GB (2 x 2GB) OCZ Platinum 1066MHz 
Hard DriveOptical DriveOSMonitor
Seagate 320GB and 160GB || Western Digital 250GB DVD-RW Vista Ultimate x64 2 x 19" Widescreens (2880x900) 
KeyboardPowerCase
Eclipse II Antec Earthwatts 500W Thermaltake Armor 
  hide details  
Reply
Vegeta 2.0
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 @ 3.2GHz (400 x 8 @ 1.4v) «Lapped» DFI Lan Party UT P35 T2R BFG 8800GTS 640MB (625/1950/1400) 4GB (2 x 2GB) OCZ Platinum 1066MHz 
Hard DriveOptical DriveOSMonitor
Seagate 320GB and 160GB || Western Digital 250GB DVD-RW Vista Ultimate x64 2 x 19" Widescreens (2880x900) 
KeyboardPowerCase
Eclipse II Antec Earthwatts 500W Thermaltake Armor 
  hide details  
Reply
post #78 of 113
I usually do not recommend [re]format the system.

For what I've seen here, he got a virtumonde infection. It's not that hard to remove and in most cases (99%) the system just got clean again.
When you are infected with some virus who messes the executable files (adding codes to it), than you need to format and got a fresh install.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenon II X4 946 3Ghz A790GXM-AD3 Black Series XFX HD5750 1GB 4GB DDR3 
OSMonitorKeyboardPower
Windows 7 Ultimate X64 Samsung 932BW Clone ZM500-HP 
CaseMouseMouse Pad
CaseMall ATX R120-V2 SE Black Logitech G5 Steelpad 5L 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenon II X4 946 3Ghz A790GXM-AD3 Black Series XFX HD5750 1GB 4GB DDR3 
OSMonitorKeyboardPower
Windows 7 Ultimate X64 Samsung 932BW Clone ZM500-HP 
CaseMouseMouse Pad
CaseMall ATX R120-V2 SE Black Logitech G5 Steelpad 5L 
  hide details  
Reply
post #79 of 113
Thread Starter 
ComboFix 08-05-27.4 - Abhishek 2008-05-29 2:37:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.602 [GMT 5.5:30]
Running from: C:\\Documents and Settings\\Abhishek\\Desktop\\ComboFix.exe
Command switches used :: C:\\Documents and Settings\\Abhishek\\Desktop\\CFscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\\WINDOWS\\_delis32.ini
C:\\WINDOWS\\_vmtxp.ini
C:\\WINDOWS\\system32\\awtsPICS.dll
C:\\WINDOWS\\system32\\cbXQgGWo.dll
C:\\WINDOWS\\system32\\fmemutff.dll
C:\\WINDOWS\\system32\\iifdbBTK.dll
C:\\WINDOWS\\system32\\lkxvjnoc.dll
C:\\WINDOWS\\system32\\vcmgcd32.dl_
C:\\WINDOWS\\system32\\vcmgcd32.dll
C:\\WINDOWS\\system32\\yayxwwvU.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\\WINDOWS\\_delis32.ini
C:\\WINDOWS\\_vmtxp.ini
C:\\WINDOWS\\BM7fb07650.xml
C:\\WINDOWS\\cookies.ini
C:\\WINDOWS\\pskt.ini
C:\\WINDOWS\\system32\\cbXQgGWo.dll
C:\\WINDOWS\\system32\\cstctret.dll
C:\\WINDOWS\\system32\\iifdbBTK.dll
C:\\WINDOWS\\system32\\jkkJyXpN.dll
C:\\WINDOWS\\system32\\NpXyJkkj.ini
C:\\WINDOWS\\system32\\NpXyJkkj.ini2
C:\\WINDOWS\\system32\tnrfdqx.dll
C:\\WINDOWS\\system32\\vcmgcd32.dl_
C:\\WINDOWS\\system32\\vcmgcd32.dll
C:\\WINDOWS\\system32\\wjiqnjvi.dll
C:\\WINDOWS\\system32\\xqdfrntt.ini
C:\\WINDOWS\\system32\\yayxwwvU.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.

2008-05-29 02:25 . 2008-05-29 02:25<DIR>d--------C:\\WINDOWS\\system32\\Kaspersky Lab
2008-05-29 02:25 . 2008-05-29 02:25<DIR>d--------C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab
2008-05-29 02:20 . 2008-05-29 02:20<DIR>d---s----C:\\Documents and Settings\\Abhishek\\UserData
2008-05-29 00:40 . 2008-05-29 00:4065,080--a------C:\\WINDOWS\\system32\\efcDSlKE.dll
2008-05-28 23:49 . 2008-05-28 23:49<DIR>d--------C:\\Program Files\\Trend Micro
2008-05-28 18:54 . 2008-05-28 18:54<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\InfraRecorder
2008-05-28 18:51 . 2008-05-28 18:51359,040--a------C:\\WINDOWS\\system32\\drivers\\TCPIP.SYS.ORIGINAL
2008-05-28 15:01 . 2008-05-28 15:02<DIR>d--------C:\\WINDOWS\\system32\\NtmsData
2008-05-28 13:49 . 2008-05-28 21:36<DIR>d--------C:\\Program Files\\Common Files\\Symantec Shared
2008-05-28 13:49 . 2008-05-28 21:36<DIR>d--------C:\\Documents and Settings\\All Users\\Application Data\\Symantec
2008-05-28 13:38 . 2008-05-28 13:39<DIR>d--------C:\\Program Files\\bleem
2008-05-28 12:58 . 2008-05-28 12:58<DIR>d--------C:\\Documents and Settings\\Administrator
2008-05-28 01:31 . 2008-05-28 22:02<DIR>d--------C:\\Program Files\\Internet Download Manager
2008-05-28 01:31 . 2008-05-28 18:04<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\IDM
2008-05-28 01:31 . 2008-05-29 02:41<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\DMCache
2008-05-28 01:17 . 2008-05-28 01:17<DIR>d--------C:\\Program Files\\Golden FTP Server
2008-05-27 22:02 . 2008-05-27 22:02<DIR>d--------C:\\Program Files\\MSECache
2008-05-27 21:47 . 2008-05-27 21:47<DIR>dr-h-----C:\\MSOCache
2008-05-27 21:43 . 2008-05-27 21:43<DIR>d--h-----C:\\WINDOWS\\system32\\GroupPolicy
2008-05-27 21:25 . 2008-05-27 21:25<DIR>d--------C:\\Program Files\\beetel ADSL
2008-05-27 21:25 . 2008-05-27 21:0498,304--a------C:\\WINDOWS\\system32\\instDll.dll
2008-05-27 21:25 . 2008-05-27 21:0424,576--a------C:\\WINDOWS\\system32\\delaySpawn.exe
2008-05-27 21:25 . 2008-05-27 21:0413,809---------C:\\WINDOWS\\wwdslcfg.ini
2008-05-27 16:04 . 2008-05-27 16:04<DIR>d--------C:\\Program Files\\Pixarra
2008-05-27 14:43 . 2008-05-27 14:43<DIR>d--------C:\\Program Files\\Stardock
2008-05-27 14:43 . 2002-11-22 00:00221,184--a------C:\\WINDOWS\\system32\\DartSock.dll
2008-05-27 14:43 . 2002-11-25 00:00118,784--a------C:\\WINDOWS\\system32\\DartWeb.dll
2008-05-27 14:43 . 2000-10-10 00:0049,152--a------C:\\WINDOWS\\system32\\DartObjects.dll
2008-05-26 19:48 . 2008-05-26 19:48<DIR>d--------C:\\Program Files\\uTorrent
2008-05-26 19:48 . 2008-05-29 02:14<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\uTorrent
2008-05-26 19:42 . 2008-05-26 19:42<DIR>d--------C:\\Documents and Settings\\Abhishek\\Application Data\\Media Player Classic
2008-05-26 19:33 . 2008-05-26 19:33<DIR>d--------C:\\Program Files\\ffdshow
2008-05-26 19:33 . 2007-01-01 00:0060,273--a------C:\\WINDOWS\\system32\\pthreadGC2.dll
2008-05-26 19:33 . 2007-10-21 19:087,680--a------C:\\WINDOWS\\system32\\ff_vfw.dll
2008-05-26 19:33 . 2007-10-21 19:086,144--a------C:\\WINDOWS\\system32\\ff_acm.acm
2008-05-26 19:33 . 2007-01-01 00:00547--a------C:\\WINDOWS\\system32\\ff_vfw.dll.manifest
2008-05-26 19:22 . 2008-05-26 19:221,169--a------C:\\WINDOWS\\mozver.dat
2008-05-26 07:01 . 2008-05-28 21:5869--a------C:\\WINDOWS\\NeroDigital.ini
2008-05-26 05:04 . 2001-08-17 19:293,072--a------C:\\WINDOWS\\system32\\drivers\\audstub.sys
2008-05-26 05:03 . 2004-08-04 06:2674,240--a------C:\\WINDOWS\\system32\\usbui.dll
2008-05-26 05:03 . 2004-08-04 04:2957,472--a------C:\\WINDOWS\\system32\\drivers\
edbook.sys
2008-05-26 05:03 . 2004-08-04 04:3746,464--a------C:\\WINDOWS\\system32\\drivers\\GAGP30KX.SYS
2008-05-26 05:03 . 2001-08-17 17:4327,165--a------C:\\WINDOWS\\system32\\drivers\\fetnd5.sys
2008-05-26 05:01 . 2008-05-29 02:39<DIR>d--------C:\\WINDOWS\\system32\\CatRoot2
2008-05-26 05:01 . 2008-05-27 14:45<DIR>dr-------C:\\Documents and Settings\\All Users\\Documents
2008-05-26 05:00 . 2008-05-26 00:17261--a------C:\\WINDOWS\\system32\\$winnt$.inf
2008-05-26 03:59 . 2008-05-26 03:59<DIR>d--------C:\\Unzipped
2008-05-26 01:21 . 2008-05-26 01:243,635--a------C:\\WINDOWS\\VGSCDAPI.VXD
2008-05-26 01:18 . 2008-05-26 03:14<DIR>d--h-----C:\\WINDOWS\\$hf_mig$
2008-05-26 01:16 . 2008-05-26 01:160--a------C:\\WINDOWS\
sreg.dat
2008-05-12 18:26 . 2008-02-15 20:42206,256--a------C:\\WINDOWS\\system32\\idmmbc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-28 13:21359,040----a-wC:\\WINDOWS\\system32\\drivers\\TCPIP.SYS
2008-05-27 15:55---------d--h--wC:\\Program Files\\InstallShield Installation Information
2008-05-25 19:25---------d-----wC:\\Program Files\\PowerISO
2008-05-25 19:21---------d-----wC:\\Program Files\\Ahead
2008-05-25 19:20---------d-----wC:\\Program Files\\Common Files\\Ahead
2008-05-25 19:18---------d-----wC:\\Program Files\\Logitech
2008-05-25 19:18---------d-----wC:\\Program Files\\Common Files\\Logitech
2008-05-25 19:11---------d-----wC:\\Program Files\\ASUS
2008-05-25 19:10---------d-----wC:\\Program Files\\Common Files\\Adobe
2008-05-25 19:07---------d-----wC:\\Program Files\\Common Files\\InstallShield
2008-05-25 19:07---------d-----wC:\\Program Files\\AMD
2008-05-25 19:05---------d-----wC:\\Program Files\\Analog Devices
2008-05-25 19:01---------d-----wC:\\Program Files\\VIA
2008-05-25 18:51---------d-----wC:\\Program Files\\Alwil Software
2008-05-25 18:45---------d-----wC:\\Program Files\\microsoft frontpage
.

------- Sigcheck -------

2008-05-28 18:51 359040 27a5959c94ee173a063ca06bd14f021aC:\\WINDOWS\\system32\\dllcache\\TCPIP.SYS
2008-05-28 18:51 359040 27a5959c94ee173a063ca06bd14f021aC:\\WINDOWS\\system32\\drivers\\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-05-29_ 0.35.10.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 19:03:362,048--s-a-wC:\\WINDOWS\\bootstat.dat
+ 2008-05-28 21:10:352,048--s-a-wC:\\WINDOWS\\bootstat.dat
- 2000-08-31 02:30:0089,504----a-wC:\\WINDOWS\\fdsv.exe
+ 2000-08-31 02:30:00106,496----a-wC:\\WINDOWS\\fdsv.exe
- 2000-08-31 02:30:0080,412----a-wC:\\WINDOWS\\grep.exe
+ 2000-08-31 02:30:00100,864----a-wC:\\WINDOWS\\grep.exe
- 2004-08-04 12:00:00158,208----a-wC:\\WINDOWS\\pchealth\\helpctr\\binaries\\msconfig .exe
+ 2004-08-04 12:00:00178,688----a-wC:\\WINDOWS\\pchealth\\helpctr\\binaries\\msconfig .exe
- 2000-08-31 02:30:0098,816----a-wC:\\WINDOWS\\sed.exe
+ 2000-08-31 02:30:00119,296----a-wC:\\WINDOWS\\sed.exe
- 2000-08-31 02:30:00136,704----a-wC:\\WINDOWS\\swsc.exe
+ 2000-08-31 02:30:00157,184----a-wC:\\WINDOWS\\swsc.exe
- 2000-08-31 02:30:00212,480----a-wC:\\WINDOWS\\swxcacls.exe
+ 2000-08-31 02:30:00232,960----a-wC:\\WINDOWS\\swxcacls.exe
+ 2005-05-24 06:57:16213,048----a-wC:\\WINDOWS\\system32\\Kaspersky Lab\\Kaspersky Online Scanner\\kavss.dll
+ 2007-08-29 10:17:2094,208----a-wC:\\WINDOWS\\system32\\Kaspersky Lab\\Kaspersky Online Scanner\\kavuninstall.exe
+ 2007-08-29 10:19:54950,272----a-wC:\\WINDOWS\\system32\\Kaspersky Lab\\Kaspersky Online Scanner\\kavwebscan.dll
- 2000-08-31 02:30:0049,152----a-wC:\\WINDOWS\\VFind.exe
+ 2000-08-31 02:30:0069,632----a-wC:\\WINDOWS\\VFind.exe
- 2000-08-31 02:30:0068,096----a-wC:\\WINDOWS\\zip.exe
+ 2000-08-31 02:30:0088,576----a-wC:\\WINDOWS\\zip.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\C urrentVersion\\Run]
"IDMan"="C:\\Program Files\\Internet Download Manager\\IDMan.exe" [2008-05-28 01:31 2594224]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk
backup=C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\avast!]
C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DSLAGENTEXE]


[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\GoldenFTPserver]
C:\\Program Files\\Golden FTP Server\\gftp.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\GSICONEXE]


[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\GsiFinal]


[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IDMan]
--a------ 2008-05-28 01:31 2594224 C:\\Program Files\\Internet Download Manager\\IDMan.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Logitech Utility]
--------- 2004-03-03 15:20 40448 C:\\WINDOWS\\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
--a------ 2008-05-28 12:59 1688064 C:\\Program Files\\Messenger\\msmsgs.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
--a------ 2008-05-28 13:24 176128 C:\\WINDOWS\\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PWRISOVM.EXE]
--a------ 2007-08-07 05:35 221184 C:\\Program Files\\PowerISO\\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\RaidTool]
--a------ 2005-04-28 08:52 610304 C:\\Program Files\\VIA\\RAID\
aid_tool.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SoundMAX]
--a------ 2004-03-26 14:40 815104 C:\\Program Files\\Analog Devices\\SoundMAX\\smax4.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SoundMAXPnP]
--a------ 2004-04-01 10:52 1388544 C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VTTimer]
-ra------ 2005-03-09 09:03 53248 C:\\WINDOWS\\system32\\VTTimer.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VTTrayp]
-ra------ 2005-03-12 23:03 147456 C:\\WINDOWS\\system32\\VTTrayp.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\services]
"SoundMAX Agent Service (default)"=2 (0x2)

[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\\~\\services\\sharedaccess\\parameters\\firew allpolicy\\standardprofile\\AuthorizedApplications \\List]
"%windir%\\\\system32\\\\sessmgr.exe"=
"D:\\\\GAMES\\\\QUAKE III ARENA\\\\quake3.exe"=
"C:\\\\Program Files\\\\uTorrent\\\\utorrent.exe"=
"C:\\\\Program Files\\\\Internet Download Manager\\\\IDMan.exe"=

[HKLM\\~\\services\\sharedaccess\\parameters\\firew allpolicy\\standardprofile\\GloballyOpenPorts\\Lis t]
"19962:TCP"= 19962:TCP:Utorrent
"19960:TCP"= 19960:TCP:Utorrent
"19961:TCP"= 19961:TCP:Utorrent
"19963:TCP"= 19963:TCP:Utorrent

R3 USB_RNDIS_51;USB Remote NDIS Device Driver;C:\\WINDOWS\\system32\\DRIVERS\\usb8023.sys [2004-08-04 17:30]

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 02:41:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\\WINDOWS\\system32\\vcmgcd32.dll 36864 bytes executable
C:\\WINDOWS\\system32\\vcmgcd32.dl_ 17878 bytes

scan completed successfully
hidden files: 2

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\\Program Files\\Internet Download Manager\\IEMonitor.exe
.
************************************************** ************************
.
Completion time: 2008-05-29 2:42:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 21:12:08
ComboFix2.txt 2008-05-28 20:44:22
ComboFix3.txt 2008-05-28 19:05:28

Pre-Run: 76,087,152,640 bytes free
Post-Run: 76,106,907,648 bytes free

219
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
post #80 of 113
Thread Starter 
i'm skipping the kaspersky online scan, is it ok???......since the file download is taking long and its 3:00AM here.
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
Summer Setup
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k ASUS P8H67-V Gigabyte GTX 660 OC Windforce Edition 2X2GB CORSAIR DDR3-1333 
Hard DriveOptical DriveCoolingOS
Seagate 1TB SATA 6G Samsung DVD+RW 120mmx2 (Side Intake x1, Rear exhaust x1) Windows 7-Ultimate 
MonitorKeyboardPowerCase
Samsung S22B370 22" 1080p HDMi Logitech K120 Corsair GS-600W Coolermaster Elite 430 
MouseMouse Pad
Logitech G400 Steelseries QCK Heavy 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Operating Systems