Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Been Infected With Andt.sys, Routing.exe And Others, Ndisuio.sys Virus?


  • Please log in to reply
18 replies to this topic

#1 RobbertCB

RobbertCB

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 06 March 2008 - 11:33 AM

Would like some help cleaning everything up coz viruses keep occuring.

Also I would like some advise as to what free virus scanners are best (not just online, but progz like AVGfree) AVGfree did not find and stop certain viruses which is why I became (very) infected in the first place...

I have done every step of the instruction page, but still do not trust some programs like ndisuio.sys.

Please help, Bleeping Computer is great by the way!! :thumbsup: :blink:

Here my Hijackthislog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:48, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 82.98.86.173 yangchuncraft.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5C349CD-BB26-4029-A41D-A219361E7644}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 13745 bytes

BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 19 March 2008 - 08:39 AM

RobbertCB

Sorry for the delay

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Microsoft MVP - Windows Security

#3 RobbertCB

RobbertCB
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 19 March 2008 - 09:48 AM

Hey! Thanks a lot for for the response... !!

seems scary program that combofix (noises from motherboard processor etc.) but it worked fine i think. Here the log:

ComboFix 08-03-18.1 - Joppe 2008-03-19 15:31:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1209 [GMT 1:00]
Running from: C:\Documents and Settings\Joppe\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\nsprs.dll
C:\WINDOWS\system32\serauth1.dll
C:\WINDOWS\system32\serauth2.dll
C:\WINDOWS\system32\ssprs.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ROUTING
-------\Service_Routing


((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-18 15:54 . 2008-03-18 15:54 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-03-18 15:54 . 2008-03-18 15:54 4,096 --a------ C:\WINDOWS\system32\crash
2008-03-17 17:32 . 2008-03-17 17:32 <DIR> d-------- C:\Program Files\iTunes
2008-03-17 17:32 . 2008-03-17 17:32 <DIR> d-------- C:\Program Files\iPod
2008-03-17 17:32 . 2008-03-19 15:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-17 17:32 . 2008-03-17 17:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-17 17:31 . 2008-03-17 17:31 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-17 17:25 . 2008-03-17 17:25 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-17 17:08 . 2008-03-17 17:08 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-03-17 17:07 . 2008-03-17 17:07 <DIR> d-------- C:\Program Files\MSECACHE
2008-03-17 16:04 . 2008-03-17 16:05 <DIR> d-------- C:\Documents and Settings\Joppe\Application Data\SecondLife
2008-03-17 16:03 . 2008-03-17 16:07 <DIR> d-------- C:\Program Files\SecondLife
2008-03-17 14:28 . 2008-03-17 14:28 <DIR> dr------- C:\Documents and Settings\Joppe\Application Data\Brother
2008-03-17 14:19 . 2008-03-17 14:26 313 --a------ C:\WINDOWS\BRDIAG.INI
2008-03-17 14:19 . 2008-03-17 14:19 145 --a------ C:\WINDOWS\BRVIDEO.INI
2008-03-17 14:19 . 2008-03-17 14:26 23 --a------ C:\WINDOWS\Brownie.ini
2008-03-17 14:18 . 2008-03-17 14:18 <DIR> d-------- C:\Program Files\Brownie
2008-03-17 14:17 . 2008-03-17 14:18 <DIR> d-------- C:\Program Files\Brother
2008-03-17 14:17 . 2004-10-12 01:24 188,416 --a------ C:\WINDOWS\system32\Pdrvinst.dll
2008-03-17 14:17 . 2002-10-31 01:09 81,920 --a------ C:\WINDOWS\system32\BrWebIns.dll
2008-03-17 14:17 . 2003-07-03 01:08 65,536 --a------ C:\WINDOWS\system32\BRWEBUP.EXE
2008-03-13 12:32 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-03-13 12:32 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-03-12 18:58 . 2007-11-24 14:14 368,166 --a------ C:\WINDOWS\hplj1010.hi2
2008-03-12 18:58 . 2007-11-24 14:14 16,630 --a------ C:\WINDOWS\hplj1010.bu2
2008-03-09 18:39 . 2008-03-09 18:39 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-03-09 18:39 . 2008-03-09 18:39 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-03-09 18:38 . 2008-03-09 18:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-09 18:38 . 2008-03-09 18:38 271,360 --------- C:\WINDOWS\system32\drivers\atksgt.sys
2008-03-09 18:38 . 2008-03-09 18:38 18,048 --------- C:\WINDOWS\system32\drivers\lirsgt.sys
2008-03-09 18:36 . 2008-03-09 18:36 <DIR> d-------- C:\Program Files\Focus
2008-03-08 15:11 . 2008-03-08 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-03-08 14:33 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-03-08 14:33 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-03-08 14:25 . 2008-03-17 17:32 <DIR> d-------- C:\Program Files\Bonjour
2008-03-07 16:54 . 2008-03-07 16:54 <DIR> d-------- C:\Documents and Settings\Joppe\Application Data\MatchWare
2008-03-07 16:49 . 2008-03-07 16:49 <DIR> d-------- C:\Program Files\MatchWare
2008-03-07 16:49 . 2008-03-07 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mwas
2008-03-06 16:11 . 2008-03-06 16:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\StumbleUpon
2008-03-06 14:50 . 2007-06-05 10:56 44,928 --------- C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-06 14:49 . 2007-06-08 09:44 8,576 --------- C:\WINDOWS\system32\drivers\olryjtrauvdp.sys
2008-03-06 14:34 . 2008-03-06 15:37 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-06 14:34 . 2008-03-06 14:34 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-06 14:34 . 2008-03-06 14:34 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-06 14:34 . 2008-03-06 14:34 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-06 14:25 . 2008-03-06 14:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-06 14:16 . 2008-03-06 14:16 <DIR> d-------- C:\Documents and Settings\Joppe\Application Data\Bitdefender
2008-03-06 14:15 . 2008-03-19 15:36 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-06 14:13 . 2008-03-06 14:13 <DIR> d-------- C:\Program Files\Softwin
2008-03-06 14:13 . 2008-03-06 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-06 14:12 . 2008-03-06 14:14 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-03-06 13:52 . 2008-03-06 13:52 <DIR> d-------- C:\Program Files\Sygate
2008-03-06 13:52 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-03-06 13:52 . 2004-10-15 18:17 60,496 --------- C:\WINDOWS\system32\drivers\Teefer.sys
2008-03-06 13:52 . 2004-10-15 18:18 21,075 --------- C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg6n.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg5n.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg4n.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg3n.sys
2008-03-06 12:36 . 2008-03-06 15:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-06 12:36 . 2008-03-06 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-06 12:17 . 2008-03-06 12:17 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-05 20:45 . 2008-03-05 20:45 <DIR> d-------- C:\Team17
2008-03-02 21:23 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-03-02 21:23 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-03-02 21:23 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-03-02 21:22 . 2008-03-02 21:22 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-02 21:20 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-02 21:19 . 2008-03-12 19:00 <DIR> d-------- C:\Program Files\HP
2008-03-02 21:14 . 2004-06-21 19:50 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
2008-03-02 21:14 . 2004-06-21 19:50 270,336 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2008-03-02 21:14 . 2004-08-03 22:58 15,104 --------- C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-02 21:14 . 2004-08-03 22:58 15,104 -----c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-02 21:12 . 2004-08-03 23:01 25,856 --------- C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-02 21:12 . 2004-08-03 23:01 25,856 -----c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-02 17:58 . 2008-03-03 20:55 83 --a------ C:\WINDOWS\wwp.INI
2008-02-21 13:22 . 2008-02-21 13:22 <DIR> d-------- C:\Program Files\The Adventure Company
2008-02-20 11:43 . 2008-02-21 11:35 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Professional
2008-02-19 23:26 . 2008-02-19 23:26 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-02-19 23:26 . 2008-02-19 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-19 17:22 . 2008-02-19 17:22 <DIR> d-------- C:\Program Files\Foxit Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 14:36 --------- d-----w C:\Documents and Settings\Joppe\Application Data\uTorrent
2008-03-19 14:29 --------- d-----w C:\Documents and Settings\Joppe\Application Data\StumbleUpon
2008-03-17 16:26 --------- d-----w C:\Program Files\QuickTime
2008-03-17 16:24 --------- d-----w C:\Program Files\Java
2008-03-17 13:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 13:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-12 19:14 --------- d-----w C:\Program Files\AMD
2008-03-12 18:00 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-10 14:03 --------- d-----w C:\Program Files\uTorrent
2008-03-09 17:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-08 14:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-06 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-06 14:25 --------- d-----w C:\Program Files\StumbleUpon
2008-03-06 14:17 --------- d-----w C:\Program Files\Google
2008-03-06 14:16 --------- d-----w C:\Program Files\FlashFXP
2008-03-06 14:15 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-06 14:15 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-06 14:15 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-03-06 12:59 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-27 18:25 --------- d-----w C:\Program Files\SPSSEval
2008-02-18 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-18 22:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-18 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-18 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-18 21:56 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-16 12:34 805 ------w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-16 12:34 10,740 ------w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-14 09:51 --------- d-----w C:\Program Files\Belastingdienst
2008-02-07 17:06 --------- d-----w C:\Program Files\Super Internet TV
2008-02-07 16:51 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-07 16:51 --------- d-----w C:\Program Files\Common Files\Real
2008-02-07 14:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\StumbleUpon
2008-01-31 18:00 --------- d-----w C:\Program Files\TVersity Codec Pack
2008-01-31 17:58 --------- d-----w C:\Program Files\TVersity
2008-01-30 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-28 16:14 --------- d-----w C:\Documents and Settings\Joppe\Application Data\CyberLink
2008-01-28 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-28 16:12 --------- d-----w C:\Program Files\CyberLink
2008-01-23 19:16 --------- d-----w C:\Documents and Settings\Joppe\Application Data\MiniDm
2008-01-22 22:54 --------- d-----w C:\Documents and Settings\Joppe\Application Data\IEPro
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-11-24 11:22 22,328 ----a-w C:\Documents and Settings\Joppe\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-20 00:26 68856]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-02-04 23:58 219952]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 13:36 495616]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-07 17:51 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe" [2007-05-11 02:59 46200]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 15:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-23 00:19:28 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\TVersity\\Media Server\\TVersity.exe"=
"C:\\Program Files\\Super Internet TV\\OnlineTV.exe"=
"C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"C:\\Team17\\Worms World Party\\wwp.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

S3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 18:40]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-18 11:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 15:38:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2008-03-19 15:43:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-19 14:43:13
.
2008-03-12 17:41:07 --- E O F ---

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 19 March 2008 - 10:13 AM

RobbertCB

You are most welcome.

We need to make sure we can see hidden files and folders

To enable the viewing of Hidden and System files follow these steps: Right click on Start and select Explore.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Click Yes To confirm
Press the Apply button and then the OK button.

You have a suspicious file I would like to have a look at

Please go HERE

Put Your Name, and Bleeping Computer HJT forum

and In the file to submit box, click Browse.Using Windows Explorer(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate the fileC:\WINDOWS\system32\drivers\olryjtrauvdp.sys
In the comments tell them that I asked you to upload the file
Then Select Send File.

C:\Program Files\uTorrent Is an excellent place to get infections from by the way
Posted Image
Microsoft MVP - Windows Security

#5 RobbertCB

RobbertCB
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 19 March 2008 - 11:24 AM

Hey thanks for this again, really...

I uploaded the file that you wanted to see, and yes utorrent might indeed cause some problems... do you mean I need to get another torrent client or do you just mean torrents are dangerous (coz the lather I know ;)

My new HJT log is here:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:57, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5C349CD-BB26-4029-A41D-A219361E7644}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12583 bytes



or do you want a new combofix?

#6 RobbertCB

RobbertCB
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 19 March 2008 - 11:27 AM

I unchecked and checked everything you said with the last hjt log by the way

Edited by RobbertCB, 19 March 2008 - 12:46 PM.


#7 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 19 March 2008 - 01:07 PM

RobbertCB

Torrents in general are dangerous.

I got the file, thanks, it turns out it's a driver for Panda.

1. Open NotePad (not wordpad). Copy and paste the following into Notepad. Not the word code.
File::
C:\WINDOWS\BRDIAG.INI
C:\WINDOWS\BRVIDEO.INI
C:\WINDOWS\Brownie.ini

Folder::
C:\Program Files\Brownie
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

Posted Image
Microsoft MVP - Windows Security

#8 RobbertCB

RobbertCB
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 19 March 2008 - 02:04 PM

Here it is:

ComboFix 08-03-18.1 - Joppe 2008-03-19 19:57:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1303 [GMT 1:00]
Running from: C:\Documents and Settings\Joppe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joppe\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BRDIAG.INI
C:\WINDOWS\Brownie.ini
C:\WINDOWS\BRVIDEO.INI
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Brownie
C:\Program Files\Brownie\BRHOOK.DLL
C:\Program Files\Brownie\brif03a.dll
C:\Program Files\Brownie\BRKBHOOK.DLL
C:\Program Files\Brownie\brlm03a.dll
C:\Program Files\Brownie\BRNIPMON.exe
C:\Program Files\Brownie\BROWNIE.EXE
C:\Program Files\Brownie\BROWNIE.HLP
C:\Program Files\Brownie\BROWNIE.INI
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Program Files\Brownie\BRSTSWND.HLP
C:\Program Files\Brownie\popup.wav
C:\Program Files\Brownie\RCHANGE.EXE
C:\WINDOWS\BRDIAG.INI
C:\WINDOWS\Brownie.ini
C:\WINDOWS\BRVIDEO.INI

.
((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-18 15:54 . 2008-03-18 15:54 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-03-18 15:54 . 2008-03-18 15:54 4,096 --a------ C:\WINDOWS\system32\crash
2008-03-17 17:32 . 2008-03-17 17:32 <DIR> d-------- C:\Program Files\iTunes
2008-03-17 17:32 . 2008-03-17 17:32 <DIR> d-------- C:\Program Files\iPod
2008-03-17 17:32 . 2008-03-19 15:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-17 17:32 . 2008-03-17 17:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-17 17:31 . 2008-03-17 17:31 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-17 17:25 . 2008-03-17 17:25 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-17 17:08 . 2008-03-17 17:08 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-03-17 17:07 . 2008-03-17 17:07 <DIR> d-------- C:\Program Files\MSECACHE
2008-03-17 16:04 . 2008-03-17 16:05 <DIR> d-------- C:\Documents and Settings\Joppe\Application Data\SecondLife
2008-03-17 16:03 . 2008-03-17 16:07 <DIR> d-------- C:\Program Files\SecondLife
2008-03-17 14:28 . 2008-03-17 14:28 <DIR> dr------- C:\Documents and Settings\Joppe\Application Data\Brother
2008-03-17 14:17 . 2008-03-17 14:18 <DIR> d-------- C:\Program Files\Brother
2008-03-17 14:17 . 2004-10-12 01:24 188,416 --a------ C:\WINDOWS\system32\Pdrvinst.dll
2008-03-17 14:17 . 2002-10-31 01:09 81,920 --a------ C:\WINDOWS\system32\BrWebIns.dll
2008-03-17 14:17 . 2003-07-03 01:08 65,536 --a------ C:\WINDOWS\system32\BRWEBUP.EXE
2008-03-13 12:32 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-03-13 12:32 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-03-12 18:58 . 2007-11-24 14:14 368,166 --a------ C:\WINDOWS\hplj1010.hi2
2008-03-12 18:58 . 2007-11-24 14:14 16,630 --a------ C:\WINDOWS\hplj1010.bu2
2008-03-09 18:39 . 2008-03-09 18:39 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-03-09 18:39 . 2008-03-09 18:39 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-03-09 18:38 . 2008-03-09 18:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-09 18:38 . 2008-03-09 18:38 271,360 --------- C:\WINDOWS\system32\drivers\atksgt.sys
2008-03-09 18:38 . 2008-03-09 18:38 18,048 --------- C:\WINDOWS\system32\drivers\lirsgt.sys
2008-03-09 18:36 . 2008-03-09 18:36 <DIR> d-------- C:\Program Files\Focus
2008-03-08 15:11 . 2008-03-08 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-03-08 14:33 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-03-08 14:33 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-03-08 14:25 . 2008-03-17 17:32 <DIR> d-------- C:\Program Files\Bonjour
2008-03-07 16:54 . 2008-03-07 16:54 <DIR> d-------- C:\Documents and Settings\Joppe\Application Data\MatchWare
2008-03-07 16:49 . 2008-03-07 16:49 <DIR> d-------- C:\Program Files\MatchWare
2008-03-07 16:49 . 2008-03-07 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mwas
2008-03-06 16:11 . 2008-03-06 16:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\StumbleUpon
2008-03-06 14:50 . 2007-06-05 10:56 44,928 --------- C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-06 14:49 . 2007-06-08 09:44 8,576 --------- C:\WINDOWS\system32\drivers\olryjtrauvdp.sys
2008-03-06 14:34 . 2008-03-06 15:37 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-06 14:34 . 2008-03-06 14:34 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-06 14:34 . 2008-03-06 14:34 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-06 14:34 . 2008-03-06 14:34 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-06 14:25 . 2008-03-06 14:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-06 14:16 . 2008-03-06 14:16 <DIR> d-------- C:\Documents and Settings\Joppe\Application Data\Bitdefender
2008-03-06 14:15 . 2008-03-19 19:56 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-06 14:13 . 2008-03-06 14:13 <DIR> d-------- C:\Program Files\Softwin
2008-03-06 14:13 . 2008-03-06 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-06 14:12 . 2008-03-06 14:14 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-03-06 13:52 . 2008-03-06 13:52 <DIR> d-------- C:\Program Files\Sygate
2008-03-06 13:52 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-03-06 13:52 . 2004-10-15 18:17 60,496 --------- C:\WINDOWS\system32\drivers\Teefer.sys
2008-03-06 13:52 . 2004-10-15 18:18 21,075 --------- C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg6n.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg5n.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg4n.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg3n.sys
2008-03-06 12:36 . 2008-03-06 15:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-06 12:36 . 2008-03-06 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-06 12:17 . 2008-03-06 12:17 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-05 20:45 . 2008-03-05 20:45 <DIR> d-------- C:\Team17
2008-03-02 21:23 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-03-02 21:23 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-03-02 21:23 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-03-02 21:22 . 2008-03-02 21:22 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-02 21:20 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-02 21:19 . 2008-03-12 19:00 <DIR> d-------- C:\Program Files\HP
2008-03-02 21:14 . 2004-06-21 19:50 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
2008-03-02 21:14 . 2004-06-21 19:50 270,336 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2008-03-02 21:14 . 2004-08-03 22:58 15,104 --------- C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-02 21:14 . 2004-08-03 22:58 15,104 -----c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-02 21:12 . 2004-08-03 23:01 25,856 --------- C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-02 21:12 . 2004-08-03 23:01 25,856 -----c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-02 17:58 . 2008-03-03 20:55 83 --a------ C:\WINDOWS\wwp.INI
2008-02-21 13:22 . 2008-02-21 13:22 <DIR> d-------- C:\Program Files\The Adventure Company
2008-02-20 11:43 . 2008-02-21 11:35 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Professional
2008-02-19 23:26 . 2008-02-19 23:26 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-02-19 23:26 . 2008-02-19 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-19 17:22 . 2008-02-19 17:22 <DIR> d-------- C:\Program Files\Foxit Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 18:56 --------- d-----w C:\Documents and Settings\Joppe\Application Data\StumbleUpon
2008-03-19 16:27 --------- d-----w C:\Documents and Settings\Joppe\Application Data\uTorrent
2008-03-17 16:26 --------- d-----w C:\Program Files\QuickTime
2008-03-17 16:24 --------- d-----w C:\Program Files\Java
2008-03-17 13:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 13:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-12 19:14 --------- d-----w C:\Program Files\AMD
2008-03-12 18:00 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-10 14:03 --------- d-----w C:\Program Files\uTorrent
2008-03-09 17:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-08 14:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-06 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-06 14:25 --------- d-----w C:\Program Files\StumbleUpon
2008-03-06 14:17 --------- d-----w C:\Program Files\Google
2008-03-06 14:16 --------- d-----w C:\Program Files\FlashFXP
2008-03-06 14:15 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-06 14:15 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-06 14:15 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-03-06 12:59 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-27 18:25 --------- d-----w C:\Program Files\SPSSEval
2008-02-18 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-18 22:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-18 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-18 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-18 21:56 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-16 12:34 805 ------w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-16 12:34 10,740 ------w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-14 09:51 --------- d-----w C:\Program Files\Belastingdienst
2008-02-07 17:06 --------- d-----w C:\Program Files\Super Internet TV
2008-02-07 16:51 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-07 16:51 --------- d-----w C:\Program Files\Common Files\Real
2008-02-07 14:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\StumbleUpon
2008-01-31 18:00 --------- d-----w C:\Program Files\TVersity Codec Pack
2008-01-31 17:59 684,549 ----a-w C:\WINDOWS\system32\unins000.exe
2008-01-31 17:58 --------- d-----w C:\Program Files\TVersity
2008-01-30 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-28 16:14 --------- d-----w C:\Documents and Settings\Joppe\Application Data\CyberLink
2008-01-28 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-28 16:12 --------- d-----w C:\Program Files\CyberLink
2008-01-23 19:16 --------- d-----w C:\Documents and Settings\Joppe\Application Data\MiniDm
2008-01-22 22:54 --------- d-----w C:\Documents and Settings\Joppe\Application Data\IEPro
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-11-24 11:22 22,328 ----a-w C:\Documents and Settings\Joppe\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-03-19_15.43.01.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-19 07:19:47 63,674 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-19 14:42:32 63,674 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-19 07:19:47 406,218 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-19 14:42:32 406,218 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-20 00:26 68856]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-02-04 23:58 219952]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 13:36 495616]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-07 17:51 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe" [2007-05-11 02:59 46200]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 15:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-23 00:19:28 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\TVersity\\Media Server\\TVersity.exe"=
"C:\\Program Files\\Super Internet TV\\OnlineTV.exe"=
"C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"C:\\Team17\\Worms World Party\\wwp.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

S3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 18:40]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-18 11:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 19:58:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-03-19 19:59:34
ComboFix-quarantined-files.txt 2008-03-19 18:59:20
ComboFix2.txt 2008-03-19 14:43:16
.
2008-03-12 17:41:07 --- E O F ---

#9 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 20 March 2008 - 09:36 AM

RobbertCB

Good work

Post a fresh Hijackthis log and include an update on how your PC is running now.
Posted Image
Microsoft MVP - Windows Security

#10 RobbertCB

RobbertCB
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 20 March 2008 - 11:44 AM

I think I might have accidentally caught another virus. A video file on someone's usb stick contained a virus i think.

By the way, do you think I should do some kind of registry cleaning, because I do not run Panda anymore, but apparently it's still on my disk somewhere.

Here's the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:41:50, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5C349CD-BB26-4029-A41D-A219361E7644}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12801 bytes

Edited by RobbertCB, 20 March 2008 - 11:44 AM.


#11 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 20 March 2008 - 11:55 AM

RobbertCB

Post a fresh Combofix log and let's make sure you didn't pick up something new.

What Anti Virus program are you runnning and I will help you remove the others.
Posted Image
Microsoft MVP - Windows Security

#12 RobbertCB

RobbertCB
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 20 March 2008 - 12:05 PM

I'm running bitdefender Free Edition. Not sure it's good...

Here's the combofix

ComboFix 08-03-18.1 - Joppe 2008-03-20 17:58:25.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1282 [GMT 1:00]
Running from: C:\Documents and Settings\Joppe\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-18 15:54 . 2008-03-18 15:54 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-03-18 15:54 . 2008-03-18 15:54 4,096 --a------ C:\WINDOWS\system32\crash
2008-03-17 17:32 . 2008-03-19 21:43 <DIR> d-------- C:\Program Files\iTunes
2008-03-17 17:32 . 2008-03-17 17:32 <DIR> d-------- C:\Program Files\iPod
2008-03-17 17:32 . 2008-03-20 17:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-17 17:32 . 2008-03-17 17:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-17 17:31 . 2008-03-17 17:31 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-17 17:25 . 2008-03-17 17:25 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-17 17:08 . 2008-03-17 17:08 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-03-17 17:07 . 2008-03-17 17:07 <DIR> d-------- C:\Program Files\MSECACHE
2008-03-17 16:04 . 2008-03-17 16:05 <DIR> d-------- C:\Documents and Settings\Joppe\Application Data\SecondLife
2008-03-17 16:03 . 2008-03-17 16:07 <DIR> d-------- C:\Program Files\SecondLife
2008-03-17 14:28 . 2008-03-17 14:28 <DIR> dr------- C:\Documents and Settings\Joppe\Application Data\Brother
2008-03-17 14:17 . 2008-03-17 14:18 <DIR> d-------- C:\Program Files\Brother
2008-03-17 14:17 . 2004-10-12 01:24 188,416 --a------ C:\WINDOWS\system32\Pdrvinst.dll
2008-03-17 14:17 . 2002-10-31 01:09 81,920 --a------ C:\WINDOWS\system32\BrWebIns.dll
2008-03-17 14:17 . 2003-07-03 01:08 65,536 --a------ C:\WINDOWS\system32\BRWEBUP.EXE
2008-03-13 12:32 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-03-13 12:32 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-03-12 18:58 . 2007-11-24 14:14 368,166 --a------ C:\WINDOWS\hplj1010.hi2
2008-03-12 18:58 . 2007-11-24 14:14 16,630 --a------ C:\WINDOWS\hplj1010.bu2
2008-03-09 18:39 . 2008-03-09 18:39 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-03-09 18:39 . 2008-03-09 18:39 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-03-09 18:38 . 2008-03-09 18:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-09 18:38 . 2008-03-09 18:38 271,360 --------- C:\WINDOWS\system32\drivers\atksgt.sys
2008-03-09 18:38 . 2008-03-09 18:38 18,048 --------- C:\WINDOWS\system32\drivers\lirsgt.sys
2008-03-09 18:36 . 2008-03-09 18:36 <DIR> d-------- C:\Program Files\Focus
2008-03-08 15:11 . 2008-03-08 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-03-08 14:33 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-03-08 14:33 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-03-08 14:25 . 2008-03-19 21:33 <DIR> d-------- C:\Program Files\Bonjour
2008-03-07 16:54 . 2008-03-07 16:54 <DIR> d-------- C:\Documents and Settings\Joppe\Application Data\MatchWare
2008-03-07 16:49 . 2008-03-07 16:49 <DIR> d-------- C:\Program Files\MatchWare
2008-03-07 16:49 . 2008-03-07 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mwas
2008-03-06 16:11 . 2008-03-06 16:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\StumbleUpon
2008-03-06 14:50 . 2007-06-05 10:56 44,928 --------- C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-06 14:49 . 2007-06-08 09:44 8,576 --------- C:\WINDOWS\system32\drivers\olryjtrauvdp.sys
2008-03-06 14:34 . 2008-03-19 22:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-06 14:34 . 2008-03-19 20:58 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-06 14:34 . 2008-03-19 20:58 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-06 14:34 . 2008-03-19 20:58 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-06 14:25 . 2008-03-06 14:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-06 14:16 . 2008-03-06 14:16 <DIR> d-------- C:\Documents and Settings\Joppe\Application Data\Bitdefender
2008-03-06 14:15 . 2008-03-20 17:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-06 14:13 . 2008-03-06 14:13 <DIR> d-------- C:\Program Files\Softwin
2008-03-06 14:13 . 2008-03-06 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-06 14:12 . 2008-03-06 14:14 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-03-06 13:52 . 2008-03-06 13:52 <DIR> d-------- C:\Program Files\Sygate
2008-03-06 13:52 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-03-06 13:52 . 2004-10-15 18:17 60,496 --------- C:\WINDOWS\system32\drivers\Teefer.sys
2008-03-06 13:52 . 2004-10-15 18:18 21,075 --------- C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg6n.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg5n.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg4n.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg3n.sys
2008-03-06 12:36 . 2008-03-19 21:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-06 12:36 . 2008-03-06 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-06 12:17 . 2008-03-06 12:17 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-05 20:45 . 2008-03-05 20:45 <DIR> d-------- C:\Team17
2008-03-02 21:23 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-03-02 21:23 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-03-02 21:23 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-03-02 21:22 . 2008-03-02 21:22 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-02 21:20 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-02 21:19 . 2008-03-12 19:00 <DIR> d-------- C:\Program Files\HP
2008-03-02 21:14 . 2004-06-21 19:50 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
2008-03-02 21:14 . 2004-06-21 19:50 270,336 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2008-03-02 21:14 . 2004-08-03 22:58 15,104 --------- C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-02 21:14 . 2004-08-03 22:58 15,104 -----c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-02 21:12 . 2004-08-03 23:01 25,856 --------- C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-02 21:12 . 2004-08-03 23:01 25,856 -----c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-02 17:58 . 2008-03-03 20:55 83 --a------ C:\WINDOWS\wwp.INI
2008-02-21 13:22 . 2008-02-21 13:22 <DIR> d-------- C:\Program Files\The Adventure Company
2008-02-20 11:43 . 2008-02-21 11:35 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Professional

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 16:58 --------- d-----w C:\Documents and Settings\Joppe\Application Data\uTorrent
2008-03-20 16:57 --------- d-----w C:\Documents and Settings\Joppe\Application Data\StumbleUpon
2008-03-19 20:52 --------- d-----w C:\Program Files\TVersity Codec Pack
2008-03-19 20:51 --------- d-----w C:\Program Files\StumbleUpon
2008-03-19 20:44 --------- d-----w C:\Program Files\MagicISO
2008-03-19 20:42 --------- d-----w C:\Program Files\Google
2008-03-19 20:42 --------- d-----w C:\Program Files\FlashFXP
2008-03-19 20:41 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-19 20:41 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-19 20:01 --------- d-----w C:\Program Files\uTorrent
2008-03-17 16:26 --------- d-----w C:\Program Files\QuickTime
2008-03-17 16:24 --------- d-----w C:\Program Files\Java
2008-03-17 13:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 13:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-12 19:14 --------- d-----w C:\Program Files\AMD
2008-03-12 18:00 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-09 17:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-08 14:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-06 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-06 14:15 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-03-06 12:59 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-27 18:25 --------- d-----w C:\Program Files\SPSSEval
2008-02-19 22:26 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-19 22:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-19 16:22 --------- d-----w C:\Program Files\Foxit Software
2008-02-18 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-18 22:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-18 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-18 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-18 21:56 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-16 12:34 805 ------w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-16 12:34 10,740 ------w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-14 09:51 --------- d-----w C:\Program Files\Belastingdienst
2008-02-07 17:06 --------- d-----w C:\Program Files\Super Internet TV
2008-02-07 16:51 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-07 16:51 --------- d-----w C:\Program Files\Common Files\Real
2008-02-07 14:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\StumbleUpon
2008-01-31 17:59 684,549 ----a-w C:\WINDOWS\system32\unins000.exe
2008-01-31 17:58 --------- d-----w C:\Program Files\TVersity
2008-01-30 10:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-28 16:14 --------- d-----w C:\Documents and Settings\Joppe\Application Data\CyberLink
2008-01-28 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-28 16:12 --------- d-----w C:\Program Files\CyberLink
2008-01-23 19:16 --------- d-----w C:\Documents and Settings\Joppe\Application Data\MiniDm
2008-01-22 22:54 --------- d-----w C:\Documents and Settings\Joppe\Application Data\IEPro
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-11-24 11:22 22,328 ----a-w C:\Documents and Settings\Joppe\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-03-19_15.43.01.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-12 17:41:01 593,920 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-03-20 08:12:23 593,920 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-03-12 17:41:01 12,288 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-03-20 08:12:23 12,288 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-12 17:41:01 86,016 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-03-20 08:12:23 86,016 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-12 17:41:01 135,168 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-03-20 08:12:23 135,168 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-12 17:41:01 11,264 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-03-20 08:12:23 11,264 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-12 17:41:01 27,136 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-03-20 08:12:23 27,136 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-12 17:41:01 4,096 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-03-20 08:12:23 4,096 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-12 17:41:01 794,624 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-03-20 08:12:23 794,624 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-12 17:41:01 249,856 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-03-20 08:12:23 249,856 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-12 17:41:01 61,440 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-03-20 08:12:23 61,440 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-12 17:41:01 23,040 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-03-20 08:12:23 23,040 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-12 17:41:01 286,720 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-03-20 08:12:23 286,720 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-12 17:41:01 409,600 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-03-20 08:12:23 409,600 ----a-r C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-19 07:19:47 63,674 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-20 16:38:14 63,674 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-19 07:19:47 406,218 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-20 16:38:14 406,218 ----a-w C:\WINDOWS\system32\perfh009.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-20 00:26 68856]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-02-04 23:58 219952]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 13:36 495616]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-07 17:51 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe" [2007-05-11 02:59 46200]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 15:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-23 00:19:28 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\TVersity\\Media Server\\TVersity.exe"=
"C:\\Program Files\\Super Internet TV\\OnlineTV.exe"=
"C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"C:\\Team17\\Worms World Party\\wwp.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

S3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 18:40]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-18 11:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 18:02:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-03-20 18:02:56
ComboFix-quarantined-files.txt 2008-03-20 17:02:48
ComboFix2.txt 2008-03-19 18:59:35
ComboFix3.txt 2008-03-19 14:43:16
.
2008-03-20 08:12:29 --- E O F ---

#13 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 21 March 2008 - 09:06 AM

RobbertCB

Don't see anything new.

1. Go HERE and download and run the Symantec Removal Tool

Pick the right version according to your application

2. Open NotePad (not wordpad). Copy and paste the following into Notepad
File::
C:\WINDOWS\system32\drivers\SDTHOOK.SYS
C:\WINDOWS\system32\drivers\olryjtrauvdp.sys
C:\WINDOWS\system32\ActiveScan
C:\WINDOWS\system32\pavas.ico
C:\WINDOWS\system32\Uninstall.ico
C:\WINDOWS\system32\Help.ico

Folder::
C:\Program Files\Common Files\Panda Software
C:\Documents and Settings\All Users\Application Data\McAfee
C:\WINDOWS\system32\ActiveScan
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe
Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
3. Reboot your PC ->> rerun Hiajckthis and post a fresh Hijackthis log as well
Posted Image
Microsoft MVP - Windows Security

#14 RobbertCB

RobbertCB
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 21 March 2008 - 09:40 AM

1. done

2:

ComboFix 08-03-18.1 - Joppe 2008-03-21 15:26:54.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1350 [GMT 1:00]
Running from: C:\Documents and Settings\Joppe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joppe\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\ActiveScan
C:\WINDOWS\system32\drivers\olryjtrauvdp.sys
C:\WINDOWS\system32\drivers\SDTHOOK.SYS
C:\WINDOWS\system32\Help.ico
C:\WINDOWS\system32\pavas.ico
C:\WINDOWS\system32\Uninstall.ico
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\McAfee
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Cache\McSubDB.Bak
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\mcini.ini
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McSubDB.Dat
C:\Program Files\Common Files\Panda Software
C:\WINDOWS\system32\ActiveScan
C:\WINDOWS\system32\ActiveScan\as.dll
C:\WINDOWS\system32\ActiveScan\ascontrol.dll
C:\WINDOWS\system32\ActiveScan\asmdat.dll
C:\WINDOWS\system32\ActiveScan\assetup.inf
C:\WINDOWS\system32\ActiveScan\certdll.dll
C:\WINDOWS\system32\ActiveScan\getrootcert.cer
C:\WINDOWS\system32\ActiveScan\instlsp.dll
C:\WINDOWS\system32\ActiveScan\JID.dll
C:\WINDOWS\system32\ActiveScan\memvfile.dll
C:\WINDOWS\system32\ActiveScan\msvcr71.dll
C:\WINDOWS\system32\ActiveScan\Nano.SIG
C:\WINDOWS\system32\ActiveScan\nano.xml
C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll
C:\WINDOWS\system32\ActiveScan\Panda ActiveScan InstallerPSK_NAMES
C:\WINDOWS\system32\ActiveScan\Panda ActiveScan InstallerPSK_NAMES2
C:\WINDOWS\system32\ActiveScan\Panda ActiveScanPSK_NAMES
C:\WINDOWS\system32\ActiveScan\Panda ActiveScanPSK_NAMES2
C:\WINDOWS\system32\ActiveScan\pav.sig
C:\WINDOWS\system32\ActiveScan\pavaleas.dll
C:\WINDOWS\system32\ActiveScan\pavdr.exe
C:\WINDOWS\system32\ActiveScan\pavexcom.dll
C:\WINDOWS\system32\ActiveScan\pavinas.dll
C:\WINDOWS\system32\ActiveScan\pavoe.dll
C:\WINDOWS\system32\ActiveScan\pavpz.dll
C:\WINDOWS\system32\ActiveScan\pavsddl.dll
C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
C:\WINDOWS\system32\ActiveScan\port32.dll
C:\WINDOWS\system32\ActiveScan\Prescan.dll
C:\WINDOWS\system32\ActiveScan\pscpu.dll
C:\WINDOWS\system32\ActiveScan\pskahk.dll
C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll
C:\WINDOWS\system32\ActiveScan\pskalloc.dll
C:\WINDOWS\system32\ActiveScan\pskas.dll
C:\WINDOWS\system32\ActiveScan\pskavs.dll
C:\WINDOWS\system32\ActiveScan\pskcmp.dll
C:\WINDOWS\system32\ActiveScan\pskfss.dll
C:\WINDOWS\system32\ActiveScan\pskhtml.dll
C:\WINDOWS\system32\ActiveScan\pskmas.dll
C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
C:\WINDOWS\system32\ActiveScan\pskpack.dll
C:\WINDOWS\system32\ActiveScan\pskscs.dll
C:\WINDOWS\system32\ActiveScan\pskutil.dll
C:\WINDOWS\system32\ActiveScan\pskvfile.dll
C:\WINDOWS\system32\ActiveScan\pskvfs.dll
C:\WINDOWS\system32\ActiveScan\pskvm.dll
C:\WINDOWS\system32\ActiveScan\psnahk.dll
C:\WINDOWS\system32\ActiveScan\psndsk.dll
C:\WINDOWS\system32\ActiveScan\psnflg.dll
C:\WINDOWS\system32\ActiveScan\psnglknt.dll
C:\WINDOWS\system32\ActiveScan\psnhsh.dll
C:\WINDOWS\system32\ActiveScan\psnjidsign.dll
C:\WINDOWS\system32\ActiveScan\psnkrnl.dll
C:\WINDOWS\system32\ActiveScan\psnmem.dll
C:\WINDOWS\system32\ActiveScan\PsnPen.dll
C:\WINDOWS\system32\ActiveScan\psntuc.dll
C:\WINDOWS\system32\ActiveScan\PSNXprs.dll
C:\WINDOWS\system32\ActiveScan\psscan.dll
C:\WINDOWS\system32\ActiveScan\qrv.krn
C:\WINDOWS\system32\ActiveScan\rawvfile.dll
C:\WINDOWS\system32\ActiveScan\RKPavProc.sys
C:\WINDOWS\system32\ActiveScan\sdthook.sys
C:\WINDOWS\system32\ActiveScan\sporder.dll
C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
C:\WINDOWS\system32\ActiveScan\Tucan.dll
C:\WINDOWS\system32\drivers\olryjtrauvdp.sys
C:\WINDOWS\system32\drivers\SDTHOOK.SYS
C:\WINDOWS\system32\Help.ico
C:\WINDOWS\system32\pavas.ico
C:\WINDOWS\system32\Uninstall.ico

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_olryjtrauvdp
-------\Legacy_SDTHOOK
-------\olryjtrauvdp
-------\SDTHOOK


((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-18 15:54 . 2008-03-18 15:54 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-03-18 15:54 . 2008-03-18 15:54 4,096 --a------ C:\WINDOWS\system32\crash
2008-03-17 17:32 . 2008-03-19 21:43 <DIR> d-------- C:\Program Files\iTunes
2008-03-17 17:32 . 2008-03-17 17:32 <DIR> d-------- C:\Program Files\iPod
2008-03-17 17:32 . 2008-03-21 15:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-17 17:32 . 2008-03-17 17:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-17 17:31 . 2008-03-17 17:31 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-17 17:25 . 2008-03-17 17:25 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-17 17:08 . 2008-03-17 17:08 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-03-17 17:07 . 2008-03-17 17:07 <DIR> d-------- C:\Program Files\MSECACHE
2008-03-17 16:04 . 2008-03-17 16:05 <DIR> d-------- C:\Documents and Settings\Joppe\Application Data\SecondLife
2008-03-17 16:03 . 2008-03-17 16:07 <DIR> d-------- C:\Program Files\SecondLife
2008-03-17 14:28 . 2008-03-17 14:28 <DIR> dr------- C:\Documents and Settings\Joppe\Application Data\Brother
2008-03-17 14:17 . 2008-03-17 14:18 <DIR> d-------- C:\Program Files\Brother
2008-03-17 14:17 . 2004-10-12 01:24 188,416 --a------ C:\WINDOWS\system32\Pdrvinst.dll
2008-03-17 14:17 . 2002-10-31 01:09 81,920 --a------ C:\WINDOWS\system32\BrWebIns.dll
2008-03-17 14:17 . 2003-07-03 01:08 65,536 --a------ C:\WINDOWS\system32\BRWEBUP.EXE
2008-03-13 12:32 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-03-13 12:32 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-03-12 18:58 . 2007-11-24 14:14 368,166 --a------ C:\WINDOWS\hplj1010.hi2
2008-03-12 18:58 . 2007-11-24 14:14 16,630 --a------ C:\WINDOWS\hplj1010.bu2
2008-03-09 18:39 . 2008-03-09 18:39 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-03-09 18:39 . 2008-03-09 18:39 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-03-09 18:38 . 2008-03-09 18:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-09 18:38 . 2008-03-09 18:38 271,360 --------- C:\WINDOWS\system32\drivers\atksgt.sys
2008-03-09 18:38 . 2008-03-09 18:38 18,048 --------- C:\WINDOWS\system32\drivers\lirsgt.sys
2008-03-09 18:36 . 2008-03-09 18:36 <DIR> d-------- C:\Program Files\Focus
2008-03-08 15:11 . 2008-03-08 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-03-08 14:33 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-03-08 14:33 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-03-08 14:25 . 2008-03-19 21:33 <DIR> d-------- C:\Program Files\Bonjour
2008-03-07 16:54 . 2008-03-07 16:54 <DIR> d-------- C:\Documents and Settings\Joppe\Application Data\MatchWare
2008-03-07 16:49 . 2008-03-07 16:49 <DIR> d-------- C:\Program Files\MatchWare
2008-03-07 16:49 . 2008-03-07 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mwas
2008-03-06 16:11 . 2008-03-06 16:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\StumbleUpon
2008-03-06 14:25 . 2008-03-06 14:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-06 14:16 . 2008-03-06 14:16 <DIR> d-------- C:\Documents and Settings\Joppe\Application Data\Bitdefender
2008-03-06 14:15 . 2008-03-21 15:31 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-06 14:13 . 2008-03-06 14:13 <DIR> d-------- C:\Program Files\Softwin
2008-03-06 14:13 . 2008-03-06 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-06 14:12 . 2008-03-06 14:14 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-03-06 13:52 . 2008-03-06 13:52 <DIR> d-------- C:\Program Files\Sygate
2008-03-06 13:52 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-03-06 13:52 . 2004-10-15 18:17 60,496 --------- C:\WINDOWS\system32\drivers\Teefer.sys
2008-03-06 13:52 . 2004-10-15 18:18 21,075 --------- C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg6n.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg5n.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg4n.sys
2008-03-06 13:52 . 2004-10-15 18:32 14,568 --------- C:\WINDOWS\system32\drivers\wg3n.sys
2008-03-06 12:36 . 2008-03-19 21:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-06 12:36 . 2008-03-06 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-06 12:17 . 2008-03-06 12:17 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-05 20:45 . 2008-03-05 20:45 <DIR> d-------- C:\Team17
2008-03-02 21:23 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-03-02 21:23 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-03-02 21:23 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-03-02 21:22 . 2008-03-02 21:22 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-02 21:20 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-02 21:19 . 2008-03-12 19:00 <DIR> d-------- C:\Program Files\HP
2008-03-02 21:14 . 2004-06-21 19:50 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
2008-03-02 21:14 . 2004-06-21 19:50 270,336 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2008-03-02 21:14 . 2004-08-03 22:58 15,104 --------- C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-02 21:14 . 2004-08-03 22:58 15,104 -----c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-02 21:12 . 2004-08-03 23:01 25,856 --------- C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-02 21:12 . 2004-08-03 23:01 25,856 -----c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-02 17:58 . 2008-03-03 20:55 83 --a------ C:\WINDOWS\wwp.INI
2008-02-21 13:22 . 2008-02-21 13:22 <DIR> d-------- C:\Program Files\The Adventure Company

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 14:31 --------- d-----w C:\Documents and Settings\Joppe\Application Data\uTorrent
2008-03-21 14:26 --------- d-----w C:\Documents and Settings\Joppe\Application Data\StumbleUpon
2008-03-21 13:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-19 20:52 --------- d-----w C:\Program Files\TVersity Codec Pack
2008-03-19 20:51 --------- d-----w C:\Program Files\StumbleUpon
2008-03-19 20:44 --------- d-----w C:\Program Files\MagicISO
2008-03-19 20:42 --------- d-----w C:\Program Files\Google
2008-03-19 20:42 --------- d-----w C:\Program Files\FlashFXP
2008-03-19 20:41 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-19 20:41 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-19 20:01 --------- d-----w C:\Program Files\uTorrent
2008-03-17 16:26 --------- d-----w C:\Program Files\QuickTime
2008-03-17 16:24 --------- d-----w C:\Program Files\Java
2008-03-17 13:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 13:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-12 19:14 --------- d-----w C:\Program Files\AMD
2008-03-12 18:00 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-08 14:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-06 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-06 14:15 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-27 18:25 --------- d-----w C:\Program Files\SPSSEval
2008-02-21 10:35 --------- d-----w C:\Program Files\TweakNow RegCleaner Professional
2008-02-19 22:26 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-19 22:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-19 16:22 --------- d-----w C:\Program Files\Foxit Software
2008-02-18 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-18 22:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-18 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-18 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-18 21:56 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-16 12:34 805 ------w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-16 12:34 10,740 ------w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-14 09:51 --------- d-----w C:\Program Files\Belastingdienst
2008-02-07 17:06 --------- d-----w C:\Program Files\Super Internet TV
2008-02-07 16:51 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-07 16:51 --------- d-----w C:\Program Files\Common Files\Real
2008-02-07 14:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\StumbleUpon
2008-01-31 17:58 --------- d-----w C:\Program Files\TVersity
2008-01-28 16:14 --------- d-----w C:\Documents and Settings\Joppe\Application Data\CyberLink
2008-01-28 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-28 16:12 --------- d-----w C:\Program Files\CyberLink
2008-01-23 19:16 --------- d-----w C:\Documents and Settings\Joppe\Application Data\MiniDm
2008-01-22 22:54 --------- d-----w C:\Documents and Settings\Joppe\Application Data\IEPro
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-11-24 11:22 22,328 ----a-w C:\Documents and Settings\Joppe\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot_2008-03-20_18.02.41.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-20 16:38:14 63,674 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-21 14:25:13 63,674 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-20 16:38:14 406,218 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-21 14:25:13 406,218 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-20 00:26 68856]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-02-04 23:58 219952]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 13:36 495616]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-07 17:51 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe" [2007-05-11 02:59 46200]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 15:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-23 00:19:28 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\TVersity\\Media Server\\TVersity.exe"=
"C:\\Program Files\\Super Internet TV\\OnlineTV.exe"=
"C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"C:\\Team17\\Worms World Party\\wwp.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

S3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 18:40]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-18 11:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 15:33:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-03-21 15:38:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-21 14:38:14
ComboFix2.txt 2008-03-20 17:02:57
ComboFix3.txt 2008-03-19 18:59:35
ComboFix4.txt 2008-03-19 14:43:16
.
2008-03-20 08:12:29 --- E O F ---

#15 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 21 March 2008 - 10:13 AM

RobbertCB

Nicely done. :thumbsup:

Please perform an Ewido Online Malware Scan
  • When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
  • Click on Start Scan.
  • after the scan completes it will produce a log for you, copy and paste the results of that scan as a reply to this thread
  • If any infections are found, (After you save the logfile), Click on Remove Infections.

Posted Image
Microsoft MVP - Windows Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users