Reviews:
 ·Rogers Hi-Speed
| reply to dauthiatull
Re: [Virus] HJT Log virus wont go away well all seems to be ok now
did all you said and just to be sure I updated all security apps (spybot adaware) as well as windows and windows defender then I puled the network cable and uninstalled avast( was acting strange) scaned the system with everything including the apps you linked
reinstalled a fresh copy of avast
scanned with everything again
during all this I also found infections in several restore points and deleated them (the whole restore point not just the files)
funy thing is that your instructions regarding hijackthis didnt work till I ran mbam and combo fix. untill I ran them the entries in hjk would just keep returning
no wories though after running everything the entries are gone
as for core temp it is a cpu temp monitor. I have had this forever and I dont belive it to be a risk( all other temp utils reported wrong temp)
funy thing is when I sent these files to virustotal they came back clean
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: xxyyxwtr - C:\WINDOWS\SYSTEM32\xxyyxwtr.dll
anyway here are the new logs. let me know if you see anything else
==========================================================================
ComboFix 08-06-06.4 - Shawn 2008-06-07 10:21:15.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1636 [GMT -4:00]
Running from: C:\Documents and Settings\Shawn\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shawn\Desktop\CFscript.txt
* Created a new restore point
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
FILE ::
C:\WINDOWS\adgpfoxs.dll
C:\WINDOWS\exmk.exe
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\wvUmlkki.dll
C:\WINDOWS\system32\xxyyxwtr.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ALSYSIO
((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.
2008-06-07 10:19 . 2008-06-07 10:19 268 --ah----- C:\sqmdata07.sqm
2008-06-07 10:19 . 2008-06-07 10:19 244 --ah----- C:\sqmnoopt07.sqm
2008-06-06 22:29 . 2008-06-06 22:29 268 --ah----- C:\sqmdata06.sqm
2008-06-06 22:29 . 2008-06-06 22:29 244 --ah----- C:\sqmnoopt06.sqm
2008-06-06 22:03 . 2008-06-06 22:03 268 --ah----- C:\sqmdata05.sqm
2008-06-06 22:03 . 2008-06-06 22:03 244 --ah----- C:\sqmnoopt05.sqm
2008-06-06 21:07 . 2008-06-06 21:07 268 --ah----- C:\sqmdata04.sqm
2008-06-06 21:07 . 2008-06-06 21:07 244 --ah----- C:\sqmnoopt04.sqm
2008-06-06 20:52 . 2008-06-06 21:06 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 20:52 . 2008-06-06 20:52 d-------- C:\Documents and Settings\Shawn\Application Data\Malwarebytes
2008-06-06 20:52 . 2008-06-06 20:52 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 20:52 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 20:52 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 20:40 . 2008-06-06 20:40 268 --ah----- C:\sqmdata03.sqm
2008-06-06 20:40 . 2008-06-06 20:40 244 --ah----- C:\sqmnoopt03.sqm
2008-06-06 20:30 . 2008-06-07 09:05 d-------- C:\Program Files\Exterminate It!
2008-06-06 19:42 . 2008-06-06 19:42 d-------- C:\Deckard
2008-06-06 19:23 . 2008-06-06 19:23 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-06 19:07 . 2008-06-06 19:07 268 --ah----- C:\sqmdata02.sqm
2008-06-06 19:07 . 2008-06-06 19:07 244 --ah----- C:\sqmnoopt02.sqm
2008-06-06 18:38 . 2008-06-06 18:38 d-------- C:\Program Files\Trend Micro
2008-06-05 19:49 . 2008-06-05 19:49 d-------- C:\Program Files\Lavasoft
2008-06-05 19:49 . 2008-06-05 19:50 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 19:48 . 2008-06-05 19:48 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 18:59 . 2008-06-05 19:45 d-------- C:\WINDOWS\BDOSCAN8
2008-06-05 18:43 . 2008-06-05 19:15 189 --a------ C:\WINDOWS\wininit.ini
2008-06-04 20:32 . 2008-06-04 20:32 d-------- C:\Program Files\WinAVI Video Converter
2008-06-04 20:16 . 2008-06-04 20:16 d-------- C:\Documents and Settings\Shawn\Application Data\Media Player Classic
2008-06-04 19:34 . 2008-04-13 14:39 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-06-04 19:34 . 2008-04-13 14:39 7,552 --a--c--- C:\WINDOWS\system32\dllcache\mskssrv.sys
2008-06-04 19:24 . 2008-06-04 19:24 d-------- C:\Program Files\K-Lite Codec Pack
2008-06-04 19:24 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-04 19:24 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-06-04 19:24 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-06-04 19:24 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-04 19:24 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-04 19:24 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-04 19:24 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-06-04 19:24 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-04 19:24 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-04 19:24 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-06-04 19:06 . 2008-06-07 09:04 d-------- C:\Program Files\AviSynth 2.5
2008-06-04 19:05 . 2008-06-07 09:04 d-------- C:\Program Files\Avi2Dvd
2008-06-04 17:28 . 2008-06-04 17:30 d-------- C:\Documents and Settings\Shawn\Application Data\dvdcss
2008-06-04 16:42 . 1997-07-19 16:00 227,600 --a------ C:\WINDOWS\system32\MSFLXGRD.OCX
2008-06-04 16:42 . 1999-07-18 08:35 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-06-04 16:34 . 1997-01-16 00:00 958,224 --a------ C:\WINDOWS\system32\MsChart.ocx
2008-06-04 16:34 . 1999-05-07 00:00 209,408 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-06-02 18:29 . 2008-06-04 20:18 d-------- C:\Program Files\VSO
2008-06-02 18:29 . 2008-06-04 20:17 d-------- C:\Documents and Settings\Shawn\Application Data\Vso
2008-06-02 18:29 . 2008-06-02 18:29 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-02 18:29 . 2008-06-04 20:17 47,360 --a------ C:\Documents and Settings\Shawn\Application Data\pcouffin.sys
2008-06-01 21:31 . 2008-06-07 09:03 d-------- C:\Program Files\Any Video Converter
2008-06-01 21:31 . 2008-06-07 09:03 d-------- C:\Documents and Settings\Shawn\Application Data\Any Video Converter
2008-06-01 19:22 . 2008-06-07 09:07 d-------- C:\Program Files\Videos To DVD
2008-06-01 19:22 . 2005-05-14 21:09 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll
2008-06-01 19:22 . 2006-07-11 19:06 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-06-01 19:22 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-06-01 19:22 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-01 19:22 . 2000-10-01 20:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-06-01 19:22 . 2000-05-22 16:58 115,920 --a------ C:\WINDOWS\system32\msinet.OCX
2008-06-01 19:22 . 2000-07-15 06:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-01 19:22 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-01 19:22 . 1998-07-13 00:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-06-01 19:01 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-06-01 19:01 . 2002-01-05 14:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-06-01 19:01 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-06-01 17:18 . 2008-06-04 20:34 d-------- C:\New Folder
2008-06-01 13:29 . 2008-06-01 13:29 d-------- C:\Documents and Settings\Shawn\Application Data\vlc
2008-06-01 13:28 . 2008-06-01 13:28 d-------- C:\Program Files\VideoLAN
2008-06-01 11:47 . 2008-06-01 11:47 d-------- C:\Program Files\Windows Media Connect 2
2008-06-01 11:46 . 2008-06-01 11:46 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-01 10:48 . 2008-06-01 10:48 d-------- C:\Program Files\Windows Defender
2008-06-01 10:46 . 2008-06-01 10:46 d-------- C:\Program Files\Microsoft Silverlight
2008-05-31 09:18 . 2008-05-31 09:18 d-------- C:\Program Files\WinPcap
2008-05-31 09:18 . 2008-06-07 09:38 d-------- C:\Program Files\NNsquad
2008-05-31 09:18 . 2008-05-31 09:18 88,436 --a------ C:\WINDOWS\Network Measurement Agent Uninstaller.exe
2008-05-20 17:22 . 2008-05-20 17:22 d-------- C:\Program Files\Apperson
2008-05-18 15:25 . 2008-05-18 15:25 268 --ah----- C:\sqmdata01.sqm
2008-05-18 15:25 . 2008-05-18 15:25 244 --ah----- C:\sqmnoopt01.sqm
2008-05-18 12:31 . 2008-05-18 13:54 921,624 --a------ C:\img2-001.raw
2008-05-18 11:54 . 2008-05-18 11:54 268 --ah----- C:\sqmdata00.sqm
2008-05-18 11:54 . 2008-05-18 11:54 244 --ah----- C:\sqmnoopt00.sqm
2008-05-18 11:51 . 2006-09-18 14:12 843,776 --a------ C:\WINDOWS\vsnpstd3(5).exe
2008-05-18 11:51 . 2006-09-18 14:12 843,776 --a------ C:\WINDOWS\vsnpstd3(4).exe
2008-05-18 11:51 . 2006-09-18 14:12 843,776 --a------ C:\WINDOWS\vsnpstd3(3).exe
2008-05-18 11:51 . 2006-09-18 14:12 843,776 --a------ C:\WINDOWS\vsnpstd3(2).exe
2008-05-16 16:07 . 2008-05-16 16:07 d-------- C:\Documents and Settings\Shawn\Application Data\Electronic Arts
2008-05-16 14:26 . 2008-05-16 14:26 d-------- C:\Mythic
2008-05-16 13:13 . 2008-05-16 13:13 d-------- C:\Program Files\Philips
2008-05-16 13:13 . 2008-05-16 13:13 d-------- C:\Documents and Settings\Shawn\Application Data\InstallShield
2008-05-16 13:01 . 2008-05-16 13:01 d-------- C:\Program Files\Download Manager
2008-05-16 13:00 . 2008-05-16 14:24 d-------- C:\Documents and Settings\Shawn\Application Data\IGN_DLM
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-10 12:37 . 2008-05-10 12:38 d-------- C:\Program Files\Common Files\Adobe
2008-05-10 12:01 . 2008-05-10 12:36 d-------- C:\Documents and Settings\Shawn\Application Data\AdobeUM
2008-05-07 23:15 . 2008-05-07 23:15 d-------- C:\WINDOWS\system32\scripting
2008-05-07 23:15 . 2008-05-07 23:15 d-------- C:\WINDOWS\system32\en
2008-05-07 23:15 . 2008-05-07 23:15 d-------- C:\WINDOWS\system32\bits
2008-05-07 23:15 . 2008-05-07 23:15 d-------- C:\WINDOWS\l2schemas
2008-05-07 23:14 . 2008-05-07 23:16 d-------- C:\WINDOWS\ServicePackFiles
2008-05-07 23:04 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-05-07 22:47 . 2008-05-31 09:32 d-------- C:\Program Files\AnalogX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 23:22 --------- d-----w C:\Program Files\DivX
2008-05-22 21:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 21:46 --------- d-----w C:\Program Files\Windows Live
2008-05-22 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-19 17:34 --------- d-----w C:\Program Files\World of Warcraft
2008-05-06 20:23 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-06 18:51 --------- d-----w C:\Program Files\Active Ports
2008-05-05 15:32 --------- d-----w C:\Documents and Settings\Shawn\Application Data\CoreFTP
2008-05-03 23:12 --------- d-----w C:\Program Files\CoreFTP
2008-05-03 23:09 --------- d-----w C:\Program Files\LeechFTP
2008-05-03 14:12 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-01 21:40 --------- d-----w C:\Documents and Settings\Jen\Application Data\Yahoo!
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 16:14 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-25 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-25 20:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-25 19:24 --------- d-----w C:\Documents and Settings\Shawn\Application Data\DivX
2008-04-25 19:19 --------- d-----w C:\Program Files\Java
2008-04-25 19:19 --------- d-----w C:\Program Files\Common Files\Java
2008-04-24 22:23 --------- d-----w C:\Program Files\Yahoo!
2008-04-24 22:23 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Yahoo!
2008-04-24 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-14 07:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-14 02:03 --------- d-----w C:\Program Files\RivaTuner v2.08
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 00:12 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 21:05 --------- d-----w C:\Documents and Settings\Shawn\Application Data\GetRightToGo
2008-04-13 20:33 --------- d-----w C:\Program Files\Astroburn
2008-04-13 20:33 --------- d-----w C:\Documents and Settings\Shawn\Application Data\Astroburn
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-06_21.17.16.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 01:08:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-07 14:23:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2008-06-07 14:24:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_434.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 11:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 13:22 1822720 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 04:10 2691072]
"RivaTuner"="C:\Program Files\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 04:10 2691072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NNma"="C:\Program Files\NNsquad\nnma.exe" [2008-05-27 00:47 999479]
C:\Documents and Settings\Shawn\Start Menu\Programs\Startup\
Shortcut to Core Temp.lnk - C:\Core Temp.exe [2008-04-13 21:58:07 185856]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Adobe Reader Speed Launch.lnk.disabled [2008-04-13 16:36:17 1757]
DynDNS Updater Tray Icon.lnk - C:\Program Files\DynDNS Updater\DynTray.exe [2008-04-08 15:56:04 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\NNsquad\\nnma.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R2 DynDNS Updater;DynDNS Updater;C:\Program Files\DynDNS Updater\DynUpSvc.exe [2008-04-08 15:56]
R3 ALSysIO;ALSysIO;C:\DOCUME~1\Shawn\LOCALS~1\Temp\ALSysIO.sys []
R3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 20:01]
S0 Winlf87;Winlf87;C:\WINDOWS\system32\Drivers\Winlf87.sys []
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 07:06]
*Newly Created Service* - ALSYSIO
.
Contents of the 'Scheduled Tasks' folder
"2008-06-07 14:27:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-06-07 10:24:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-07 10:27:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-07 14:27:53
ComboFix2.txt 2008-06-07 13:40:30
ComboFix3.txt 2008-06-07 01:17:24
Pre-Run: 38,321,086,464 bytes free
Post-Run: 38,321,401,856 bytes free
315 --- E O F --- 2008-06-05 22:03:49
===============================================================================
Malwarebytes' Anti-Malware 1.15
Database version: 837
1:24:42 PM 6/7/2008
mbam-log-6-7-2008 (13-24-42).txt
Scan type: Full Scan (C:\|)
Objects scanned: 158581
Time elapsed: 18 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
===========================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:58 PM, on 6/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RivaTuner v2.08\RivaTuner.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\NNsquad\nnma.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Core Temp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »rogers.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.08\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.08\RivaTuner.exe" /T
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NNma] C:\Program Files\NNsquad\nnma.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Shortcut to Core Temp.lnk = C:\Core Temp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O4 - Global Startup: Wall Watcher.lnk = C:\Documents and Settings\Shawn\My Documents\downloads\WallWatcher\WallWatcher.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - »security.symantec.com/sscv6/Shar···niff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - »www.fileplanet.com/fpdlmgr/cabs/···.108.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - »download.bitdefender.com/resourc···can8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - »security.symantec.com/sscv6/Shar···absa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - »sdlc-esd.sun.com/ESD39/JSCDL/jre···6-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »fpdownload2.macromedia.com/get/s···lash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DynDNS Updater - Unknown owner - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: YUNMHVLUA - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Shawn\LOCALS~1\Temp\YUNMHVLUA.exe
--
End of file - 8548 bytes |
