| My system has not been running properly for a while, lately applications such as Word and Outlook along with windows messenger have started to shut down mid use. Internet explorer has started to freeze and shut down frequently also.
any help would be much appreciated
Steve
ComboFix 08-07-07.3 - DWeaver 2008-07-08 14:15:44.1 - NTFSx86
Running from: C:\Documents and Settings\DWeaver\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\scurit~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\BMb3637693.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\services.exe
C:\WINDOWS\system32\dixidpij.ini
C:\WINDOWS\system32\drivers\atmapi.sys
C:\WINDOWS\system32\gMWadfii.ini
C:\WINDOWS\system32\gMWadfii.ini2
C:\WINDOWS\system32\hhibddgh.ini
C:\WINDOWS\system32\mqqjlewo.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msvcrtd.exe
C:\WINDOWS\system32\ntpl.bin
C:\WINDOWS\system32\nvrsma.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\pppatc~1\?ppPatch\
C:\WINDOWS\system32\rev2
C:\WINDOWS\system32\vghiernw.ini
C:\WINDOWS\system32\winpfz33.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_tcpsr
((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.
2008-07-08 14:09 . 2008-07-08 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-08 14:01 . 2008-07-08 14:01 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-08 14:01 . 2008-07-08 14:01 <DIR> d-------- C:\Program Files\CCleaner
2008-07-08 12:25 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-08 10:37 . 2008-07-08 10:37 <DIR> d-------- C:\WINDOWS\system32\repository
2008-07-07 09:59 . 2008-07-08 13:55 82,944 --a------ C:\WINDOWS\system32\gdx.ak
2008-07-07 09:59 . 2008-07-08 13:55 61,952 --a------ C:\WINDOWS\system32\rdmm.ko
2008-07-07 09:59 . 2008-07-08 13:55 19,456 --a------ C:\WINDOWS\system32\cmgmk.ak
2008-07-06 21:15 . 2008-07-06 21:15 <DIR> d-------- C:\Program Files\ICQ6Toolbar
2008-07-06 21:15 . 2008-07-06 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ICQ
2008-07-06 21:05 . 2008-07-07 09:48 <DIR> d-------- C:\Program Files\ICQ6
2008-07-06 20:33 . 2008-07-06 20:51 <DIR> d-------- C:\Documents and Settings\DWeaver\Application Data\ICQLite
2008-07-06 20:25 . 2008-07-06 20:32 <DIR> d-------- C:\Program Files\ICQToolbar
2008-07-06 20:23 . 2008-07-06 21:10 <DIR> d-------- C:\Program Files\ICQ621_05_51
2008-07-06 19:02 . 2008-07-07 10:00 1 --a------ C:\WINDOWS\system32\dlcqsp.tmp
2008-07-05 17:16 . 2008-07-05 17:16 0 --a------ C:\WINDOWS\iPlayer.INI
2008-07-05 15:35 . 2008-07-05 15:35 <DIR> d-------- C:\Program Files\InterActual
2008-06-30 13:03 . 2008-06-30 13:03 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-30 13:03 . 2008-06-30 13:03 <DIR> d-------- C:\Documents and Settings\DWeaver\Application Data\SUPERAntiSpyware.com
2008-06-30 13:03 . 2008-06-30 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-27 06:19 . 2008-06-30 11:53 110,367 --a------ C:\WINDOWS\BMb3637693.xml
2008-06-27 01:00 . 2008-07-08 12:31 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-27 00:48 . 2008-07-05 03:14 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-27 00:48 . 2008-06-27 00:48 <DIR> d-------- C:\Program Files\AVG
2008-06-27 00:48 . 2008-06-27 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-27 00:48 . 2008-06-27 00:48 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-27 00:48 . 2008-06-27 00:48 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-27 00:34 . 2008-06-27 00:34 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\ICQ Toolbar
2008-06-27 00:18 . 2008-06-27 00:18 13,502 --a------ C:\WINDOWS\system32\CelldoradoIconUK.ico
2008-06-27 00:18 . 2008-06-27 00:18 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-06-27 00:07 . 2008-06-30 13:24 <DIR> d--hs---- C:\WINDOWS\UHVyZQ
2008-06-27 00:07 . 2008-07-04 13:44 <DIR> d-------- C:\WINDOWS\system32\modtrux01
2008-06-27 00:07 . 2008-06-27 09:36 <DIR> d-------- C:\WINDOWS\system32\mb9
2008-06-27 00:07 . 2008-06-27 00:07 <DIR> d-------- C:\temp\syschk3
2008-06-27 00:07 . 2008-06-27 00:09 41,723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-06-11 20:48 . 2008-07-04 12:27 <DIR> d-------- C:\Program Files\UOAM
2008-06-11 10:56 . 2008-06-11 10:56 122 --a------ C:\WINDOWS\WA.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 21:30 --------- d-----w C:\Program Files\UOAssist
2008-07-07 14:13 --------- d-----w C:\Documents and Settings\DWeaver\Application Data\BitTorrent
2008-07-07 08:59 577,024 ----a-w C:\WINDOWS\system32\user32.DLL
2008-07-07 08:55 --------- d-----w C:\Documents and Settings\DWeaver\Application Data\DNA
2008-07-07 08:47 --------- d-----w C:\Documents and Settings\DWeaver\Application Data\ICQ
2008-07-06 19:25 --------- d-----w C:\Program Files\ICQ620_23_38
2008-06-30 12:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 12:28 --------- d-----w C:\Documents and Settings\DWeaver\Application Data\LimeWire
2008-06-11 19:34 --------- d-----w C:\Program Files\MSN Messenger
2008-05-29 12:24 --------- d-----w C:\Program Files\WinAce
2008-05-28 09:13 --------- d-----w C:\Program Files\Memory-Map
2008-05-27 23:36 --------- d-----w C:\Documents and Settings\DWeaver\Application Data\CyberLink
2008-05-27 23:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-27 23:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-27 23:35 --------- d-----w C:\Program Files\CyberLink
2008-05-27 23:35 --------- d-----w C:\Program Files\Common Files\CyberLink
2008-05-27 23:33 29,480 ----a-w C:\WINDOWS\system32\msxml3a.dll
2008-05-27 22:57 53,760 ----a-w C:\WINDOWS\system32\Squeeze.dll
2008-05-27 22:57 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2008-05-27 21:05 --------- d-----w C:\Documents and Settings\DWeaver\Application Data\DivX
2008-05-26 16:33 1,594,543 ----a-w C:\WINDOWS\WANEUninstaller.exe
2008-05-26 11:51 --------- d-----w C:\Program Files\Atheros
2008-05-26 11:37 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-26 11:36 --------- d-----w C:\Program Files\CONEXANT
2008-05-26 10:41 --------- d-----w C:\Program Files\Launch Manager
2008-05-26 09:40 --------- d-----w C:\Program Files\S103
2008-05-25 21:55 1,882,904 ----a-w C:\WINDOWS\system32\AutoPartNt.exe
2008-05-24 17:04 --------- d-----w C:\Program Files\Google
2008-05-23 22:38 --------- d-----w C:\Program Files\Java
2008-05-23 22:37 --------- d-----w C:\Program Files\Common Files\Java
2008-05-23 22:36 --------- d-----w C:\Program Files\LimeWire
2008-05-23 08:57 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-23 08:57 --------- d-----w C:\Program Files\MSBuild
2008-05-23 08:42 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-21 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-21 10:24 --------- d-----w C:\Program Files\epson
2008-05-21 10:24 --------- d-----w C:\Documents and Settings\DWeaver\Application Data\InstallShield
2008-05-21 10:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-05-20 17:14 --------- d-----w C:\Documents and Settings\DWeaver\Application Data\Nero
2008-05-20 17:13 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-20 17:10 --------- d-----w C:\Program Files\Nero
2008-05-20 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-20 16:54 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Acronis
2008-05-20 15:50 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-05-20 15:50 44,384 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-05-20 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acronis
2008-05-20 15:49 368,544 ----a-w C:\WINDOWS\system32\drivers\tdrpman.sys
2008-05-20 15:49 129,248 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-05-20 15:49 --------- d-----w C:\Program Files\Common Files\Acronis
2008-05-20 15:48 --------- d-----w C:\Program Files\Acronis
2008-05-20 13:09 --------- d-----w C:\Program Files\DivX
2008-05-20 13:02 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-20 13:02 --------- d-----w C:\Program Files\Real
2008-05-20 13:02 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-20 13:02 --------- d-----w C:\Program Files\Common Files\Real
2008-05-20 09:28 --------- d-----w C:\Documents and Settings\DWeaver\Application Data\ICQ Toolbar
2008-05-20 08:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-20 08:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-05-20 07:54 --------- d-----w C:\Program Files\QuickTime
2008-05-20 07:31 --------- d-----w C:\Program Files\Bonjour
2008-05-20 07:26 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-20 06:33 --------- d-----w C:\Program Files\EA Games
2008-05-19 17:57 --------- d-----w C:\Documents and Settings\DWeaver\Application Data\ATI
2008-05-19 17:14 --------- d-----w C:\Program Files\Realtek
2008-05-19 16:59 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-19 16:58 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-19 16:53 --------- d-----w C:\Program Files\Alcohol Soft
2008-05-19 09:42 --------- d-----w C:\Program Files\DNA
2008-05-19 09:42 --------- d-----w C:\Program Files\BitTorrent
2008-05-19 09:31 --------- d-----w C:\Program Files\ATI Technologies
2008-05-19 09:13 --------- d-----w C:\Program Files\Common Files\Motive
2008-05-19 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-05-19 09:00 --------- d-----w C:\Program Files\Synaptics
2008-05-19 08:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-19 08:59 --------- d-----w C:\Documents and Settings\DWeaver\Application Data\Acer
2008-05-19 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acer
2008-05-19 08:48 155,995 ----a-w C:\WINDOWS\java\Packages\3RZRZBBX.ZIP
2008-05-19 08:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:53 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
[color=red] C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) [/color]
577,024 2008-07-07 08:59:49 C:\WINDOWS\system32\user32.DLL
577,024 2008-07-07 08:59:49 C:\WINDOWS\system32\dllcache\user32.dll
------- Sigcheck -------
2008-07-07 09:59 577024 4530b1dc4a57e7b72a63d8a7a833d401 C:\WINDOWS\system32\user32.DLL
2008-07-07 09:59 577024 4530b1dc4a57e7b72a63d8a7a833d401 C:\WINDOWS\system32\dllcache\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-19 10:42 289088]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-05-18 17:30 172280]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-02 18:22 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 09:30 69632]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-20 14:02 185896]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 20:06 2595616]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 20:11 909208]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 20:07 140568]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2005-01-31 08:05 253952]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-27 00:48 1177368]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 17:23 15961088 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gnu30.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\UOAM\\uoam.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-05-20 16:49]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-27 00:48]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-01 17:24]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-27 00:48]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 19:26]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
.
- - - - ORPHANS REMOVED - - - -
Notify-byXNhFuv - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-08 14:32:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\DOCUME~1\DWeaver\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-07-08 14:44:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-08 13:44:01
Pre-Run: 13,427,658,752 bytes free
Post-Run: 13,339,971,584 bytes free
300
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:04, on 08/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\DOCUME~1\DWeaver\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\DWeaver\Local Settings\Temporary Internet Files\Content.IE5\OMJV197K\HiJackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Atheros Configuration Service (ACS) - Acronis - (no file) O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe --
End of file - 12498 bytes
| 
|