|
-
June 21st, 2008, 09:07 AM
#1
chkadw.com SQL injection ?
I was just browsing the Vdr. site and I get a security pop-up from Internet Explorer saying "This site wants to run the following add-on "SB" from 'America Online' (unverified publisher)...."( I have AIM installed, so I guess its related to that). I have seen notifications for a site wanting to run add-ons that don't seem relevant at the time before, though I thought this was odd considering I was here at Vdr. at the time. So I check my firewall's log to see if there were possibly things being displayed from other sites at the time like ads or whatever. I saw in the log as site called "chkdaw.com"( IP address: 24.91.79.227 and 24.24.184.241). I did a search for it and saw some info that its a domain related to something called SQL Injection attacks. I don't quite understand what it is, but it seems to be something bad. My firewall log only seems to show "chkadw.com" when I'm at Vdr. I also did a whois lookup on it and it seems to be Chinese related, so that's another red flag.
Is the security alert I got from IE related in some way to the SQL Injection? Is this something to worry about or am I being paranoid?
Last edited by Syzich; June 21st, 2008 at 09:33 AM.
-
June 21st, 2008, 10:27 AM
#2
I just checked my firewall logs again after leaving the site and coming back to confirm "chkadw.com" was only showing in the logs when I'm at Vdr. and it seems that the url has more than a few IP addresses, according to my firewall log.
-
June 21st, 2008, 12:05 PM
#3
Just to be on safe side...
Print these instructions out.
1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.
PHYSICALLY DISCONNECT FROM THE INTERNET
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen
* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
RECONNECT TO THE INTERNET
RESTART COMPUTER!
2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebyt...are_d5756.html to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
RESTART COMPUTER!
3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.
-
June 21st, 2008, 12:27 PM
#4
I did a little more research and found out that url I mentioned is also related to the Asprox malware. I looked up info on that and looked for the files and registry entries it creates, fortunately none were present. I also canned with CA's online scanner, Trend Micro's online scanner and my onboard AVG and all cameup clean on my desktop. I scanned with CA's online scanner and my onboard AVG on my laptop and those came up clean( I was at Vdr on my laptop shortly before I was here on my desktop. I got the security alert from IE on my desktop, though). I also scanned with Windows Defender on my laptop, since I read that can also remove Asprox. That was also clean. Now I'm going to take the steps you listed and will post back with the logs once the scans are done.
Last edited by Syzich; June 21st, 2008 at 12:36 PM.
-
June 21st, 2008, 12:30 PM
#5
-
June 21st, 2008, 12:33 PM
#6
I'm still going to run the scans you mentioned. But one thing has me concerned. I only see the url I mentioned show up in my firewall's log after I come to Vdr. I've only noticed this starting today.
-
June 21st, 2008, 12:57 PM
#7
We won't know until you provide logs...
-
June 21st, 2008, 02:56 PM
#8
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/21/2008 at 12:42 PM
Application Version : 4.15.1000
Core Rules Database Version : 3487
Trace Rules Database Version: 1478
Scan type : Complete Scan
Total Scan Time : 00:49:50
Memory items scanned : 162
Memory threats detected : 0
Registry items scanned : 3937
Registry threats detected : 0
File items scanned : 32988
File threats detected : 36
Adware.Tracking Cookie
C:\Documents and Settings\Syzich\Cookies\syzich@atwola[1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\syzich@crackle[1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\syzich@precisionclick[1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\syzich@crossmediaservices[1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\syzich@qnsr[2].txt
C:\Documents and Settings\Syzich\Cookies\syzich@xiti[1].txt
C:\Documents and Settings\Syzich\Cookies\syzich@ctxtad[1].txt
C:\Documents and Settings\Syzich\Cookies\syzich@nextag[1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\syzich@eyewonder[2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][2].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
C:\Documents and Settings\Syzich\Cookies\[email protected][1].txt
Vista Laptop Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/21/2008 at 12:46 PM
Application Version : 4.15.1000
Core Rules Database Version : 3487
Trace Rules Database Version: 1478
Scan type : Complete Scan
Total Scan Time : 00:47:14
Memory items scanned : 208
Memory threats detected : 0
Registry items scanned : 5056
Registry threats detected : 0
File items scanned : 65889
File threats detected : 26
Adware.Tracking Cookie
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\syzich@adinterax[2].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\syzich@adinterax[3].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\syzich@adlegend[1].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\syzich@collective-media[1].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\syzich@crackle[2].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\syzich@crossmediaservices[1].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\syzich@eyewonder[1].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\syzich@kontera[2].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\syzich@revsci[1].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\syzich@revsci[2].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\syzich@revsci[3].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\syzich@revsci[4].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\syzich@revsci[5].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Syzich\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
Last edited by Syzich; June 21st, 2008 at 03:40 PM.
-
June 21st, 2008, 03:43 PM
#9
XP Desktop Malwarebytes log:
Malwarebytes' Anti-Malware 1.18
Database version: 875
2:31:02 PM 6/21/2008
mbam-log-6-21-2008 (14-31-02).txt
Scan type: Full Scan (C:\|)
Objects scanned: 64836
Time elapsed: 14 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Vista Laptop Log:
Malwarebytes' Anti-Malware 1.18
Database version: 875
2:41:32 PM 6/21/2008
mbam-log-6-21-2008 (14-41-32).txt
Scan type: Full Scan (C:\|)
Objects scanned: 93596
Time elapsed: 24 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Last edited by Syzich; June 21st, 2008 at 03:46 PM.
-
June 21st, 2008, 04:06 PM
#10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:15 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clansilverfox.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1187913158328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187913133296
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 4631 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:50 PM, on 6/21/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clansilverfox.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 5185 bytes
I thought I'd mention I noticed another odd url in my firewall log when I came back to the site to post the HJT logs. It pingbnr.com. From my searching, it seems it is also related to SQL Injections. Though, from my logs and the scans I peformed earlier, it looks like both my computers are clean. Even if that is indeed that case, I just want to give a heads up to the rest of the Vdr. members just in case. Like I said, those urls only show up in my firewall log when I come here. Though, I can't verify it on my laptop. I have Zone Alarm installed on that and the log isn't as detailed as my desktop's Sygate.
Another url that keeps showing up in the logs when I come here is tumri.net, dunno what this one's related to, thought I'd mention it though. I know its normal to see other urls in a firewall log other than the one you're on (i.e. ads like doubleclick.net, user posted images, etc), but it just seems these are not related to that.
Also, the site seems to be loading really slowly today. I keep having to empty my cache when I come here.
Last edited by Syzich; June 21st, 2008 at 04:37 PM.
-
June 21st, 2008, 05:16 PM
#11
-
June 21st, 2008, 05:37 PM
#12
Thanks for helping me out and looking over my logs, Broni  . I guess I can rest easy now. I just got more than a little worried after seeing those urls and seeing what they were related to. Even more so since I only saw them in my firewall log after coming here. Anyhoo, thanks again .
-
June 21st, 2008, 05:41 PM
#13
No problem
I have no explanation, but at least we know, your computers are clean.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
