ancp41 wrote:I dont think I used it as an administrator. What do I have to do now?
Ok when you clicked "Avenger.exe" did you use the right click menu and select "Run as adminstrator"??
Also, if on turn off the windows Firewall.
Quads
Windows firewall is off. And no.. I didnt right click and run as administrator. Sorry. I didnt know I was supposed to. Do I turn off the firewall on norton? And I still cant find the skynet.exe file. My search engine keeps saying No Search results.
Don't worry about the file you can't find as that is good.
Avenger with Vista need to run with Administrator rights See if that works
Right click "Avenger.exe" and click "Run as Administrator" then Avenger will start like before but with admin priviledges the you can place the script in again.
Quads
Ok... here's the new avenger log:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Disablement of driver "SKYNETrdvvtnic" failed!
Status: 0xc0000001 (STATUS_UNSUCCESSFUL)
Error: could not open driver "SKYNETokvviotn.sys"
Disablement of driver "SKYNETokvviotn.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Driver "SKYNETrdvvtnic" deleted successfully.
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\SKYNETokvviotn.sys" not found!
Deletion of driver "SKYNETokvviotn.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not delete file "C:\WINDOWS\system32\drivers\SKYNETokvviotn.sys"
Deletion of file "C:\WINDOWS\system32\drivers\SKYNETokvviotn.sys" failed!
Status: 0xc0000156
Error: could not delete file "C:\WINDOWS\System32\SKYNETmhxdfufx.dll"
Deletion of file "C:\WINDOWS\System32\SKYNETmhxdfufx.dll" failed!
Status: 0xc0000156
Error: could not delete file "C:\WINDOWS\System32\SKYNETtqsxqrwn.dll"
Deletion of file "C:\WINDOWS\System32\SKYNETtqsxqrwn.dll" failed!
Status: 0xc0000156
Error: could not delete file "C:\Windows\System32\SKYNETcodrxpyq.dat"
Deletion of file "C:\Windows\System32\SKYNETcodrxpyq.dat" failed!
Status: 0xc0000156
Error: file "C:\Windows\System32\SKYNETiuwjpohn.dat" not found!
Deletion of file "C:\Windows\System32\SKYNETiuwjpohn.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not delete file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETbwqaecrotd.tmp"
Deletion of file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETbwqaecrotd.tmp" failed!
Status: 0xc0000156
Error: could not delete file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETbxxitndkpv.tmp"
Deletion of file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETbxxitndkpv.tmp" failed!
Status: 0xc0000156
Error: could not delete file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETcsbrwvbyqb.tmp"
Deletion of file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETcsbrwvbyqb.tmp" failed!
Status: 0xc0000156
Error: could not delete file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETevfpdxbepw.tmp"
Deletion of file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETevfpdxbepw.tmp" failed!
Status: 0xc0000156
Error: could not delete file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETfwtmvqnpxt.tmp"
Deletion of file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETfwtmvqnpxt.tmp" failed!
Status: 0xc0000156
Error: could not delete file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETorqwtfxfej.tmp"
Deletion of file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETorqwtfxfej.tmp" failed!
Status: 0xc0000156
Error: could not delete file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETovwpwdxdsf.tmp"
Deletion of file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETovwpwdxdsf.tmp" failed!
Status: 0xc0000156
Error: could not delete file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNEToxbbdapvde.tmp"
Deletion of file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNEToxbbdapvde.tmp" failed!
Status: 0xc0000156
Error: could not delete file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETqfohupkoof.tmp"
Deletion of file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETqfohupkoof.tmp" failed!
Status: 0xc0000156
Error: could not delete file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETtmdsvedpuf.tmp"
Deletion of file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETtmdsvedpuf.tmp" failed!
Status: 0xc0000156
Error: could not delete file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETvcjherlmcr.tmp"
Deletion of file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETvcjherlmcr.tmp" failed!
Status: 0xc0000156
Error: could not delete file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETwptqiperbk.tmp"
Deletion of file "C:\Users\ahah\AppData\Local\Temp\Low\SKYNETwptqiperbk.tmp" failed!
Status: 0xc0000156
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SKYNETrdvvtnic" deleted successfully.
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SKYNETrdvvtnic" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SKYNETrdvvtnic" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\SKYNET" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\SKYNET" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
looks like it is time for me to CFScript with a kill switch. ti target those files.
Read from this message onwards on how myself and anothe poster used a CFScript to tartget files So you understand.
http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=55277#M55277
I will get scipting, it's slightly different.
Quads
Hi Quads...
When I went to the slingshot link for the CFScript.txt, it said ERROR page not found. what do I do?
I have / am having to make you yor own script
Quads
Message Edited by Quads on 06-11-2009 03:58 PM
I have PM ed you the script (yellow envelope)
You have to Copy everything between the lines then open Notepad, and paste it
Then save the .txt file as "CFScript.exe" and do the drag and drop it on top of Combofix.exe.
When combofix is running do not move the mouse to inside the box
Quads
Ok... i did the combofix thingy. I just wanted to know if it was normal that after it does what it needs to do it changes your background? But here's the combofix log.
ComboFix 09-06-09.06 - ahah 06/11/2009 14:52.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1900 [GMT 10:00]
Running from: c:\users\ahah\Desktop\ComboFix.exe
Command switches used :: c:\users\ahah\Desktop\CFScript.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\IEToolbar
c:\windows\system32\drivers\SKYNETokvviotn.sys
c:\windows\system32\SKYNETcodrxpyq.dat
c:\windows\system32\SKYNETgcepqmpx.dat
c:\windows\system32\SKYNETixaxndrs.dat
c:\windows\system32\SKYNETmhxdfufx.dll
c:\windows\system32\SKYNETpwxtbpbn.dll
c:\windows\system32\SKYNETqxcoirod.dll
c:\windows\system32\SKYNETsigxirmp.dat
c:\windows\system32\SKYNETtqsxqrwn.dll
c:\windows\system32\SKYNETtvxectjx.dll
D:\Desktop.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETrdvvtnic
((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.
2009-06-11 04:55 . 2009-06-11 04:56 -------- d-----w- c:\users\ahah\AppData\Local\temp
2009-06-11 04:20 . 2009-06-11 04:54 -------- d---a-w- \Qoobox
2009-06-11 01:27 . 2009-06-11 03:11 -------- d-----w- \Avenger
2009-06-10 07:52 . 2009-06-10 07:52 -------- d-----w- c:\users\ahah\AppData\Roaming\Malwarebytes
2009-06-10 07:52 . 2009-05-26 03:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 07:52 . 2009-06-10 07:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 07:52 . 2009-06-10 07:52 -------- d-----w- c:\progra~2\Malwarebytes
2009-06-10 07:52 . 2009-05-26 03:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 07:42 . 2009-06-10 07:42 -------- d-----w- c:\program files\Trend Micro
2009-06-10 06:52 . 2009-06-10 06:56 -------- d-sh--w- \Config.Msi
2009-06-10 05:55 . 2009-06-10 05:55 -------- d-----w- c:\users\ahah\AppData\Roaming\Symantec
2009-06-10 05:52 . 2009-06-10 06:56 -------- d-----w- c:\program files\Norton Internet Security
2009-06-10 05:50 . 2009-06-10 06:54 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-10 05:50 . 2009-06-10 06:54 -------- d-----w- c:\program files\Symantec
2009-06-10 05:44 . 2009-06-10 06:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-08 13:58 . 2009-06-08 13:58 -------- d-----w- c:\users\ahah\AppData\Local\Symantec
2009-06-08 07:36 . 2009-06-08 07:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-07 23:04 . 2006-10-26 09:58 30512 ----a-w- c:\windows\system32\mdimon.dll
2009-06-07 22:59 . 2009-06-07 22:59 -------- d-----w- c:\program files\Microsoft.NET
2009-06-07 22:56 . 2009-06-07 22:56 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-07 22:53 . 2009-06-07 22:53 -------- d--h--r- C:\MSOCache
2009-06-07 22:53 . 2009-06-07 22:53 -------- d--h--r- \MSOCache
2009-06-05 07:40 . 2009-06-05 07:40 -------- d-----w- c:\users\Administrator
2009-06-05 07:20 . 2009-06-05 07:20 -------- d-----w- c:\program files\iPod
2009-06-05 07:20 . 2009-06-05 07:20 -------- d-----w- c:\program files\iTunes
2009-06-05 07:18 . 2009-06-05 07:18 -------- d-----w- c:\program files\QuickTime
2009-06-05 07:15 . 2009-06-05 07:15 -------- d-----w- c:\users\ahah\AppData\Roaming\Template
2009-06-05 05:52 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-05 05:52 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-05 05:52 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-05 05:52 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-05 05:52 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-05 05:52 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-05 05:52 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-05 05:44 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-05 05:44 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-05 05:44 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-05 05:44 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-05 05:44 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-05 05:41 . 2009-06-05 05:41 -------- d-----w- c:\users\ahah\AppData\Local\Seven Zip
2009-06-04 06:35 . 2009-06-05 08:40 -------- d-----w- c:\users\ahah\AppData\Roaming\GetRightToGo
2009-05-26 03:28 . 2009-05-26 03:28 -------- d-----w- c:\progra~2\PlayFirst
2009-05-26 03:28 . 2009-05-26 03:28 -------- d-----w- c:\users\ahah\AppData\Roaming\PlayFirst
2009-05-26 03:26 . 2009-05-26 03:26 16 ----a-w- c:\windows\popcinfo.dat
2009-05-24 01:36 . 2009-05-24 01:36 -------- d-----w- c:\users\ahah\AppData\Roaming\GTek
2009-05-16 00:36 . 2008-12-05 04:32 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-05-16 00:36 . 2008-12-05 04:32 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-05-15 03:45 . 2009-05-17 01:58 -------- d-----w- c:\users\ahah\AppData\Local\Microsoft Help
2009-05-15 03:02 . 2009-06-05 06:31 5972 ----a-w- c:\users\ahah\AppData\Local\d3d9caps.dat
2009-05-15 00:27 . 2009-05-29 04:49 -------- d-----w- c:\users\ahah\AppData\Local\Microsoft Games
2009-05-14 13:41 . 2009-05-14 13:41 -------- d-----w- c:\progra~2\LightScribe
2009-05-14 12:31 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-14 12:27 . 2009-05-14 12:27 -------- d-----w- c:\program files\MSXML 4.0
2009-05-14 11:17 . 2008-12-16 05:31 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-05-14 11:17 . 2008-12-16 05:31 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-05-14 11:17 . 2008-12-16 03:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-05-14 11:15 . 2009-02-13 08:49 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-05-14 11:15 . 2009-02-13 08:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-05-14 11:15 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-05-14 11:15 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-05-14 11:15 . 2008-08-28 03:40 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-05-14 11:15 . 2008-08-28 03:40 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-05-14 11:15 . 2008-08-28 03:40 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-05-14 11:15 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-05-14 11:15 . 2008-11-01 01:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-14 11:14 . 2008-11-27 04:43 268288 ----a-w- c:\windows\system32\schannel.dll
2009-05-14 11:14 . 2008-06-23 01:59 2868736 ----a-w- c:\windows\system32\mf.dll
2009-05-14 11:14 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-05-14 11:14 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2009-05-14 11:11 . 2009-02-09 03:10 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-05-14 10:55 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2009-05-14 10:55 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2009-05-14 10:42 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-05-14 10:33 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-05-14 10:32 . 2008-12-16 02:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-05-14 10:24 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
2009-05-14 10:13 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-05-14 10:13 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-05-14 10:13 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-05-14 10:12 . 2008-08-27 01:05 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-14 10:12 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-05-14 10:12 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-05-14 06:05 . 2008-09-10 03:40 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-05-13 17:11 . 2009-05-16 06:41 -------- d-----w- c:\users\ahah\AppData\Local\Apple Computer
2009-05-13 17:11 . 2009-05-13 17:11 -------- d-----w- c:\users\ahah\AppData\Roaming\Apple Computer
2009-05-13 17:11 . 2009-05-13 17:11 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-13 17:11 . 2009-03-19 06:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-13 17:11 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-05-13 17:10 . 2009-05-13 17:11 -------- d-----w- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-13 17:10 . 2009-05-13 17:10 -------- d-----w- c:\program files\Bonjour
2009-05-13 17:09 . 2009-05-13 17:10 -------- d-----w- c:\progra~2\Apple Computer
2009-05-13 17:09 . 2009-05-13 17:09 -------- d-----w- c:\users\ahah\AppData\Local\Apple
2009-05-13 17:09 . 2009-05-13 17:09 -------- d-----w- c:\program files\Apple Software Update
2009-05-13 17:08 . 2009-06-05 07:20 -------- d-----w- c:\program files\Common Files\Apple
2009-05-13 17:08 . 2009-05-13 17:08 -------- d-----w- c:\progra~2\Apple
2009-05-13 16:47 . 2009-06-09 02:55 -------- d-----w- c:\users\ahah\AppData\Roaming\LimeWire
2009-05-13 15:37 . 2009-06-11 02:31 -------- d-----w- c:\users\ahah\AppData\Local\Adobe
2009-05-13 14:50 . 2009-05-13 14:50 -------- d-----w- c:\users\ahah\AppData\Roaming\WildTangent
2009-05-13 14:18 . 2009-06-11 03:11 -------- d-----w- c:\users\ahah\Tracing
2009-05-13 14:17 . 2009-05-13 14:17 -------- d-----w- c:\program files\Microsoft
2009-05-13 14:16 . 2009-05-13 14:16 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-13 14:16 . 2009-05-13 14:17 -------- d-----w- c:\program files\Windows Live
2009-05-13 14:08 . 2009-05-13 14:08 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-13 13:43 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-13 13:43 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-13 13:43 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-13 13:43 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-13 13:43 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-13 13:43 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-13 13:43 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-13 13:43 . 2008-10-16 04:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-05-13 13:43 . 2008-10-16 03:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-05-13 09:52 . 2009-06-10 07:47 -------- d-----w- c:\users\ahah\AppData\Local\VirtualStore
2009-05-13 09:51 . 2009-05-13 09:51 -------- d-----w- c:\users\ahah\AppData\Roaming\hewlett-packard
2009-05-13 09:51 . 2009-06-07 23:06 106944 ----a-w- c:\users\ahah\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-13 09:45 . 2009-05-13 09:45 -------- d-----w- c:\users\ahah\AppData\Roaming\HP TCS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 04:49 . 2009-03-21 08:29 3149078528 --sha-w- \hiberfil.sys
2009-06-11 04:48 . 2009-03-21 07:53 3462864896 --sha-w- \pagefile.sys
2009-06-10 06:54 . 2009-06-10 05:50 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-10 06:54 . 2009-06-10 05:50 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-10 06:14 . 2008-10-23 09:42 -------- d-----w- c:\progra~2\Symantec
2009-06-09 08:15 . 2008-10-23 10:56 -------- d-----w- c:\program files\SMINST
2009-06-09 07:48 . 2008-10-23 10:38 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-09 07:19 . 2008-10-23 09:41 -------- d-----w- c:\progra~2\Norton
2009-06-07 23:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-06-07 22:52 . 2009-06-05 07:14 66 ----a-w- c:\users\ahah\AppData\Roaming\wklnhst.dat
2009-06-05 07:40 . 2008-10-23 10:40 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-06-05 07:08 . 2008-10-23 10:25 -------- d-----w- c:\program files\Microsoft Works
2009-05-26 04:18 . 2008-10-23 09:57 -------- d-----w- c:\progra~2\WildTangent
2009-05-15 00:10 . 2008-10-23 10:52 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-14 08:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 16:41 . 2008-10-23 10:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-13 14:44 . 2008-10-23 10:43 -------- d-----w- c:\progra~2\CyberLink
2009-05-13 09:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-13 09:43 . 2009-05-13 09:43 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE911FCPH_E508165-001_4A_I3612_SWistron_V09.50_F.35_T090304_WV3-1_L409_M3003_J320_7Intel_867A_92.00_#090321_N10EC8136;168C002A_(NB041UA#ABA)_XMOBILE_CN10_Z_2F.35.MRK
2009-03-21 08:33 . 2008-08-06 22:29 353840 ----a-w- c:\windows\system32\msvcr71.dll
2009-03-21 08:33 . 2008-08-06 22:27 505392 ----a-w- c:\windows\system32\msvcp71.dll
2009-03-21 08:33 . 2008-10-23 10:43 1053232 ----a-w- c:\windows\system32\MFC71u.dll
2008-10-23 10:05 . 2008-10-23 09:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2008-02-10 152952]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\System32\ICO.EXE [2006-11-03 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3053D97C-241E-4AC5-9170-CB3FF8399023}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{B6796339-CBA0-4371-A729-7402FDB962F6}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{AB8CEF7A-BDE1-4886-8ABA-4CD87EF2FF29}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8A3BC15C-C777-4D0E-B1D3-A14E4901BC5A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C963FB0D-413C-4E7C-B73B-A47E1D243883}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6D982405-1B10-4C58-B68F-0627480B8A68}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0641BA67-F61F-4C08-870D-FC55156DAFE7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A6395727-3263-4BBC-9E42-FE086DFF64A9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{56258D02-8291-46FE-B451-A1D713DF4BB9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{00880098-8A44-44E0-802C-A161D6F8EF54}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CF5A9CFA-FFF6-44B9-957B-D0ED1BBC804C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1CDB94E0-E6E6-464E-AFBD-B867CE023714}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B137E3C3-19B8-4872-92ED-04040BA44A77}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F53B26DF-C38D-4C97-AD83-E64E3B2C4333}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{53340987-6AB0-4F58-B939-4DADDD368153}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D2D853EF-D7B2-4608-BFFA-626D2743DF91}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090604.001\IDSvix86.sys [6/10/2009 4:14 PM 272432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [1/26/2008 11:47 AM 149352]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [10/23/2008 8:56 PM 365952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/10/2009 3:45 PM 101936]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [6/30/2008 12:52 AM 112128]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 1:31 PM 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [1/13/2008 12:32 PM 23888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [10/23/2008 7:55 PM 193840]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [6/10/2009 5:52 PM 40160]
S3 pelmouse;Mouse Suite Driver;c:\windows\System32\drivers\PELMOUSE.SYS [5/14/2009 9:26 PM 16512]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\System32\drivers\PELUSBlf.SYS [5/14/2009 9:26 PM 13184]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-05-13 c:\windows\Tasks\HPCeeScheduleForahah.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
2009-06-10 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - ahah.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gu&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 14:55
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-11 14:57
ComboFix-quarantined-files.txt 2009-06-11 04:57
Pre-Run: 273,103,654,912 bytes free
Post-Run: 273,580,744,704 bytes free
297 --- E O F --- 2009-06-09 07:48
Hi
It depends, if it thinks that some settings were due to Malware, Are you talking just about say the wallpaper??
I see in the log, that will take awhile to read this
atchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 14:55
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
Quads
Take your time Quads..
I just can't wait till everything is fixed so I could click on the solution button. I'll be waiting for another reply. And yeah... just the wallpaper. I guess its fine. I changed it back already.
Message Edited by ancp41 on 06-10-2009 10:26 PM
you can enable the auto-protect and firewall now,
Is anything better??
Quads
Everything is working. Can I disable/uninstall malware, avenger, combofix, hijackthis and all that stuff I had to download and save to fix this problem? Or do I have to keep them on my computer?
Message Edited by ancp41 on 06-10-2009 11:04 PM
Hi
Remove Avenger, Combofix, Rootrepeal, GMER, Hijackthis
But you can keep Malwarebytes and even get SuperAntispyware Free as they are good free on demand scanners, updated all the time and does not interfer with Norton.
I have them myself as backup.
Quads
Dont forget to choose the post that was the answer so others can find it and help them!
LOL
hahahah
Quads
Thanks so much for everything. Keep doing what you do. It’s such a big help for computer amateurs. You are a miracle worker.
Ancp41:
While the post you chose for the solution will eventually draw someone to read the whole post, you might want to go to options on the right, and perhaps press the green button for one of Quad's solutions. Your choice however, no pressure. LOL