Rob18
@comcast.net
| reply to Rob18
Re: [Trojan] AVWA.DLL Removal
Sorry it took so long. Here are the results:
Logfile of The Avenger Version 2.0, (c) by Swandog46
»swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Completed script processing.
*******************
Finished! Terminate.
SDFix: Version 1.182
Run by Lauren Cortese on Fri 05/16/2008 at 09:24 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\33.TMP - Deleted
C:\34.TMP - Deleted
C:\38.TMP - Deleted
C:\39.TMP - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-05-16 09:35:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\PROGRA~1\\ExamSoft\\SofTest\\SoftLnch.exe"="C:\\PROGRA~1\\ExamSoft\\SofTest\\SoftLnch.exe:*:Enabled:SofLaunch"
"C:\\PROGRA~1\\ExamSoft\\SofTest\\softest.exe"="C:\\PROGRA~1\\ExamSoft\\SofTest\\SofTest.exe:*:Enabled:SofTest"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunesHelper.exe"="C:\\Program Files\\iTunes\\iTunesHelper.exe:*:Disabled:iTunesHelper Module"
"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe:*:Disabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"="C:\\Program Files\\ExamSoft\\SoftLnch.exe:*:Enabled:SofLaunch
"
"C:\\Program Files\\ExamSoft\\SofTest\\softest.exe"="C:\\Program Files\\ExamSoft\\SofTest.exe:*:Enabled:SofTest
"
"C:\\Program Files\\AIM6\\aolsoftware.exe"="C:\\Program Files\\AIM6\\aolsoftware.exe:*:Enabled:AOL"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 9 Aug 2001 64,512 A..H. --- "C:\i386\PackethSvc.exe"
Thu 9 Aug 2001 64,512 A..H. --- "C:\Program Files\wmconnect\packethsvc.exe"
Thu 9 Aug 2001 40,960 A..H. --- "C:\Program Files\wmconnect\RBM.exe"
Thu 19 Jan 2006 102,467 A..H. --- "C:\Program Files\wmconnect\wmphx.exe"
Fri 10 Feb 2006 38,576 A..H. --- "C:\Program Files\wmconnect\wmtray.exe"
Fri 26 Oct 2001 151,615 A..H. --- "C:\Program Files\wmconnect\wwm.exe"
Thu 9 Aug 2001 64,512 A..H. --- "C:\WINDOWS\system32\PackethSvc.exe"
Sat 18 Nov 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 5 Oct 2005 33,792 ...H. --- "C:\Documents and Settings\Lauren Cortese\My Documents\~WRL0001.tmp"
Tue 11 Dec 2007 43,520 ...H. --- "C:\Documents and Settings\Lauren Cortese\My Documents\~WRL1214.tmp"
Fri 15 Dec 2006 125,440 ...H. --- "C:\Documents and Settings\Lauren Cortese\My Documents\~WRL1522.tmp"
Wed 6 Dec 2006 35,328 ...H. --- "C:\Documents and Settings\Lauren Cortese\My Documents\~WRL1820.tmp"
Wed 12 Dec 2007 44,032 ...H. --- "C:\Documents and Settings\Lauren Cortese\My Documents\~WRL2317.tmp"
Tue 8 Apr 2008 30,208 ...H. --- "C:\Documents and Settings\Lauren Cortese\My Documents\~WRL2324.tmp"
Sun 12 Feb 2006 77,824 ...H. --- "C:\Documents and Settings\Lauren Cortese\My Documents\~WRL2856.tmp"
Thu 14 Dec 2006 81,408 ...H. --- "C:\Documents and Settings\Lauren Cortese\My Documents\~WRL2910.tmp"
Thu 14 Dec 2006 65,024 ...H. --- "C:\Documents and Settings\Lauren Cortese\My Documents\~WRL2926.tmp"
Fri 15 Dec 2006 102,912 ...H. --- "C:\Documents and Settings\Lauren Cortese\My Documents\~WRL3088.tmp"
Wed 6 Dec 2006 40,960 ...H. --- "C:\Documents and Settings\Lauren Cortese\My Documents\~WRL3378.tmp"
Mon 4 Dec 2006 60,416 ...H. --- "C:\Documents and Settings\Lauren Cortese\My Documents\~WRL3696.tmp"
Tue 13 Nov 2001 172,032 A..H. --- "C:\Program Files\wmconnect\COMIT\cswitch.exe"
Fri 27 Oct 2006 2,996 ...H. --- "C:\Documents and Settings\All Users\Application Data\inData\wmfnnrh.dll"
Fri 16 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 13 Mar 2007 36,352 ...H. --- "C:\Documents and Settings\Lauren Cortese\My Documents\spring 2007\~WRL3383.tmp"
Mon 28 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT17.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Lauren Cortese\Application Data\U3\temp\Launchpad Removal.exe"
Tue 13 Nov 2007 31,232 ...H. --- "C:\Documents and Settings\Lauren Cortese\Application Data\Microsoft\Word\STARTUP\~WRL1898.tmp"
Mon 17 Mar 2008 55,296 ...H. --- "C:\Documents and Settings\Lauren Cortese\Application Data\Microsoft\Word\STARTUP\~WRL2130.tmp"
Tue 13 Nov 2007 33,280 ...H. --- "C:\Documents and Settings\Lauren Cortese\Application Data\Microsoft\Word\STARTUP\~WRL3580.tmp"
Thu 14 Dec 2006 311,296 ...H. --- "C:\Documents and Settings\Lauren Cortese\Application Data\Microsoft\Word\STARTUP\~WRL3854.tmp"
Finished!
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-05-16 09:43:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0 |
