Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Am I Infected With?


  • This topic is locked This topic is locked
1 reply to this topic

#1 The Dude 2012

The Dude 2012

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 25 January 2008 - 12:01 PM

Hello there,

I tried to find help on another board, but it has taken far too long to get a response. So now I've come to the right place :thumbsup:

Below are my HJT log and ComboFix log (which I was instructed to get from the other forum). I've noticed that something was deleted when I ran ComboFix, but to be honest, I don't understand what to do.....or even what happend/is happening to my brand new laptop :blink:

Thank you for the help!!!

The Dude
_ _ _


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:12 PM, on 20/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ASScrPro.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8307 bytes



_ _ _ _

ComboFix 08-01-23.2 - G 2008-01-24 11:52:53.10 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1144 [GMT -5:00]
Running from: C:\Users\G\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

.
((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
.

2008-01-24 11:50 . 2000-08-31 08:00 51,200 --a------ C:\Windows\Nircmd.exe
2008-01-20 18:53 . 2008-01-20 18:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-20 17:49 . 2008-01-20 17:49 98,304 --a------ C:\Windows\system32CmdLineExt.dll
2008-01-20 17:47 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-01-18 14:07 . 2007-07-12 02:22 69,632 --a------ C:\Windows\System32\javacpl.cpl
2008-01-18 14:06 . 2008-01-18 14:07 <DIR> d-------- C:\Program Files\Java
2008-01-18 14:06 . 2008-01-18 14:06 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-18 14:05 . 2008-01-18 14:08 <DIR> d-------- C:\Program Files\LimeWire
2008-01-17 18:55 . 2008-01-17 18:55 <DIR> d-------- C:\Program Files\DVD Shrink
2008-01-15 17:20 . 2008-01-15 17:20 <DIR> d-------- C:\Program Files\ATK Hotkey
2008-01-14 11:07 . 2008-01-14 11:07 <DIR> d-------- C:\Program Files\InterMute
2008-01-13 23:49 . 2008-01-14 19:21 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-13 18:53 . 2007-05-29 13:55 22,112 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-01-13 18:53 . 2007-05-29 13:55 10,592 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-01-13 18:53 . 2007-05-29 13:55 705 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-01-12 13:43 . 2008-01-12 13:44 <DIR> d-------- C:\Program Files\CoreFTP
2008-01-09 17:51 . 2008-01-09 17:51 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 17:51 . 2008-01-09 17:51 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 17:51 . 2008-01-09 17:51 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 17:51 . 2008-01-09 17:51 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 17:51 . 2008-01-09 17:51 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 17:49 . 2008-01-09 17:49 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 17:49 . 2008-01-09 17:49 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-09 17:48 . 2008-01-09 17:48 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 17:48 . 2008-01-09 17:48 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 17:48 . 2008-01-09 17:48 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 17:48 . 2008-01-09 17:48 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 17:48 . 2008-01-09 17:48 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 17:48 . 2008-01-09 17:48 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 17:48 . 2008-01-09 17:48 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-09 17:48 . 2008-01-09 17:48 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-07 18:50 . 2008-01-07 18:50 <DIR> d-------- C:\Program Files\mIRC
2008-01-07 18:38 . 2008-01-07 18:38 <DIR> d-------- C:\temp\bjc240Win2kXPv150
2008-01-07 18:38 . 2008-01-08 10:02 <DIR> d-------- C:\temp
2008-01-04 15:40 . 2008-01-06 22:01 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-01-04 14:46 . 2008-01-04 14:47 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-04 12:49 . 2008-01-04 12:49 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-01-04 12:49 . 2008-01-04 12:49 704,000 --a------ C:\Windows\System32\PhotoScreensaver.scr
2008-01-04 12:49 . 2008-01-04 12:49 258,232 --a------ C:\Windows\System32\drivers\acpi.sys
2008-01-04 12:49 . 2008-01-04 12:49 205,824 --a------ C:\Windows\System32\msoeacct.dll
2008-01-04 12:49 . 2008-01-04 12:49 87,040 --a------ C:\Windows\System32\msoert2.dll
2008-01-04 12:49 . 2008-01-04 12:49 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2008-01-04 12:49 . 2008-01-04 12:49 28,344 --a------ C:\Windows\System32\drivers\battc.sys
2008-01-04 12:49 . 2008-01-04 12:49 24,064 --a------ C:\Windows\System32\wtsapi32.dll
2008-01-04 12:49 . 2008-01-04 12:49 20,920 --a------ C:\Windows\System32\drivers\compbatt.sys
2008-01-04 12:49 . 2008-01-04 12:49 14,208 --a------ C:\Windows\System32\drivers\CmBatt.sys
2008-01-04 12:48 . 2008-01-04 12:48 2,923,520 --a------ C:\Windows\explorer.exe
2008-01-04 12:48 . 2008-01-04 12:48 1,655,289 --a------ C:\Windows\System32\wlan.tmf
2008-01-04 12:48 . 2008-01-04 12:48 714,240 --a------ C:\Windows\System32\timedate.cpl
2008-01-04 12:48 . 2008-01-04 12:48 542,720 --a------ C:\Windows\System32\sysmain.dll
2008-01-04 12:48 . 2008-01-04 12:48 502,784 --a------ C:\Windows\System32\wlansvc.dll
2008-01-04 12:48 . 2008-01-04 12:48 297,984 --a------ C:\Windows\System32\wlansec.dll
2008-01-04 12:48 . 2008-01-04 12:48 290,816 --a------ C:\Windows\System32\wlanmsm.dll
2008-01-04 12:48 . 2008-01-04 12:48 67,584 --a------ C:\Windows\System32\wlanhlp.dll
2008-01-04 12:48 . 2008-01-04 12:48 47,104 --a------ C:\Windows\System32\wlanapi.dll
2008-01-04 12:46 . 2008-01-04 12:46 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-01-04 12:46 . 2008-01-04 12:46 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-01-04 12:46 . 2008-01-04 12:46 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-01-04 12:46 . 2008-01-04 12:46 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-01-04 12:46 . 2008-01-04 12:46 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-01-04 12:45 . 2008-01-04 12:45 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-01-04 12:45 . 2008-01-04 12:45 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-01-04 12:43 . 2008-01-04 12:43 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-01-04 12:43 . 2008-01-04 12:43 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-01-04 12:43 . 2008-01-04 12:43 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-01-04 12:43 . 2008-01-04 12:43 2,048 --a------ C:\Windows\System32\asferror.dll
2008-01-04 12:42 . 2008-01-04 12:42 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-01-04 12:42 . 2008-01-04 12:42 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-01-04 12:42 . 2008-01-04 12:42 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-01-04 12:40 . 2008-01-04 12:40 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-01-04 12:40 . 2008-01-04 12:40 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-01-04 12:38 . 2008-01-04 12:38 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-01-04 12:38 . 2008-01-04 12:38 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2008-01-04 12:38 . 2008-01-04 12:38 152,576 --a------ C:\Windows\System32\imagehlp.dll
2008-01-04 12:38 . 2008-01-04 12:38 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys
2008-01-04 12:38 . 2008-01-04 12:38 5,120 --a------ C:\Windows\System32\wmi.dll
2008-01-04 12:37 . 2008-01-04 12:37 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-01-04 12:37 . 2008-01-04 12:37 2,048 --a------ C:\Windows\System32\tzres.dll
2008-01-04 12:32 . 2008-01-04 12:33 <DIR> d-------- C:\Program Files\DivX
2008-01-04 12:32 . 2008-01-04 12:32 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-01-03 15:22 . 2008-01-22 20:49 <DIR> d-------- C:\SPDISK
2008-01-03 09:20 . 2008-01-03 09:20 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-01-03 09:20 . 2008-01-03 09:20 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-01-03 09:20 . 2008-01-03 09:20 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-01-03 09:20 . 2008-01-03 09:20 43,352 --a------ C:\Windows\System32\wups2.dll
2008-01-03 09:17 . 2008-01-03 09:17 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-01-03 09:17 . 2008-01-03 09:17 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-01-03 09:17 . 2008-01-03 09:17 33,624 --a------ C:\Windows\System32\wups.dll
2008-01-03 09:16 . 2008-01-03 09:16 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-01-03 09:16 . 2008-01-03 09:16 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-01-03 08:35 . 2008-01-04 15:14 24 --a------ C:\Windows\ATKPF.ini
2008-01-03 08:33 . 2008-01-03 08:33 0 --a------ C:\Windows\System32\drivers\1043_ASUSTeK_F3Sv.alu
2008-01-03 08:20 . 2008-01-03 08:20 <DIR> d-------- C:\Program Files\ASUS Security Center
2008-01-03 08:20 . 2005-01-18 14:24 339,968 --a------ C:\Windows\System32\msvcr70.dll
2008-01-03 00:30 . 2008-01-03 00:30 <DIR> d-------- C:\Program Files\UltraMon
2008-01-02 22:25 . 2008-01-16 14:14 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-01-02 22:25 . 2008-01-20 17:30 <DIR> d-------- C:\Games
2008-01-02 22:18 . 2008-01-02 22:18 0 --a------ C:\Windows\nsreg.dat
2008-01-02 21:16 . 2008-01-04 15:02 546 --a------ C:\Windows\System32\ABF3Sv.DAT
2008-01-02 21:03 . 2008-01-02 21:03 16 --a------ C:\Windows\System32\coh.cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 17:24 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-01-21 06:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-15 22:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 23:24 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 22:49 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 22:49 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 22:49 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 22:49 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-09 22:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-04 19:39 174 --sha-w C:\Program Files\desktop.ini
2008-01-04 19:34 --------- d-----w C:\Program Files\Windows Calendar
2008-01-04 17:50 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-04 17:50 77,824 ----a-w C:\Windows\System32\rascfg.dll
2008-01-04 17:50 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-04 17:50 694,784 ----a-w C:\Windows\System32\localspl.dll
2008-01-04 17:50 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-04 17:50 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-04 17:50 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2008-01-04 17:50 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-04 17:50 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2008-01-04 17:50 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-04 17:50 33,280 ----a-w C:\Windows\System32\traffic.dll
2008-01-04 17:50 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2008-01-04 17:50 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2008-01-04 17:50 22,016 ----a-w C:\Windows\System32\rasser.dll
2008-01-04 17:50 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-04 17:50 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2008-01-04 17:50 134,656 ----a-w C:\Windows\System32\dps.dll
2008-01-04 17:50 13,824 ----a-w C:\Windows\System32\wshqos.dll
2008-01-04 17:50 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2008-01-04 17:41 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-01-04 17:41 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2008-01-04 17:41 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2008-01-04 17:41 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2008-01-04 17:41 69,632 ----a-w C:\Windows\System32\sendmail.dll
2008-01-04 17:41 65,024 ----a-w C:\Windows\System32\avicap32.dll
2008-01-04 17:41 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-01-04 17:41 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2008-01-04 17:41 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-01-04 17:41 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-01-04 17:41 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2008-01-04 17:41 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-01-04 17:41 12,800 ----a-w C:\Windows\System32\msrle32.dll
2008-01-04 17:41 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-01-04 17:41 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-01-04 17:39 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-04 17:39 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-01-04 17:39 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-04 17:39 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-04 17:39 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-04 17:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-04 17:39 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-04 17:39 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-04 17:39 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-03 02:14 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-03 02:10 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-01-03 02:10 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-01-03 02:10 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-01-03 02:10 --------- d-----w C:\Program Files\Symantec
2008-01-03 02:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-15 03:11 195,584 ----a-w C:\Windows\UltraMon.scr
2007-12-14 08:27 82,944 ----a-w C:\Windows\System32\UltraMonHook.dll
2007-12-14 08:27 296,960 ----a-w C:\Windows\System32\UltraMon.dll
2007-12-14 05:22 159,744 ----a-w C:\Windows\System32\UltraMonIndDisp.exe
2007-12-08 00:24 98,304 ----a-w C:\Windows\System32\UltraMonIndDispHook.dll
2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\DivX.dll
2007-12-01 04:57 43,696 ----a-w C:\Windows\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\Windows\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\Windows\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\Windows\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\Windows\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\Windows\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\Windows\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\Windows\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\Windows\system32\drivers\srtsp.inf
2007-11-29 22:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys [2007-05-03 22:21]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080122.002\IDSvix86.sys [2007-12-04 17:51]
R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-16 12:13]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2007-01-23 07:07]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 ASLDRService;ASLDR Service;C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 18:13]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-04-18 17:42]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 01:41]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-30 08:45]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-06-05 21:40]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 04:50]
S2 ghaio;ghaio;C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-11-15 21:02]
S3 NETw3v32;Intel® PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 02:30]
S3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 02:30]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-14 22:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 00:52:00 C:\Windows\Tasks\At1.job"
- C:\Windows\system32\cmd.exe
"2008-01-21 01:20:00 C:\Windows\Tasks\At2.job"
- C:\Windows\system32\cmd.exe
"2008-01-21 06:18:00 C:\Windows\Tasks\At3.job"
- C:\Windows\system32\cmd.exe
"2008-01-22 18:31:00 C:\Windows\Tasks\At4.job"
- C:\Windows\system32\cmd.exe
"2008-01-23 21:38:00 C:\Windows\Tasks\At5.job"
- C:\Windows\system32\cmd.exe
"2008-01-24 17:12:00 C:\Windows\Tasks\At6.job"
- C:\Windows\system32\cmd.exe
"2008-01-22 15:23:44 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - G.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-01-24 17:00:04 C:\Windows\Tasks\Security Platform Backup Schedule.job"
- C:\Program Files\Infineon\Security Platform Software\SpBackupWz.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 12:25:04
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:09 PM

Posted 26 January 2008 - 06:55 AM

You have been receiving continuing help at Spywareinfo.com since the 17th of January.

You need to read post #12 in your thread here http://forums.spywareinfo.com/index.php?showtopic=111586

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users