cftmon.exe ...the undead (Resolved)

**TurcoLoco** · 06-20-2007, 08:47 PM

Originally Posted by spaileen

I am unable to run Both AVG ANti Spy and Rootkit in Safe Mode. AVG Anti Spy gives error.."Connection service failed, please re-install" . I did this and it still did not run. Rootkit gives the error .."Reboot computer before running". I did this to no effect. I can run both in normal Mode?

Ok, then please try updating both of them and then running them in Normal mode but do not try to run them at the same time, ok?

Also, download Autoruns, after downloading, run it (Windows running in NORMAL MODE), when the program starts and you agree to the EULA, press ESC to cancel the initial scan. Click OPTIONS, then check the box next to 'Hide Microsoft Entries' then run the scan. Once it is done, click file and save the log file on desktop so you can easily locate and attach it to your next post please.

**spaileen** · 06-21-2007, 12:05 PM

I've attached the logs for AVG Anti Spyware and Autorun. I do not see an option to save Rootkit txt file. However Rootkit found only1 hidden file ....
c:\windows\system32\kdtco.exe. When I went to delete it I got a warning that it could be dangerous deleting this file and it could be a boot file. I did not delete it. I hope this information is of help.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:35:53 21/06/2007

+ Scan result:

:mozilla.10:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.205:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.214:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.247:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.251:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.300:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.31:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.376:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.74:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.7:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.8:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.9:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.30:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.405:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Gerry B\Cookies\gerry_b@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Gerry B\Cookies\gerry_b@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.82:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.83:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.76:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Connextra : No action taken.
:mozilla.86:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Dealtime : No action taken.
:mozilla.97:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.98:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.99:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.25:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.167:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.169:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Info : No action taken.
:mozilla.299:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Information : No action taken.
:mozilla.301:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.302:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.303:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.304:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Gerry B\Cookies\gerry_b@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : No action taken.
:mozilla.242:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.250:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Paycounter : No action taken.
:mozilla.26:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.27:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.266:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.147:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Real : No action taken.
:mozilla.289:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Real : No action taken.
:mozilla.290:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Real : No action taken.
:mozilla.291:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Real : No action taken.
:mozilla.294:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.295:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.307:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.66:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.79:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.170:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.171:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.318:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Gerry B\Cookies\gerry_b@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.330:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.331:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.342:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.305:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.375:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Gerry B\Cookies\gerry_b@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.496:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Xxxcounter : No action taken.
:mozilla.497:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Xxxcounter : No action taken.
:mozilla.498:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Xxxcounter : No action taken.
:mozilla.499:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Yadro : No action taken.

::Report end
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:35:53 21/06/2007

+ Scan result:

:mozilla.10:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.205:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.214:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.247:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.251:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.300:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.31:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.376:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.74:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.7:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.8:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.9:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.30:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.405:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Gerry B\Cookies\gerry_b@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Gerry B\Cookies\gerry_b@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.82:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.83:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.76:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Connextra : No action taken.
:mozilla.86:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Dealtime : No action taken.
:mozilla.97:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.98:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.99:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.25:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.167:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.169:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Info : No action taken.
:mozilla.299:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Information : No action taken.
:mozilla.301:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.302:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.303:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.304:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Gerry B\Cookies\gerry_b@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : No action taken.
:mozilla.242:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.250:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Paycounter : No action taken.
:mozilla.26:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.27:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.266:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.147:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Real : No action taken.
:mozilla.289:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Real : No action taken.
:mozilla.290:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Real : No action taken.
:mozilla.291:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Real : No action taken.
:mozilla.294:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.295:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.307:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.66:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.79:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.170:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.171:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.318:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Gerry B\Cookies\gerry_b@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.330:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.331:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.342:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.305:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.375:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Gerry B\Cookies\gerry_b@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.496:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Xxxcounter : No action taken.
:mozilla.497:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Xxxcounter : No action taken.
:mozilla.498:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Xxxcounter : No action taken.
:mozilla.499:C:\Documents and Settings\Gerry B\Application Data\Mozilla\Firefox\Profiles\6bmkkame.default\coo kies.txt -> TrackingCookie.Yadro : No action taken.

::Report end

**spaileen** · 06-21-2007, 12:07 PM

I forgot to include Auotorun .txtHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion \Run
+ AVG7_CC AVG Control Center GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgcc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ swg GoogleToolbarNotifier Google Inc. c:\program files\google\googletoolbarnotifier\1.2.1128.5462\g oogletoolbarnotifier.exe
+ Uniblue SpyEraser SpyEraser Uniblue Software c:\program files\uniblue\spyeraser\spyeraser.exe
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
+ AVG Anti-Spyware 7.5 AVG Anti-Spyware shellexecutehook GRISOFT s.r.o. c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
+ AVG7 Find Extension AVG Shell Extension GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgse.dll
+ AVG7 Shell Extension AVG Shell Extension GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgse.dll
+ dBpoweramp Music Converter dMC Shell Module Illustrate c:\program files\illustrate\dbpoweramp\dmcshell.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswshx.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
+ dBpShell Class Provides dBpoweramp Shell Interaction Illustrate c:\program files\illustrate\dbpoweramp\dbshell.dll
+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
+ DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswshx.dll
+ Google Toolbar Helper Google IE Client Toolbar Google Inc. c:\program files\google\googletoolbar1.dll
+ SSVHelper Class Java(TM) Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre1.6.0_01\bin\ssv.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ googletoolbar1.dll Google IE Client Toolbar Google Inc. c:\program files\google\googletoolbar1.dll
Task Scheduler
+ Uniblue SpyEraser Nag.job SpyEraser Uniblue Software c:\program files\uniblue\spyeraser\spyeraser.exe
HKLM\System\CurrentControlSet\Services
+ AVG Anti-Spyware Guard AVG Anti-Spyware guard GRISOFT s.r.o. c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
+ Avg7Alrt AVG Alert Manager GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgamsvr.exe
+ Avg7UpdSvc AVG Update Service GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgupsvc.exe
+ AVGEMS AVG E-Mail Scanner GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgemc.exe
+ LexBceS LexBce Service Lexmark International, Inc. c:\windows\system32\lexbces.exe
HKLM\System\CurrentControlSet\Services
+ AVG Anti-Rootkit AVG Anti-Rootkit Driver GRISOFT, s.r.o. c:\windows\system32\drivers\avgarkt.sys
+ AVG Anti-Spyware Driver c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
+ Avg7Core AVG Scanning Engine GRISOFT, s.r.o. c:\windows\system32\drivers\avg7core.sys
+ Avg7RsW AVG Resident Shield Unload Helper GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsw.sys
+ Avg7RsXP AVG Resident Anti-Virus Shield GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsxp.sys
+ AvgArCln AVG7 Clean Driver GRISOFT, s.r.o. c:\windows\system32\drivers\avgarcln.sys
+ AvgAsCln AVG7 Clean Driver GRISOFT, s.r.o. c:\windows\system32\drivers\avgascln.sys
+ AvgClean AVG7 Clean Driver GRISOFT, s.r.o. c:\windows\system32\drivers\avgclean.sys
+ AvgTdi AVG Network connection watcher GRISOFT, s.r.o. c:\windows\system32\drivers\avgtdi.sys
+ drvmcdb Device Driver Sonic Solutions c:\windows\system32\drivers\drvmcdb.sys
+ DSproct Process Trigger Driver Gteko Ltd. c:\program files\dellsupport\gtaction\triggers\dsproct.sys
+ dsunidrv GUniDriver Gteko Ltd. c:\windows\system32\drivers\dsunidrv.sys
+ E100B Intel(R) PRO/100 Adapter NDIS 5.1 driver Intel Corporation c:\windows\system32\drivers\e100b325.sys
+ ialm Intel Graphics Miniport Driver Intel Corporation c:\windows\system32\drivers\ialmnt5.sys
+ IntelC51 Modem DSP Driver Intel Corporation c:\windows\system32\drivers\intelc51.sys
+ IntelC52 Modem CP Driver Intel Corporation c:\windows\system32\drivers\intelc52.sys
+ IntelC53 Modem AFE Driver Intel Corporation c:\windows\system32\drivers\intelc53.sys
+ mohfilt Filter Driver to Support Modem-on-Hold Intel Corporation c:\windows\system32\drivers\mohfilt.sys
+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ RT2500USB Sample Driver for Ralink 802.11g Wireless USB Adapters Ralink Technology Inc. c:\windows\system32\drivers\rt2500usb.sys
+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys
+ senfilt Creative WDM Audio Driver Creative Technology Ltd. c:\windows\system32\drivers\senfilt.sys
+ smwdm SoundMAX Integrated Digital Audio Analog Devices, Inc. c:\windows\system32\drivers\smwdm.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ igfxcui igfxdev Module Intel Corporation c:\windows\system32\igfxdev.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
+ Lexmark Network Port LEXLMPM DLL Lexmark International, Inc. c:\windows\system32\lexlmpm.dll

**TurcoLoco** · 06-21-2007, 09:32 PM

Originally Posted by spaileen

I've attached the logs for AVG Anti Spyware and Autorun. I do not see an option to save Rootkit txt file. However Rootkit found only1 hidden file ....
c:\windows\system32\kdtco.exe. When I went to delete it I got a warning that it could be dangerous deleting this file and it could be a boot file. I did not delete it. I hope this information is of help.

I don't care much about the tracking cookies, they are fine but the rootkit you mentioned had absolutely no hits on Google search, that in my book, is an automatic red flag. I would get rid of it, everything legit and critical to OS would have some hits on Google! Get rid of it pronto.

Ok, all I could see on your Autoruns log was a few invalid, unnecessary entries but nothing came out malicious per se. Here are the invalid entries you could disable or even delete:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: about:Home
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
+ Display Panning CPL Extension File not found: deskpan.dll

I couldn't se any malicious entries at all, very strange. Home page or Search page redirection should be taking place either in the Host file or registry but none of the programs were able to spot anything.

Open your Hosts file and make sure it is good. If you are certain if you could tell Hosts file being modified or looking different than default, download and use Hoster!

This is all I can see and say for now, could you download and run HijackThis scanner and attach its log file as a .txt attachment to your next post please.

**spaileen** · 06-22-2007, 07:45 AM

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: about:Home
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
+ Display Panning CPL Extension File not found: deskpan.dll

I've deleted the above entries but I cant see the entries "+ 0 File not found: about:Home" and "+ Display Panning CPL Extension File not found: deskpan.dll"
Also where will I find the Hosts file?

**spaileen** · 06-23-2007, 02:28 PM

Your hunch proved correct

I removed the hidden file detected by Rootkit and the hi-jacking seems to be gone. It never ceases to amaze me that some people can be so nasty as to want to put these things on peoples computers in the first place. Thank you guys

p.s. I have some detected viruses in Virus Vault in AVG. What should be done with these?

**TurcoLoco** · 06-25-2007, 11:09 PM

Originally Posted by spaileen

Your hunch proved correct

I removed the hidden file detected by Rootkit and the hi-jacking seems to be gone. It never ceases to amaze me that some people can be so nasty as to want to put these things on peoples computers in the first place. Thank you guys

p.s. I have some detected viruses in Virus Vault in AVG. What should be done with these?

Glad to hear you finally had some success!

As far as those in AVG vault go, they should be fine in quarantine but you could also try permanently deleting them (your call).

Make sure you take a look at my friend PP's sticky on malware prevention, ok?

Thread: cftmon.exe ...the undead (Resolved)

Thread Tools

Display

Hybrid View

Thread Information

Users Browsing this Thread

Posting Permissions