Exploit Rogue Scanner [Type 972]

View previous topic View next topic Go down

Exploit Rogue Scanner [Type 972]

Post by clink on 9th December 2009, 6:46 pm

My first post.

Every time I try to make a new post or reply to a post on my website covernet.org I get a pop up from AVG saying Threat Was Blocked, File name: the antyspywaretool.com/index.php?affid=92900, Threat name: Exploit Rogue scanner [type 972]. I am then unable to do anything on the site.

Is this a virus on the webserver or on my own PC? I have only noticed it while accessing my own web site. How do I get rid of it?

Here is a Hijack This log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:24, on 09/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - [You must be registered and logged in to see this link.]
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - [You must be registered and logged in to see this link.]
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe

--
End of file - 9103 bytes


Thanks in advance. Smile

clink
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-09
OS OS : XP
Points Points : 25673
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Exploit Rogue Scanner [Type 972]

Post by Belahzur on 9th December 2009, 6:49 pm

Hello.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Exploit Rogue Scanner [Type 972]

Post by clink on 9th December 2009, 7:01 pm

Hi. MalwareBytes didnt find anything. Here is the log:

Malwarebytes' Anti-Malware 1.42
Database version: 3332
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/12/2009 19:04:46
mbam-log-2009-12-09 (19-04-46).txt

Scan type: Quick Scan
Objects scanned: 117156
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

clink
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-09
OS OS : XP
Points Points : 25673
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Exploit Rogue Scanner [Type 972]

Post by clink on 9th December 2009, 7:28 pm

Here is a screenie of the error.

[You must be registered and logged in to see this link.]

clink
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-09
OS OS : XP
Points Points : 25673
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Exploit Rogue Scanner [Type 972]

Post by Belahzur on 9th December 2009, 10:27 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Exploit Rogue Scanner [Type 972]

Post by clink on 10th December 2009, 9:31 am

Here is the log file from ComboFix

ComboFix 09-12-09.04 - Jono Clarke 10/12/2009 9:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2450 [GMT 0:00]
Running from: c:\documents and settings\Jono Clarke\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3579420758-2668550040-1727801763-1000
c:\documents and settings\Jono Clarke\Application Data\inst.exe
c:\temp\isgTi19
c:\windows\system32\nGpxx16
c:\windows\system32\reboot.txt
c:\windows\system32\tmp.reg
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))
.

2009-12-09 15:09 . 2009-12-09 15:09 -------- d-----w- c:\program files\IObit
2009-12-09 15:02 . 2009-12-09 15:02 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Uniblue
2009-12-08 13:41 . 2009-12-08 13:41 -------- d-----w- c:\program files\Acunetix
2009-12-07 14:08 . 2009-12-07 14:08 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Malwarebytes
2009-12-07 14:08 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-07 14:08 . 2009-12-07 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-07 14:08 . 2009-12-07 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 14:08 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-07 11:02 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-07 11:02 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-07 11:02 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-07 11:02 . 2009-11-09 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-07 11:01 . 2009-12-07 11:03 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-07 10:57 . 2009-12-09 19:18 -------- d-----w- c:\program files\a-squared Free
2009-12-07 09:50 . 2009-12-07 09:50 -------- d-----w- c:\program files\Trend Micro
2009-12-02 19:06 . 2009-12-02 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-12-02 15:20 . 2009-02-09 08:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-02 15:19 . 2009-12-02 15:18 24403616 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_en[1].exe
2009-12-02 15:18 . 2009-12-02 15:18 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-12-02 15:18 . 2009-12-02 15:18 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-12-02 15:18 . 2009-12-02 15:18 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-12-02 15:18 . 2009-12-02 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-27 14:20 . 2009-11-27 14:21 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Corel
2009-11-27 14:20 . 2009-12-04 14:27 88 --sh--r- c:\documents and settings\All Users\Application Data\3DBE3A15FD.sys
2009-11-27 14:20 . 2009-12-04 14:27 3452 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-11-27 14:20 . 2009-11-27 14:20 -------- d-----w- c:\documents and settings\Jono Clarke\Corel
2009-11-27 12:06 . 2009-11-27 12:11 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Ulead Systems
2009-11-27 12:02 . 2009-11-27 12:02 -------- d-----w- c:\windows\system32\windows media
2009-11-27 12:01 . 2009-11-27 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-11-27 12:01 . 2009-11-27 12:01 -------- d-----w- c:\program files\Windows Media Components
2009-11-27 12:00 . 2009-12-07 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-11-21 22:05 . 2006-08-07 14:07 208896 ------w- c:\windows\system32\nvuide.exe
2009-11-21 22:04 . 2006-08-14 14:51 105344 ----a-w- c:\windows\system32\drivers\nvata.sys
2009-11-21 22:04 . 2006-08-07 14:08 35840 ----a-w- c:\windows\system32\NVCOI.DLL
2009-11-21 19:33 . 2009-11-21 19:33 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\InstallShield
2009-11-20 11:38 . 2009-11-18 14:23 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-20 11:38 . 2009-11-18 14:23 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-20 11:37 . 2009-11-18 14:23 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-11-20 11:37 . 2009-11-18 14:23 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-20 10:15 . 2009-11-20 10:15 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-11-18 14:24 . 2009-11-18 14:28 -------- d-----w- C:\$AVG
2009-11-18 14:23 . 2009-11-18 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-18 12:41 . 2009-11-18 12:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-18 12:27 . 2009-11-18 12:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-18 10:34 . 2009-11-18 10:34 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-17 11:25 . 2008-10-27 10:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-11-17 11:25 . 2008-07-31 10:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-11-17 11:25 . 2008-07-31 10:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-11-17 11:25 . 2008-07-31 10:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-11-17 11:25 . 2008-07-10 11:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-11-17 11:25 . 2008-07-10 11:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-11-17 11:25 . 2008-07-10 11:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-11-12 17:51 . 2009-11-12 17:51 -------- d-----w- c:\program files\MSECache
2009-11-11 19:26 . 2009-11-11 19:26 152576 ----a-w- c:\documents and settings\Jono Clarke\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 09:14 . 2008-10-12 21:00 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\uTorrent
2009-12-10 09:12 . 2006-12-26 22:03 -------- d-----w- c:\program files\PeerGuardian2
2009-12-09 20:12 . 2007-04-04 18:20 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-09 20:11 . 2007-04-04 19:28 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-09 19:14 . 2008-05-18 13:31 -------- d-----w- c:\program files\Lavasoft
2009-12-08 15:47 . 2007-11-30 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-08 15:15 . 2007-11-30 21:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-08 12:57 . 2007-05-30 16:57 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Alien Skin
2009-12-07 16:24 . 2006-12-25 22:03 158464 ----a-w- c:\documents and settings\Jono Clarke\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-07 16:24 . 2007-04-21 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-07 10:27 . 2008-05-11 10:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-12-07 10:23 . 2006-12-25 21:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-07 10:18 . 2007-08-05 20:42 -------- d-----w- c:\program files\DivX
2009-12-06 23:03 . 2009-12-06 23:03 2316 ----a-w- c:\documents and settings\All Users\Application Data\xmlBF.tmp
2009-12-06 23:03 . 2009-12-06 23:03 13468 ----a-w- c:\documents and settings\All Users\Application Data\xmlBE.tmp
2009-12-06 23:03 . 2009-12-06 23:03 6412 ----a-w- c:\documents and settings\All Users\Application Data\xmlBD.tmp
2009-12-05 18:53 . 2009-06-29 19:33 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\dvdcss
2009-12-05 15:31 . 2008-08-07 19:29 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Skype
2009-12-05 15:31 . 2008-08-07 19:33 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\skypePM
2009-11-30 20:14 . 2009-04-20 18:34 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Spotify
2009-11-27 12:00 . 2006-12-25 21:50 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-26 11:35 . 2009-09-30 09:13 1328 ----a-w- c:\windows\desctemp.dat
2009-11-21 22:04 . 2009-07-09 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-18 14:23 . 2009-03-25 09:54 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-18 14:23 . 2008-05-28 18:09 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-18 14:23 . 2008-02-16 10:35 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-18 14:23 . 2008-05-28 18:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-18 14:23 . 2008-05-28 18:09 -------- d-----w- c:\program files\AVG
2009-11-17 20:58 . 2009-09-26 08:38 -------- d-----w- c:\program files\Creative
2009-11-17 20:49 . 2009-05-13 17:29 -------- d-----w- c:\program files\SSC Service Utility
2009-11-17 20:46 . 2007-11-11 21:11 -------- d-s---w- c:\program files\HLSW
2009-11-17 20:46 . 2008-02-09 19:23 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\HLSW
2009-11-17 20:44 . 2009-11-09 20:15 -------- d-----w- c:\program files\BilderHerunterlader
2009-11-17 10:45 . 2006-12-26 19:28 -------- d-----w- c:\program files\Activision
2009-11-16 11:00 . 2008-02-14 17:42 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Vso
2009-11-11 19:27 . 2008-12-17 18:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-11 19:27 . 2007-10-21 10:54 -------- d-----w- c:\program files\Java
2009-11-09 20:08 . 2009-11-09 20:08 -------- d-----w- c:\program files\TurnTool
2009-11-07 21:44 . 2009-11-07 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Redfield
2009-11-07 14:40 . 2006-12-27 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-11-06 19:01 . 2008-04-08 19:02 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\FileZilla
2009-11-06 09:25 . 2009-11-06 09:22 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\BlazeFtp
2009-11-04 16:15 . 2006-06-07 09:08 4423168 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-04 15:45 . 2007-03-02 20:54 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-04 15:44 . 2006-06-07 09:09 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-04 15:29 . 2006-06-07 09:04 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-04 15:29 . 2006-06-07 09:04 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-04 15:29 . 2006-06-07 09:04 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 15:29 . 2006-06-07 09:04 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-04 15:28 . 2006-06-07 09:04 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-04 15:28 . 2006-12-25 22:12 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-11-04 15:27 . 2006-06-07 09:03 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 15:26 . 2006-06-07 09:02 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-04 15:18 . 2006-06-07 08:56 3518304 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-04 15:17 . 2006-06-07 08:43 13000704 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-04 15:05 . 2006-06-07 08:51 2135680 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-04 15:04 . 2008-12-01 20:11 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-04 15:04 . 2008-12-01 20:11 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-11-04 14:51 . 2009-07-15 01:27 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-04 14:51 . 2008-12-01 19:57 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-04 14:47 . 2006-06-07 08:40 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-04 14:46 . 2009-07-15 01:22 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-04 14:46 . 2009-07-15 01:22 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-04 14:45 . 2008-12-01 19:52 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-04 14:45 . 2009-07-15 01:20 3526656 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-04 14:45 . 2006-06-07 08:39 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-04 14:44 . 2008-12-01 19:50 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-04 14:44 . 2006-06-07 08:39 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-04 14:39 . 2006-06-07 08:35 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-10-20 09:20 . 2009-10-20 09:20 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-20 09:19 . 2008-05-28 19:57 -------- d-----w- c:\program files\Windows Live
2009-10-20 09:17 . 2009-05-10 07:39 -------- d-----w- c:\program files\Microsoft
2009-10-13 17:34 . 2009-10-13 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-02-15 21:31 . 2008-02-15 18:30 24 --sh--w- c:\windows\S8ABE894C.tmp
2007-05-03 19:07 . 2007-04-13 13:47 12954400 --sha-w- c:\windows\system32\drivers\fidbox.dat
2007-05-03 19:07 . 2007-04-13 13:47 716576 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-08 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-18 2020120]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-18 14:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
c:\program files\DAEMON Tools\daemon.exe -lang 1033 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\Steam\Steam.exe -silent [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_8 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atwtusb]
2006-02-21 09:32 294912 ----a-w- c:\windows\system32\ATWTUSB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 15:21 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 07:12 729088 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-12-18 21:34 868352 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-11 19:27 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1720:TCP"= 1720:TCP:torrent
"21909:TCP"= 21909:TCP:Utorrent
"28960:TCP"= 28960:TCP:cod4
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5353:TCP"= 5353:TCP:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/05/2008 18:09 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/03/2009 09:54 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [18/11/2009 14:23 285392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10/05/2009 07:43 54752]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [07/12/2009 14:08 276816]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [07/12/2009 14:08 19160]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/12/2006 12:34 639224]
S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [21/02/2007 19:26 22272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [21/06/2008 21:31 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [21/06/2008 21:31 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [21/06/2008 21:31 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [21/06/2008 21:32 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [21/06/2008 21:32 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [21/06/2008 21:32 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [21/06/2008 21:32 97704]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21/04/2007 14:54 52080]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Jono Clarke\Application Data\Mozilla\Firefox\Profiles\ami5ab0l.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-Acrobat Assistant 7 - c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
MSConfigStartUp-Adobe Version Cue CS2 - c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MSConfigStartUp-SSC Service Utility - c:\program files\SSC Service Utility\ssc_serv.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-10 09:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39A17311-9A06-163C-023F-F35300940F4C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-606747145-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AD714FD1-1AE8-6EBB-8EE4-0A3F446DA0F8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abgfbodnplgdinfafdchppafodkngcmmdf"=hex:65,62,67,66,6b,6f,6d,6f,61,69,65,6e,
62,65,6b,69,6e,6b,70,6d,6b,66,67,63,62,6c,67,63,63,64,64,6a,61,62,6a,64,6e,\
"bbgfbodnplgdinfafdfhgagajfdkojpkdaeo"=hex:61,62,64,6c,63,65,65,6b,65,62,64,6c,
69,63,6b,6f,62,61,63,6b,6c,63,68,63,65,6c,68,69,64,64,66,6c,63,69,00,64

[HKEY_USERS\S-1-5-21-606747145-1972579041-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c7,60,43,f5,84,9f,48,78,a0,bb,b8,27,54,da,d5,14,b0,a5,58,10,7f,
5c,e1,85,1d,51,7f,69,0c,bc,06,4c,58,62,8f,3c,e0,90,4c,c7,d6,35,11,22,b2,d0,\
"rkeysecu"=hex:4a,dc,60,d7,5b,48,82,86,55,88,7f,95,4e,65,cf,33

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="0DD5B79B61E8F9E53BCC7E1F3399B4163B0BD704AC42C7462FD46136389F902C92FE4F6C28404408FE89B0659203F48D157DBD6B316333105E273D325B94B180591777F78AF183C47CF635057634E7525BADD67132091F9F53FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA6A0AC4980AC7933BA7FD869164D6794B30345188EE54670E38375ACB4E06A4B757E35A448CC54192E163528A0CABED1B797B700BA4E7BF0428A543F4D79E8A2F6D915759F822C87BF025C78BAB34B79DA541EBBE07202F3BB4865335E5A7AFAC560B3CCA5E7CD9F4C1C237638B4CD8868F85F32E5BFAD181B84F5415BC9EB11C80361D5F93B975FF59C7D5C85A55DDE5FA43A51A5C96ABCDCE725272A331BE79813C3BDAF617E8A13A0B7E90584A19FF2DE3C88ECC5B509AF036AA6A7A57C4483495539D0610BA92DA6F0648AEF59B30C10C8CDFD8DA1E4F9C60C8521D316320ABFE27ED6E7D88685941A12602ED3C6458498980E1E567DD20A288C5994837FE1781047354498AF8BB3FC3F412878C96EEF3766499A8BC388072F8A08E375BD74D350D24C6A10F8E72EB13BE0EB3FEF0A660437CBC811EE1ADBE4D159DE2DC1609AEEE2F67295797495A75963A7B6B251613490299249F4BC8B64B56A4A0329F5F889BF7F18150DBEDEA2F160B27E4CAE3ECDFAE4052A95D7FB18124F8A624E3B7D1232263B90D20BE1B7E066844C3EC23F2D82FB52BCD00A7742C28F2D4AD6E91BCC8A20E01CACCED95405F6BA6A4DDE8803385BD0226B222D77AAA4DE4EA66E2A561A942F5E43B4E934C2059635000EA352B064FA896FA52FA0AE7E749467ECE599B81FF315009A14EB807BFA9E24087EF2846DEC3B2ACB74F8B900645909B76D59C0519C109394C1622A3673ABC73F6B10CF406A11AB0455923880C8EB3C5AC22C90ADBFB271683FD1B187ABF441559D2A341BD8F74AEA12521CCBE0AFF991507A0B2C13F74F11BC4808B374A72722B09456B0C0F49DD7CD715B9E8F1BF7505F04163AF3E828BCCEAAA5F2C20756B22078DDA7D19B84528D7B6F2EDBBAB73A21589D37E1283CCC6D2D0774AF66EFC4CE4FF7175D971F96BAD2D52070AC7AA9A6DE10F580E80FD8F55C2BD5F7AFD54C016B568F59275315A5A98F8F9CA4C6AB68D0DEC018F3662CA717152F7C6031F0616E2B125F9BC973800B240DD26AE582C1BA01D01425CE44A70ECD894289EE0F7CD032162DDC6F8AE0D21B1A2A58E523F201F1D9846C16547FCADFDFF2D0BEB5C35FA50425E37564C03284AE5EDD1A379D5730FB9D4ED04198265BA4D96E15A70DB8C6B94DBF5144002E6F34CCFE181D4AC73ED1B6E3D5A746CFD3BB693028DC1150DA0ACE12BC9C601EF28B7A53B9656531A2E64C59"

[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-12-10 09:25:04
ComboFix-quarantined-files.txt 2009-12-10 09:24

Pre-Run: 24,626,143,232 bytes free
Post-Run: 24,672,714,752 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - DF0476A2C0355EB115A5009244491E36

clink
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-09
OS OS : XP
Points Points : 25673
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Exploit Rogue Scanner [Type 972]

Post by clink on 10th December 2009, 11:36 am

So. Is this a virus on my PC or is it a virus on my website? It only happens on my website. No others.

clink
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-09
OS OS : XP
Points Points : 25673
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Exploit Rogue Scanner [Type 972]

Post by Belahzur on 10th December 2009, 7:58 pm


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    RegNull::
    [HKEY_USERS\S-1-5-21-606747145-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39A17311-9A06-163C-023F-F35300940F4C}*]
    [HKEY_USERS\S-1-5-21-606747145-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AD714FD1-1AE8-6EBB-8EE4-0A3F446DA0F8}*]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Exploit Rogue Scanner [Type 972]

Post by clink on 10th December 2009, 8:43 pm

Thanks for the help. Smile

ComboFix 09-12-09.04 - Jono Clarke 10/12/2009 20:33:59.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2622 [GMT 0:00]
Running from: c:\documents and settings\Jono Clarke\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jono Clarke\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))
.

2009-12-10 19:28 . 2009-12-10 19:28 -------- d-----w- c:\documents and settings\Jono Clarke\Local Settings\Application Data\ESET
2009-12-10 16:42 . 2009-12-10 16:42 -------- d-----w- c:\program files\ESET
2009-12-10 16:42 . 2009-12-10 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-12-10 10:05 . 2009-10-17 20:27 3101560 ----a-w- c:\documents and settings\Jono Clarke\Application Data\Simply Super Software\Trojan Remover\afd5B.exe
2009-12-10 10:04 . 2006-06-19 13:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-12-10 10:04 . 2006-05-25 15:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-12-10 10:04 . 2005-08-26 01:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-12-10 10:04 . 2003-02-02 20:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-12-10 10:04 . 2002-03-06 01:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-12-10 10:04 . 2009-12-10 10:05 -------- d-----w- c:\program files\Trojan Remover
2009-12-10 10:04 . 2009-12-10 10:04 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Simply Super Software
2009-12-10 10:04 . 2009-12-10 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-09 15:09 . 2009-12-09 15:09 -------- d-----w- c:\program files\IObit
2009-12-09 15:02 . 2009-12-09 15:02 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Uniblue
2009-12-08 13:41 . 2009-12-08 13:41 -------- d-----w- c:\program files\Acunetix
2009-12-07 14:08 . 2009-12-07 14:08 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Malwarebytes
2009-12-07 14:08 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-07 14:08 . 2009-12-07 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-07 14:08 . 2009-12-07 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 14:08 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-07 11:02 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-07 11:02 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-07 11:02 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-07 11:02 . 2009-11-09 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-07 11:01 . 2009-12-07 11:03 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-07 10:57 . 2009-12-09 19:18 -------- d-----w- c:\program files\a-squared Free
2009-12-07 09:50 . 2009-12-07 09:50 -------- d-----w- c:\program files\Trend Micro
2009-12-02 19:06 . 2009-12-02 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-12-02 15:20 . 2009-02-09 08:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-02 15:19 . 2009-12-02 15:18 24403616 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_en[1].exe
2009-12-02 15:18 . 2009-12-02 15:18 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-12-02 15:18 . 2009-12-02 15:18 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-12-02 15:18 . 2009-12-02 15:18 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-12-02 15:18 . 2009-12-02 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-27 14:20 . 2009-11-27 14:21 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Corel
2009-11-27 14:20 . 2009-12-04 14:27 88 --sh--r- c:\documents and settings\All Users\Application Data\3DBE3A15FD.sys
2009-11-27 14:20 . 2009-12-04 14:27 3452 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-11-27 14:20 . 2009-11-27 14:20 -------- d-----w- c:\documents and settings\Jono Clarke\Corel
2009-11-27 12:06 . 2009-11-27 12:11 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Ulead Systems
2009-11-27 12:02 . 2009-11-27 12:02 -------- d-----w- c:\windows\system32\windows media
2009-11-27 12:01 . 2009-11-27 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-11-27 12:01 . 2009-11-27 12:01 -------- d-----w- c:\program files\Windows Media Components
2009-11-27 12:00 . 2009-12-07 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-11-21 22:05 . 2006-08-07 14:07 208896 ------w- c:\windows\system32\nvuide.exe
2009-11-21 22:04 . 2006-08-14 14:51 105344 ----a-w- c:\windows\system32\drivers\nvata.sys
2009-11-21 22:04 . 2006-08-07 14:08 35840 ----a-w- c:\windows\system32\NVCOI.DLL
2009-11-21 19:33 . 2009-11-21 19:33 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\InstallShield
2009-11-20 10:15 . 2009-11-20 10:15 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-11-18 12:41 . 2009-11-18 12:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-18 12:27 . 2009-11-18 12:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-18 10:34 . 2009-11-18 10:34 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-17 11:25 . 2008-10-27 10:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-11-17 11:25 . 2008-07-31 10:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-11-17 11:25 . 2008-07-31 10:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-11-17 11:25 . 2008-07-31 10:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-11-17 11:25 . 2008-07-10 11:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-11-17 11:25 . 2008-07-10 11:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-11-17 11:25 . 2008-07-10 11:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-11-12 17:51 . 2009-11-12 17:51 -------- d-----w- c:\program files\MSECache
2009-11-11 19:26 . 2009-11-11 19:26 152576 ----a-w- c:\documents and settings\Jono Clarke\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 20:30 . 2008-10-12 21:00 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\uTorrent
2009-12-10 20:30 . 2006-12-26 22:03 -------- d-----w- c:\program files\PeerGuardian2
2009-12-10 20:13 . 2008-08-07 19:29 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Skype
2009-12-10 20:02 . 2007-04-21 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-10 12:56 . 2008-08-07 19:33 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\skypePM
2009-12-09 20:12 . 2007-04-04 18:20 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-09 20:11 . 2007-04-04 19:28 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-09 19:14 . 2008-05-18 13:31 -------- d-----w- c:\program files\Lavasoft
2009-12-08 15:47 . 2007-11-30 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-08 15:15 . 2007-11-30 21:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-08 12:57 . 2007-05-30 16:57 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Alien Skin
2009-12-07 16:24 . 2006-12-25 22:03 158464 ----a-w- c:\documents and settings\Jono Clarke\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-07 10:27 . 2008-05-11 10:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-12-07 10:23 . 2006-12-25 21:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-07 10:18 . 2007-08-05 20:42 -------- d-----w- c:\program files\DivX
2009-12-06 23:03 . 2009-12-06 23:03 2316 ----a-w- c:\documents and settings\All Users\Application Data\xmlBF.tmp
2009-12-06 23:03 . 2009-12-06 23:03 13468 ----a-w- c:\documents and settings\All Users\Application Data\xmlBE.tmp
2009-12-06 23:03 . 2009-12-06 23:03 6412 ----a-w- c:\documents and settings\All Users\Application Data\xmlBD.tmp
2009-12-05 18:53 . 2009-06-29 19:33 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\dvdcss
2009-11-30 20:14 . 2009-04-20 18:34 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Spotify
2009-11-27 12:00 . 2006-12-25 21:50 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-26 11:35 . 2009-09-30 09:13 1328 ----a-w- c:\windows\desctemp.dat
2009-11-21 22:04 . 2009-07-09 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-18 14:23 . 2008-05-28 18:09 -------- d-----w- c:\program files\AVG
2009-11-17 20:58 . 2009-09-26 08:38 -------- d-----w- c:\program files\Creative
2009-11-17 20:49 . 2009-05-13 17:29 -------- d-----w- c:\program files\SSC Service Utility
2009-11-17 20:46 . 2007-11-11 21:11 -------- d-s---w- c:\program files\HLSW
2009-11-17 20:46 . 2008-02-09 19:23 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\HLSW
2009-11-17 20:44 . 2009-11-09 20:15 -------- d-----w- c:\program files\BilderHerunterlader
2009-11-17 10:45 . 2006-12-26 19:28 -------- d-----w- c:\program files\Activision
2009-11-16 11:00 . 2008-02-14 17:42 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\Vso
2009-11-11 19:27 . 2008-12-17 18:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-11 19:27 . 2007-10-21 10:54 -------- d-----w- c:\program files\Java
2009-11-09 20:08 . 2009-11-09 20:08 -------- d-----w- c:\program files\TurnTool
2009-11-07 21:44 . 2009-11-07 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Redfield
2009-11-07 14:40 . 2006-12-27 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-11-06 19:01 . 2008-04-08 19:02 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\FileZilla
2009-11-06 09:25 . 2009-11-06 09:22 -------- d-----w- c:\documents and settings\Jono Clarke\Application Data\BlazeFtp
2009-11-04 16:15 . 2006-06-07 09:08 4423168 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-04 15:45 . 2007-03-02 20:54 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-04 15:44 . 2006-06-07 09:09 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-04 15:29 . 2006-06-07 09:04 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-04 15:29 . 2006-06-07 09:04 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-04 15:29 . 2006-06-07 09:04 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 15:29 . 2006-06-07 09:04 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-04 15:28 . 2006-06-07 09:04 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-04 15:28 . 2006-12-25 22:12 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-11-04 15:27 . 2006-06-07 09:03 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 15:26 . 2006-06-07 09:02 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-04 15:18 . 2006-06-07 08:56 3518304 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-04 15:17 . 2006-06-07 08:43 13000704 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-04 15:05 . 2006-06-07 08:51 2135680 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-04 15:04 . 2008-12-01 20:11 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-04 15:04 . 2008-12-01 20:11 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-11-04 14:51 . 2009-07-15 01:27 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-04 14:51 . 2008-12-01 19:57 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-04 14:47 . 2006-06-07 08:40 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-04 14:46 . 2009-07-15 01:22 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-04 14:46 . 2009-07-15 01:22 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-04 14:45 . 2008-12-01 19:52 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-04 14:45 . 2009-07-15 01:20 3526656 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-04 14:45 . 2006-06-07 08:39 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-04 14:44 . 2008-12-01 19:50 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-04 14:44 . 2006-06-07 08:39 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-04 14:39 . 2006-06-07 08:35 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 09:20 . 2009-10-20 09:20 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-20 09:19 . 2008-05-28 19:57 -------- d-----w- c:\program files\Windows Live
2009-10-20 09:17 . 2009-05-10 07:39 -------- d-----w- c:\program files\Microsoft
2009-10-13 17:34 . 2009-10-13 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-02-15 21:31 . 2008-02-15 18:30 24 --sh--w- c:\windows\S8ABE894C.tmp
2007-05-03 19:07 . 2007-04-13 13:47 12954400 --sha-w- c:\windows\system32\drivers\fidbox.dat
2007-05-03 19:07 . 2007-04-13 13:47 716576 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-12-10_13.24.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-19 11:45 . 2009-03-19 11:45 93848 c:\windows\system32\drivers\epfwtdir.sys
+ 2009-12-10 16:42 . 2009-12-10 16:42 10134 c:\windows\Installer\{FE9C13F6-6BBD-47D3-B939-F7E061BC4930}\callmsi.exe
+ 2009-03-19 11:44 . 2009-03-19 11:44 107256 c:\windows\system32\drivers\ehdrv.sys
+ 2009-03-19 11:41 . 2009-03-19 11:41 113960 c:\windows\system32\drivers\eamon.sys
+ 2009-12-10 16:42 . 2009-12-10 16:42 101480 c:\windows\Installer\{FE9C13F6-6BBD-47D3-B939-F7E061BC4930}\egui.exe
+ 2009-12-10 16:42 . 2009-12-10 16:42 1146368 c:\windows\Installer\bb5c00.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-08 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-12-10 1070984]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
c:\program files\DAEMON Tools\daemon.exe -lang 1033 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\Steam\Steam.exe -silent [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_8 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atwtusb]
2006-02-21 09:32 294912 ----a-w- c:\windows\system32\ATWTUSB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 15:21 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 07:12 729088 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-12-18 21:34 868352 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-11 19:27 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1720:TCP"= 1720:TCP:torrent
"21909:TCP"= 21909:TCP:Utorrent
"28960:TCP"= 28960:TCP:cod4
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5353:TCP"= 5353:TCP:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [19/03/2009 11:45 93848]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [19/03/2009 11:44 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10/05/2009 07:43 54752]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [07/12/2009 14:08 276816]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [07/12/2009 14:08 19160]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/12/2006 12:34 639224]
S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [21/02/2007 19:26 22272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [21/06/2008 21:31 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [21/06/2008 21:31 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [21/06/2008 21:31 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [21/06/2008 21:32 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [21/06/2008 21:32 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [21/06/2008 21:32 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [21/06/2008 21:32 97704]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21/04/2007 14:54 52080]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Jono Clarke\Application Data\Mozilla\Firefox\Profiles\ami5ab0l.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-10 20:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-1972579041-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c7,60,43,f5,84,9f,48,78,a0,bb,b8,27,54,da,d5,14,b0,a5,58,10,7f,
5c,e1,85,1d,51,7f,69,0c,bc,06,4c,58,62,8f,3c,e0,90,4c,c7,d6,35,11,22,b2,d0,\
"rkeysecu"=hex:4a,dc,60,d7,5b,48,82,86,55,88,7f,95,4e,65,cf,33

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="0DD5B79B61E8F9E53BCC7E1F3399B4163B0BD704AC42C7462FD46136389F902C92FE4F6C28404408FE89B0659203F48D157DBD6B316333105E273D325B94B180591777F78AF183C47CF635057634E7525BADD67132091F9F53FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA6A0AC4980AC7933BA7FD869164D6794B30345188EE54670E38375ACB4E06A4B757E35A448CC54192E163528A0CABED1B797B700BA4E7BF0428A543F4D79E8A2F6D915759F822C87BF025C78BAB34B79DA541EBBE07202F3BB4865335E5A7AFAC560B3CCA5E7CD9F4C1C237638B4CD8868F85F32E5BFAD181B84F5415BC9EB11C80361D5F93B975FF59C7D5C85A55DDE5FA43A51A5C96ABCDCE725272A331BE79813C3BDAF617E8A13A0B7E90584A19FF2DE3C88ECC5B509AF036AA6A7A57C4483495539D0610BA92DA6F0648AEF59B30C10C8CDFD8DA1E4F9C60C8521D316320ABFE27ED6E7D88685941A12602ED3C6458498980E1E567DD20A288C5994837FE1781047354498AF8BB3FC3F412878C96EEF3766499A8BC388072F8A08E375BD74D350D24C6A10F8E72EB13BE0EB3FEF0A660437CBC811EE1ADBE4D159DE2DC1609AEEE2F67295797495A75963A7B6B251613490299249F4BC8B64B56A4A0329F5F889BF7F18150DBEDEA2F160B27E4CAE3ECDFAE4052A95D7FB18124F8A624E3B7D1232263B90D20BE1B7E066844C3EC23F2D82FB52BCD00A7742C28F2D4AD6E91BCC8A20E01CACCED95405F6BA6A4DDE8803385BD0226B222D77AAA4DE4EA66E2A561A942F5E43B4E934C2059635000EA352B064FA896FA52FA0AE7E749467ECE599B81FF315009A14EB807BFA9E24087EF2846DEC3B2ACB74F8B900645909B76D59C0519C109394C1622A3673ABC73F6B10CF406A11AB0455923880C8EB3C5AC22C90ADBFB271683FD1B187ABF441559D2A341BD8F74AEA12521CCBE0AFF991507A0B2C13F74F11BC4808B374A72722B09456B0C0F49DD7CD715B9E8F1BF7505F04163AF3E828BCCEAAA5F2C20756B22078DDA7D19B84528D7B6F2EDBBAB73A21589D37E1283CCC6D2D0774AF66EFC4CE4FF7175D971F96BAD2D52070AC7AA9A6DE10F580E80FD8F55C2BD5F7AFD54C016B568F59275315A5A98F8F9CA4C6AB68D0DEC018F3662CA717152F7C6031F0616E2B125F9BC973800B240DD26AE582C1BA01D01425CE44A70ECD894289EE0F7CD032162DDC6F8AE0D21B1A2A58E523F201F1D9846C16547FCADFDFF2D0BEB5C35FA50425E37564C03284AE5EDD1A379D5730FB9D4ED04198265BA4D96E15A70DB8C6B94DBF5144002E6F34CCFE181D4AC73ED1B6E3D5A746CFD3BB693028DC1150DA0ACE12BC9C601EF28B7A53B9656531A2E64C59"

[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-12-10 20:40:11
ComboFix-quarantined-files.txt 2009-12-10 20:40
ComboFix2.txt 2009-12-10 13:26
ComboFix3.txt 2009-12-10 09:25

Pre-Run: 24,075,575,296 bytes free
Post-Run: 24,098,041,856 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 902BE4914B136E53729DAA9F91EE3C65

clink
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-09
OS OS : XP
Points Points : 25673
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Exploit Rogue Scanner [Type 972]

Post by Belahzur on 11th December 2009, 1:23 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Exploit Rogue Scanner [Type 972]

Post by clink on 11th December 2009, 5:56 pm

PC is running great now. Thanks.

Just for everyones information. The Exploit Rogue Scanner was installed on my website. It affected the .htaccess file and added a re-direct to it so when you clicked on a link it was trying to send you to a malware site. In this case it was 4safe.in. It was actually my site host - MediaTemple which had been hacked and this affected 1000's of websites.

Thanks again. Smile

clink
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-09
OS OS : XP
Points Points : 25673
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Exploit Rogue Scanner [Type 972]

Post by Belahzur on 11th December 2009, 10:30 pm

Ouch!, looks like they have a job on their hands.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum