Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Yes.. It's true.. I'm submitting a HJT log.. O.o

[Fixed] Hijackthis! Logs - Yes.. It's true.. I'm submitting a HJT log.. O.o posted in the Security & Safety forums; Sorry, trying to get caught up on other logs. The link with the tutorial for combofix explains what to do for Vista....

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 2 of 5 < 1 2 3 4 5 >
  #7  
Old 03-15-2008
dahli's Avatar
Senior Security Analyst
  
Join Date: Dec 2006
Location: In a van, down by the river
Posts: 548
PC Experience: Experienced
dahli - See this Members User comments on their Profile page dahli - See this Members User comments on their Profile page dahli - See this Members User comments on their Profile page
Default Re: Yes.. It's true.. I'm submitting a HJT log.. O.o
Sorry, trying to get caught up on other logs.

The link with the tutorial for combofix explains what to do for Vista.


__________________
Steve
  #8  
Old 03-15-2008
DarkLord7854's Avatar
The cake is a lie..
My PC
 
Join Date: Sep 2005
Location: Florida
Posts: 1,365
PC Experience: Of Epic Proportions.
DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page
Default Re: Yes.. It's true.. I'm submitting a HJT log.. O.o
Yea, just read it hehe, thanks


__________________
Don't forget to rate posts if you find them helpful
  #9  
Old 03-15-2008
dahli's Avatar
Senior Security Analyst
  
Join Date: Dec 2006
Location: In a van, down by the river
Posts: 548
PC Experience: Experienced
dahli - See this Members User comments on their Profile page dahli - See this Members User comments on their Profile page dahli - See this Members User comments on their Profile page
Default Re: Yes.. It's true.. I'm submitting a HJT log.. O.o
yeah - reading helps (I am just skimming right now)


__________________
Steve
  #10  
Old 03-15-2008
DarkLord7854's Avatar
The cake is a lie..
My PC
 
Join Date: Sep 2005
Location: Florida
Posts: 1,365
PC Experience: Of Epic Proportions.
DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page
Default Re: Yes.. It's true.. I'm submitting a HJT log.. O.o
Alrighty here we go:

ComboFix:

ComboFix 08-03-14.4 - Enzo 2008-03-15 2:31:57.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1280 [GMT -4:00]
Running from: C:\Users\Enzo\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\NoDNS
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\Temporary
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outerinfo
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outerinfo\Terms.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Users\Enzo\AppData\Roaming\ASKS~1
C:\Windows\BM63df8f5e.xml
C:\Windows\pskt.ini
C:\Windows\system32\esqawpfq.dll
C:\Windows\System32\hbqbvhhk.ini
C:\Windows\System32\hihhk.ini
C:\Windows\System32\hihhk.ini2
C:\Windows\system32\jkhiiig.dll
C:\Windows\system32\khhih.dll
C:\Windows\system32\khhvbqbh.dll
C:\Windows\system32\ljjkiff.dll
C:\Windows\system32\piouckqa.dll
C:\Windows\system32\pmnonlj.dll
C:\Windows\system32\sdfoabrj.dll
C:\Windows\system32\ssqnkhf.dll
C:\Windows\system32\ssqnl.dll
C:\Windows\system32\timwotxi.dll
C:\Windows\system32\urqrrrr.dll
C:\Windows\System32\xbadd.ini
C:\Windows\System32\xbadd.ini2

.
((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-15 06:14 --------- d-----w C:\Users\Enzo\AppData\Roaming\Xfire
2008-03-15 05:51 --------- d-----w C:\ProgramData\Test Drive Unlimited
2008-03-15 05:47 --------- d-----w C:\Users\Enzo\AppData\Roaming\uTorrent
2008-03-15 05:12 22,528 ----a-w C:\Windows\system32\drivers\nhcDriver.sys
2008-03-15 05:08 24,576 ----a-w C:\Windows\System32\VundoFixSVC.exe
2008-03-15 04:19 --------- d-----w C:\Program Files\Notebook Hardware Control
2008-03-15 03:42 --------- d-----w C:\Program Files\Lavalys
2008-03-15 02:33 --------- d-----w C:\Program Files\NSR_Stage_1
2008-03-15 02:31 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-15 02:31 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-03-15 02:31 --------- d-----w C:\Program Files\OpenAL
2008-03-15 02:29 --------- d-----w C:\Users\Enzo\AppData\Roaming\Skype
2008-03-15 02:11 --------- d-----w C:\Users\Enzo\AppData\Roaming\GetRightToGo
2008-03-14 23:38 --------- d-----w C:\Program Files\Steam
2008-03-14 23:20 --------- d-----w C:\Users\Enzo\AppData\Roaming\AVG7
2008-03-13 05:17 --------- d-----w C:\ProgramData\Lavasoft
2008-03-13 05:17 --------- d-----w C:\Program Files\Lavasoft
2008-03-13 05:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-13 05:08 --------- d-----w C:\ProgramData\avg7
2008-03-13 05:05 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2008-03-13 05:05 --------- d-----w C:\ProgramData\Grisoft
2008-03-13 04:41 12,978 ----a-w C:\Users\Enzo\AppData\Roaming\nvModes.dat
2008-03-13 03:50 --------- d-----w C:\Program Files\RivaTuner v2.08
2008-03-13 03:41 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-13 00:56 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-12 23:56 --------- d-----w C:\Users\Enzo\AppData\Roaming\Hamachi
2008-03-12 20:29 --------- d-----w C:\Users\Enzo\AppData\Roaming\mIRC
2008-03-12 19:38 195,995 ----a-w C:\msexe.exe
2008-03-12 03:55 2,380,800 ----a-w C:\Windows\System32\mIRC - English.exe
2008-03-12 03:50 --------- d-----w C:\Program Files\mIRC
2008-03-11 07:24 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-11 07:02 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-03-10 21:11 --------- d-----w C:\Users\Enzo\AppData\Roaming\Apple Computer
2008-03-10 20:10 --------- d-----w C:\Program Files\Winamp
2008-03-10 19:57 --------- d-----w C:\ProgramData\Apple Computer
2008-03-10 19:57 --------- d-----w C:\Program Files\iTunes
2008-03-10 19:57 --------- d-----w C:\Program Files\iPod
2008-03-10 19:56 --------- d-----w C:\Program Files\Bonjour
2008-03-10 19:55 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-10 08:10 4,224 ----a-w C:\Windows\system32\drivers\NVStrap.sys
2008-03-09 20:26 --------- d-----w C:\Program Files\support.com
2008-03-09 05:21 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-03-09 00:59 --------- d-----w C:\ProgramData\VMware
2008-03-09 00:56 --------- d-----w C:\Users\Enzo\AppData\Roaming\VMware
2008-03-09 00:45 --------- d-----w C:\Program Files\Elaborate Bytes
2008-03-08 02:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-07 22:03 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-06 22:07 --------- d-----w C:\Program Files\uTorrent
2008-03-06 17:52 --------- d-----w C:\Users\Enzo\AppData\Roaming\SystemRequirementsLa b
2008-03-06 00:48 --------- d-----w C:\ProgramData\Xfire
2008-03-05 22:27 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-05 22:17 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-05 22:17 --------- d-----w C:\Users\Enzo\AppData\Roaming\skypePM
2008-03-05 22:16 --------- d-----w C:\ProgramData\Skype
2008-03-05 22:16 --------- d-----w C:\Program Files\Skype
2008-03-05 22:16 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-04 22:15 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-04 08:22 --------- d-----w C:\Program Files\Nokia
2008-03-04 08:22 --------- d-----w C:\Program Files\Intuwave
2008-03-03 23:53 --------- d-----w C:\ProgramData\Apple
2008-03-03 23:53 --------- d-----w C:\Program Files\QuickTime
2008-03-03 23:53 --------- d-----w C:\Program Files\Apple Software Update
2008-03-03 23:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-03 23:18 --------- d--h--w C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-03-03 20:24 --------- d-----w C:\Users\Enzo\AppData\Roaming\Intel
2008-03-03 14:44 --------- d-----w C:\Program Files\AdomBot
2008-03-03 06:44 --------- d-----w C:\ProgramData\FLEXnet
2008-03-03 02:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-03 02:32 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-01 06:32 --------- d-----w C:\ProgramData\~0
2008-03-01 06:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-01 06:19 --------- d-----w C:\ProgramData\Symantec
2008-03-01 06:04 --------- d-----w C:\Users\Enzo\AppData\Roaming\Infineon
2008-03-01 02:21 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-01 02:21 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-01 02:21 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-01 00:45 --------- d-----w C:\Program Files\MSBuild
2008-03-01 00:36 --------- d-----w C:\Program Files\Microsoft Works
2008-03-01 00:35 --------- d-----w C:\Program Files\Microsoft Expression
2008-03-01 00:34 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-29 23:39 --------- d-----w C:\Users\Enzo\AppData\Roaming\Leadertech
2008-02-29 23:12 22,328 ----a-w C:\Users\Enzo\AppData\Roaming\PnkBstrK.sys
2008-02-29 22:36 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2008-02-29 22:36 17,212 ----atw C:\Windows\System32\SIntf32.dll
2008-02-29 22:36 12,067 ----atw C:\Windows\System32\SIntf16.dll
2008-02-29 22:16 70,656 ----a-w C:\Windows\ScUnin.exe
2008-02-29 21:18 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-02-29 21:18 --------- d-----w C:\Program Files\Hamachi
2008-02-29 21:15 --------- d-----w C:\Users\Enzo\AppData\Roaming\Winamp
2008-02-29 21:01 --------- d-----w C:\Program Files\ASUS
2008-02-29 20:52 --------- d-----w C:\Program Files\Frameworkx
2008-02-29 20:51 --------- d-----w C:\Program Files\Java
2008-02-29 20:50 --------- d-----w C:\Program Files\Common Files\Java
2008-02-29 20:44 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-02-29 20:44 --------- d-----w C:\Users\Enzo\AppData\Roaming\DAEMON Tools
2008-02-29 20:40 --------- d-----w C:\Program Files\PowerForPhone
2008-02-29 20:39 --------- d-----w C:\Users\Enzo\AppData\Roaming\Ahead
2008-02-29 20:39 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-29 20:32 174 --sha-w C:\Program Files\desktop.ini
2008-02-29 20:28 --------- d-----w C:\Program Files\Windows Mail
2005-07-29 20:24 472 --sha-r C:\Windows\RW56bw\lqcdvT.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-03 20:33 2629632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-13 01:05 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-03-13 01:05 9216 C:\Windows\System32\avgwlntf.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^PCSuiteForNokia6600 Detect.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PCSuiteForNokia6600 Detect.lnk
backup=C:\Windows\pss\PCSuiteForNokia6600 Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^PCSuiteForNokia6600 TS.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PCSuiteForNokia6600 TS.lnk
backup=C:\Windows\pss\PCSuiteForNokia6600 TS.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
C:\Windows\ASScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
--a------ 2007-07-11 05:52 33136 C:\Windows\ASScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-03-13 01:05 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-02-12 16:37 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFXSPMGT]
C:\Windows\system32\ifxspmgt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JavaCore]
C:\Program Files\\JavaCore\\JavaCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\ddcdc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcoi]
C:\Program Files\nvcoi\nvcoi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-28 19:05 8429568 C:\Windows\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-28 19:05 81920 C:\Windows\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-04-28 19:05 86016 C:\Windows\system32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
C:\Program Files\PowerForPhone\PowerForPhone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-02-15 05:07 4390912 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\Windows\mrofinu1509.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2006-11-22 05:31 630784 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-03-01 09:24 857648 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-07-11 05:12 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xcnvrmg]
C:\Users\Enzo\AppData\Roaming\?asks\w?auclt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-765763825-3370971890-1530031887-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"TCP Query User{21FB533C-E45C-4C07-938B-78F252CE7886}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{3EBFB993-273A-401C-AFF1-F9AF434CA508}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{3C0D88E5-1653-4249-9C57-16513242769C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD583B4F-8CD0-4EA6-AC61-DA50FFD80BDC}"= UDP:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7E899F81-59B4-4924-B033-B0F51BDADA61}"= TCP:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-02-07 06:44]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sy s [2007-03-15 02:41]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-02-13 00:41]
R3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 05:50]
S0 NVStrap;NVStrap;C:\Windows\system32\drivers\NVStra p.sys [2008-03-10 04:10]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-12 03:11]
S4 Windows Executable Manager;Windows Executable Manager;"C:\Windows\msexe.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9e347c1f-eba3-11dc-855e-005056c00008}]
\shell\AutoRun\command - G:\autorun.exe
\shell\install\command - G:\setup.exe

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 02:38:52
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
.
************************************************** ************************
.
Completion time: 2008-03-15 2:42:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-15 06:42:51
.
2008-03-11 07:24:19 --- E O F ---


__________________
Don't forget to rate posts if you find them helpful
  #11  
Old 03-15-2008
dahli's Avatar
Senior Security Analyst
  
Join Date: Dec 2006
Location: In a van, down by the river
Posts: 548
PC Experience: Experienced
dahli - See this Members User comments on their Profile page dahli - See this Members User comments on their Profile page dahli - See this Members User comments on their Profile page
Default Re: Yes.. It's true.. I'm submitting a HJT log.. O.o
We are getting there.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    purity
  • Right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


__________________
Steve
  #12  
Old 03-15-2008
DarkLord7854's Avatar
The cake is a lie..
My PC
 
Join Date: Sep 2005
Location: Florida
Posts: 1,365
PC Experience: Of Epic Proportions.
DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page DarkLord7854 - See this Members User comments on their Profile page
Default Re: Yes.. It's true.. I'm submitting a HJT log.. O.o
Just double-checking, I type in "purity" only? Because it doesn't seem to do anything.. >.>


All it gives me is:

[Custom Input]
< purity >

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03


__________________
Don't forget to rate posts if you find them helpful

Reply
New! Norton Internet Security 2008 – Download Now Click Here
Page 2 of 5 < 1 2 3 4 5 >

Bookmarks

« Both FireFox and IE messing up | [Resolved] HJT Log :o »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
hjt log bluR [Fixed] Hijackthis! Logs 9 11-16-2007 04:57 AM
HELP ME PLEASE, spyware, HJT log amazing_race [Fixed] Hijackthis! Logs 16 10-31-2007 10:03 PM
[Pending] Slow PC - HJT log attached Jim0203 [Fixed] Hijackthis! Logs 3 08-22-2007 01:45 PM
[Resolved] Computer Worries - HJT log - Help please? heather2055 [Fixed] Hijackthis! Logs 2 12-22-2006 12:25 AM
[Pending] new hjt user needs advise on log file kalderz [Fixed] Hijackthis! Logs 4 09-06-2005 08:26 PM

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 03:22 PM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com