BleepingComputer.com: What Am I Infected With?

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

What Am I Infected With? Provided are my HJT Log and ComboFix Log

#1 User is offline   The Dude 2012 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 25-January 08

  Posted 25 January 2008 - 12:01 PM

Hello there,

I tried to find help on another board, but it has taken far too long to get a response. So now I've come to the right place :thumbsup:

Below are my HJT log and ComboFix log (which I was instructed to get from the other forum). I've noticed that something was deleted when I ran ComboFix, but to be honest, I don't understand what to do.....or even what happend/is happening to my brand new laptop :blink:

Thank you for the help!!!

The Dude
_ _ _


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:12 PM, on 20/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ASScrPro.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8307 bytes



_ _ _ _

ComboFix 08-01-23.2 - G 2008-01-24 11:52:53.10 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1144 [GMT -5:00]
Running from: C:\Users\G\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

.
((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
.

2008-01-24 11:50 . 2000-08-31 08:00 51,200 --a------ C:\Windows\Nircmd.exe
2008-01-20 18:53 . 2008-01-20 18:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-20 17:49 . 2008-01-20 17:49 98,304 --a------ C:\Windows\system32CmdLineExt.dll
2008-01-20 17:47 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-01-18 14:07 . 2007-07-12 02:22 69,632 --a------ C:\Windows\System32\javacpl.cpl
2008-01-18 14:06 . 2008-01-18 14:07 <DIR> d-------- C:\Program Files\Java
2008-01-18 14:06 . 2008-01-18 14:06 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-18 14:05 . 2008-01-18 14:08 <DIR> d-------- C:\Program Files\LimeWire
2008-01-17 18:55 . 2008-01-17 18:55 <DIR> d-------- C:\Program Files\DVD Shrink
2008-01-15 17:20 . 2008-01-15 17:20 <DIR> d-------- C:\Program Files\ATK Hotkey
2008-01-14 11:07 . 2008-01-14 11:07 <DIR> d-------- C:\Program Files\InterMute
2008-01-13 23:49 . 2008-01-14 19:21 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-13 18:53 . 2007-05-29 13:55 22,112 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-01-13 18:53 . 2007-05-29 13:55 10,592 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-01-13 18:53 . 2007-05-29 13:55 705 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-01-12 13:43 . 2008-01-12 13:44 <DIR> d-------- C:\Program Files\CoreFTP
2008-01-09 17:51 . 2008-01-09 17:51 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 17:51 . 2008-01-09 17:51 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 17:51 . 2008-01-09 17:51 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 17:51 . 2008-01-09 17:51 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 17:51 . 2008-01-09 17:51 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 17:49 . 2008-01-09 17:49 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 17:49 . 2008-01-09 17:49 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-09 17:48 . 2008-01-09 17:48 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 17:48 . 2008-01-09 17:48 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 17:48 . 2008-01-09 17:48 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 17:48 . 2008-01-09 17:48 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 17:48 . 2008-01-09 17:48 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 17:48 . 2008-01-09 17:48 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 17:48 . 2008-01-09 17:48 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-09 17:48 . 2008-01-09 17:48 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-07 18:50 . 2008-01-07 18:50 <DIR> d-------- C:\Program Files\mIRC
2008-01-07 18:38 . 2008-01-07 18:38 <DIR> d-------- C:\temp\bjc240Win2kXPv150
2008-01-07 18:38 . 2008-01-08 10:02 <DIR> d-------- C:\temp
2008-01-04 15:40 . 2008-01-06 22:01 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-01-04 14:46 . 2008-01-04 14:47 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-04 12:49 . 2008-01-04 12:49 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-01-04 12:49 . 2008-01-04 12:49 704,000 --a------ C:\Windows\System32\PhotoScreensaver.scr
2008-01-04 12:49 . 2008-01-04 12:49 258,232 --a------ C:\Windows\System32\drivers\acpi.sys
2008-01-04 12:49 . 2008-01-04 12:49 205,824 --a------ C:\Windows\System32\msoeacct.dll
2008-01-04 12:49 . 2008-01-04 12:49 87,040 --a------ C:\Windows\System32\msoert2.dll
2008-01-04 12:49 . 2008-01-04 12:49 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2008-01-04 12:49 . 2008-01-04 12:49 28,344 --a------ C:\Windows\System32\drivers\battc.sys
2008-01-04 12:49 . 2008-01-04 12:49 24,064 --a------ C:\Windows\System32\wtsapi32.dll
2008-01-04 12:49 . 2008-01-04 12:49 20,920 --a------ C:\Windows\System32\drivers\compbatt.sys
2008-01-04 12:49 . 2008-01-04 12:49 14,208 --a------ C:\Windows\System32\drivers\CmBatt.sys
2008-01-04 12:48 . 2008-01-04 12:48 2,923,520 --a------ C:\Windows\explorer.exe
2008-01-04 12:48 . 2008-01-04 12:48 1,655,289 --a------ C:\Windows\System32\wlan.tmf
2008-01-04 12:48 . 2008-01-04 12:48 714,240 --a------ C:\Windows\System32\timedate.cpl
2008-01-04 12:48 . 2008-01-04 12:48 542,720 --a------ C:\Windows\System32\sysmain.dll
2008-01-04 12:48 . 2008-01-04 12:48 502,784 --a------ C:\Windows\System32\wlansvc.dll
2008-01-04 12:48 . 2008-01-04 12:48 297,984 --a------ C:\Windows\System32\wlansec.dll
2008-01-04 12:48 . 2008-01-04 12:48 290,816 --a------ C:\Windows\System32\wlanmsm.dll
2008-01-04 12:48 . 2008-01-04 12:48 67,584 --a------ C:\Windows\System32\wlanhlp.dll
2008-01-04 12:48 . 2008-01-04 12:48 47,104 --a------ C:\Windows\System32\wlanapi.dll
2008-01-04 12:46 . 2008-01-04 12:46 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-01-04 12:46 . 2008-01-04 12:46 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-01-04 12:46 . 2008-01-04 12:46 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-01-04 12:46 . 2008-01-04 12:46 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-01-04 12:46 . 2008-01-04 12:46 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-01-04 12:45 . 2008-01-04 12:45 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-01-04 12:45 . 2008-01-04 12:45 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-01-04 12:43 . 2008-01-04 12:43 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-01-04 12:43 . 2008-01-04 12:43 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-01-04 12:43 . 2008-01-04 12:43 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-01-04 12:43 . 2008-01-04 12:43 2,048 --a------ C:\Windows\System32\asferror.dll
2008-01-04 12:42 . 2008-01-04 12:42 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-01-04 12:42 . 2008-01-04 12:42 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-01-04 12:42 . 2008-01-04 12:42 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-01-04 12:40 . 2008-01-04 12:40 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-01-04 12:40 . 2008-01-04 12:40 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-01-04 12:38 . 2008-01-04 12:38 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-01-04 12:38 . 2008-01-04 12:38 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2008-01-04 12:38 . 2008-01-04 12:38 152,576 --a------ C:\Windows\System32\imagehlp.dll
2008-01-04 12:38 . 2008-01-04 12:38 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys
2008-01-04 12:38 . 2008-01-04 12:38 5,120 --a------ C:\Windows\System32\wmi.dll
2008-01-04 12:37 . 2008-01-04 12:37 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-01-04 12:37 . 2008-01-04 12:37 2,048 --a------ C:\Windows\System32\tzres.dll
2008-01-04 12:32 . 2008-01-04 12:33 <DIR> d-------- C:\Program Files\DivX
2008-01-04 12:32 . 2008-01-04 12:32 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-01-03 15:22 . 2008-01-22 20:49 <DIR> d-------- C:\SPDISK
2008-01-03 09:20 . 2008-01-03 09:20 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-01-03 09:20 . 2008-01-03 09:20 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-01-03 09:20 . 2008-01-03 09:20 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-01-03 09:20 . 2008-01-03 09:20 43,352 --a------ C:\Windows\System32\wups2.dll
2008-01-03 09:17 . 2008-01-03 09:17 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-01-03 09:17 . 2008-01-03 09:17 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-01-03 09:17 . 2008-01-03 09:17 33,624 --a------ C:\Windows\System32\wups.dll
2008-01-03 09:16 . 2008-01-03 09:16 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-01-03 09:16 . 2008-01-03 09:16 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-01-03 08:35 . 2008-01-04 15:14 24 --a------ C:\Windows\ATKPF.ini
2008-01-03 08:33 . 2008-01-03 08:33 0 --a------ C:\Windows\System32\drivers\1043_ASUSTeK_F3Sv.alu
2008-01-03 08:20 . 2008-01-03 08:20 <DIR> d-------- C:\Program Files\ASUS Security Center
2008-01-03 08:20 . 2005-01-18 14:24 339,968 --a------ C:\Windows\System32\msvcr70.dll
2008-01-03 00:30 . 2008-01-03 00:30 <DIR> d-------- C:\Program Files\UltraMon
2008-01-02 22:25 . 2008-01-16 14:14 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-01-02 22:25 . 2008-01-20 17:30 <DIR> d-------- C:\Games
2008-01-02 22:18 . 2008-01-02 22:18 0 --a------ C:\Windows\nsreg.dat
2008-01-02 21:16 . 2008-01-04 15:02 546 --a------ C:\Windows\System32\ABF3Sv.DAT
2008-01-02 21:03 . 2008-01-02 21:03 16 --a------ C:\Windows\System32\coh.cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 17:24 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-01-21 06:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-15 22:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 23:24 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 22:49 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 22:49 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 22:49 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 22:49 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-09 22:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-04 19:39 174 --sha-w C:\Program Files\desktop.ini
2008-01-04 19:34 --------- d-----w C:\Program Files\Windows Calendar
2008-01-04 17:50 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-04 17:50 77,824 ----a-w C:\Windows\System32\rascfg.dll
2008-01-04 17:50 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-04 17:50 694,784 ----a-w C:\Windows\System32\localspl.dll
2008-01-04 17:50 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-04 17:50 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-04 17:50 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2008-01-04 17:50 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-04 17:50 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2008-01-04 17:50 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-04 17:50 33,280 ----a-w C:\Windows\System32\traffic.dll
2008-01-04 17:50 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2008-01-04 17:50 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2008-01-04 17:50 22,016 ----a-w C:\Windows\System32\rasser.dll
2008-01-04 17:50 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-04 17:50 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2008-01-04 17:50 134,656 ----a-w C:\Windows\System32\dps.dll
2008-01-04 17:50 13,824 ----a-w C:\Windows\System32\wshqos.dll
2008-01-04 17:50 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2008-01-04 17:41 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-01-04 17:41 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2008-01-04 17:41 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2008-01-04 17:41 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2008-01-04 17:41 69,632 ----a-w C:\Windows\System32\sendmail.dll
2008-01-04 17:41 65,024 ----a-w C:\Windows\System32\avicap32.dll
2008-01-04 17:41 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-01-04 17:41 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2008-01-04 17:41 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-01-04 17:41 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-01-04 17:41 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2008-01-04 17:41 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-01-04 17:41 12,800 ----a-w C:\Windows\System32\msrle32.dll
2008-01-04 17:41 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-01-04 17:41 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-01-04 17:39 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-04 17:39 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-01-04 17:39 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-04 17:39 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-04 17:39 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-04 17:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-04 17:39 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-04 17:39 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-04 17:39 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-03 02:14 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-03 02:10 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-01-03 02:10 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-01-03 02:10 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-01-03 02:10 --------- d-----w C:\Program Files\Symantec
2008-01-03 02:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-15 03:11 195,584 ----a-w C:\Windows\UltraMon.scr
2007-12-14 08:27 82,944 ----a-w C:\Windows\System32\UltraMonHook.dll
2007-12-14 08:27 296,960 ----a-w C:\Windows\System32\UltraMon.dll
2007-12-14 05:22 159,744 ----a-w C:\Windows\System32\UltraMonIndDisp.exe
2007-12-08 00:24 98,304 ----a-w C:\Windows\System32\UltraMonIndDispHook.dll
2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\DivX.dll
2007-12-01 04:57 43,696 ----a-w C:\Windows\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\Windows\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\Windows\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\Windows\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\Windows\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\Windows\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\Windows\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\Windows\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\Windows\system32\drivers\srtsp.inf
2007-11-29 22:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys [2007-05-03 22:21]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080122.002\IDSvix86.sys [2007-12-04 17:51]
R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-16 12:13]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2007-01-23 07:07]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 ASLDRService;ASLDR Service;C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 18:13]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-04-18 17:42]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 01:41]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-30 08:45]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-06-05 21:40]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 04:50]
S2 ghaio;ghaio;C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-11-15 21:02]
S3 NETw3v32;Intel® PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 02:30]
S3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 02:30]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-14 22:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 00:52:00 C:\Windows\Tasks\At1.job"
- C:\Windows\system32\cmd.exe
"2008-01-21 01:20:00 C:\Windows\Tasks\At2.job"
- C:\Windows\system32\cmd.exe
"2008-01-21 06:18:00 C:\Windows\Tasks\At3.job"
- C:\Windows\system32\cmd.exe
"2008-01-22 18:31:00 C:\Windows\Tasks\At4.job"
- C:\Windows\system32\cmd.exe
"2008-01-23 21:38:00 C:\Windows\Tasks\At5.job"
- C:\Windows\system32\cmd.exe
"2008-01-24 17:12:00 C:\Windows\Tasks\At6.job"
- C:\Windows\system32\cmd.exe
"2008-01-22 15:23:44 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - G.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-01-24 17:00:04 C:\Windows\Tasks\Security Platform Backup Schedule.job"
- C:\Program Files\Infineon\Security Platform Software\SpBackupWz.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 12:25:04
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

#2 User is offline   KoanYorel 

  • Bleepin' Conundrum
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Staff Emeritus
  • Posts: 19,461
  • Joined: 26-April 04
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA

Posted 26 January 2008 - 06:55 AM

You have been receiving continuing help at Spywareinfo.com since the 17th of January.

You need to read post #12 in your thread here http://forums.spywareinfo.com/index.php?showtopic=111586

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users