Thread: Hi-Jack-This log
View Single Post
Old 08-08-2007, 08:19 AM   #3 (permalink)
megahurts
Registered User
 
Join Date: Aug 2007
Posts: 6
OS: XP


Re: Hi-Jack-This log
Thank you so much! Here is my log.

ComboFix 07-08-08 - "Jacob K" 2007-08-08 7:00:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.335 [GMT -7:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\Program Files\poolsv
D:\Program Files\poolsv\k11u72.exe
D:\Program Files\poolsv\svhost.exe
D:\Program Files\poolsv\YazzleBundle-1549.exe
D:\Program Files\svhost
D:\WINDOWS\poolsv.exe
D:\WINDOWS\svhost.exe
D:\WINDOWS\system32\f10WtR
D:\WINDOWS\system32\f10WtR\f10WtR1099.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


2007-08-08 07:11 <DIR> d-------- D:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Xfire
2007-08-08 06:58 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-08-07 16:10 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-08-07 16:10 94,416 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-07 16:10 92,848 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-08-07 16:10 783,224 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-08-07 16:10 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-07 16:10 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-07 16:10 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-07 16:10 <DIR> d-------- D:\Program Files\Alwil Software
2007-08-07 12:28 <DIR> d-------- D:\Program Files\Lavasoft
2007-08-07 12:28 <DIR> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-08-06 17:15 <DIR> d-------- D:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Xfire
2007-08-06 13:13 <DIR> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-07-27 16:57 22,328 --a------ D:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-07-27 16:57 103,736 --a------ D:\WINDOWS\system32\PnkBstrB.exe
2007-07-27 16:56 66,872 --a------ D:\WINDOWS\system32\PnkBstrA.exe
2007-07-23 17:12 <DIR> d-------- D:\Program Files\Microsoft ActiveSync
2007-07-23 17:11 <DIR> d-------- D:\WINDOWS\ShellNew
2007-07-23 17:11 <DIR> d-------- D:\Program Files\Common Files\L&H
2007-07-23 16:49 879,832 --a------ D:\WINDOWS\system32\drivers\vetefile.sys
2007-07-23 16:49 108,360 --a------ D:\WINDOWS\system32\drivers\veteboot.sys
2007-07-22 20:26 9,437,184 --a------ D:\DOCUME~1\JACOBK~1.JAC\ntuser.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 16:09 --------- d-------- D:\DOCUME~1\JACOBK~1.JAC\APPLIC~1\Xfire
2007-08-07 12:28 --------- d-------- D:\Program Files\Common Files\Wise Installation Wizard
2007-08-06 17:22 --------- d---s---- D:\Program Files\Xfire
2007-08-01 11:22 --------- d--h----- D:\Program Files\InstallShield Installation Information
2007-06-27 16:24 --------- d--h----- D:\DOCUME~1\JACOBK~1.JAC\APPLIC~1\ijjigame
2007-05-16 08:12 86528 -----c--- D:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 -----c--- D:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ D:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 -----c--- D:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 -----c--- D:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 -----c--- D:\WINDOWS\system32\dllcache\msoe.dll
2007-05-09 07:17 75280 --a------ D:\WINDOWS\system32\isafprod.dll
2007-05-08 02:24 3583488 --a--c--- D:\WINDOWS\system32\dllcache\mshtml.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"EPoXUSDM"="D:\Program Files\EPoX\USDM\USDM.exe" [2004-06-08 16:59]
"InetCntrl"="D:\WINDOWS\system32\InetCntrl\InetCntrl.exe" [2006-09-14 11:25]
"cctray"="H:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-14 17:56]
"CAVRID"="H:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-09 07:17]
"svhost"="D:\WINDOWS\svhost.exe" []
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 15:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 11:37]

D:\Documents and Settings\Jacob K.JACOB\Start Menu\Programs\Startup\
Xfire.lnk - D:\Program Files\Xfire\Xfire.exe [2007-08-02 15:44:38]

D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
D:\Program Files\AGEIA Technologies\bin\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
D:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"D:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
"D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"D:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
"H:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"D:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"6to4"=2 (0x2)
"WZCSVC"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"UPS"=3 (0x3)
"TlntSvr"=3 (0x3)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$SOSHOME22"=2 (0x2)
"lanmanserver"=2 (0x2)
"Groove Games Licensing Service"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)

R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);D:\WINDOWS\system32\drivers\sfvfs02.sys
R0 SI3114r;SiI-3114 SATARaid Controller;D:\WINDOWS\system32\DRIVERS\SI3114R.sys
R0 SiFilter;SATALink driver accelerator;D:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
R0 VClone;VClone;D:\WINDOWS\system32\DRIVERS\VClone.sys
R1 Amfilter;Compatible Mouse Filter Driver;D:\WINDOWS\system32\DRIVERS\Amfilter.sys
R1 bsofrwl;bsofrwl;D:\WINDOWS\system32\drivers\bsofrwl.sys
R1 NPPTNT2;NPPTNT2;\??\D:\WINDOWS\system32\npptNT2.sys
R1 Tcpip6;Microsoft IPv6 Protocol Driver;D:\WINDOWS\system32\DRIVERS\tcpip6.sys
R2 atksgt;atksgt;D:\WINDOWS\system32\DRIVERS\atksgt.sys
R2 EPoXUSDM;EPoXUSDM;D:\WINDOWS\system32\drivers\EPoXUSDM.sys
R2 lirsgt;lirsgt;D:\WINDOWS\system32\DRIVERS\lirsgt.sys
R3 ALCXSENS;Service for WDM 3D Audio Driver;D:\WINDOWS\system32\drivers\ALCXSENS.SYS
R3 ElbyDelay;ElbyDelay;D:\WINDOWS\system32\Drivers\ElbyDelay.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;D:\WINDOWS\system32\drivers\msmpu401.sys
R3 msgame;Sidewinder HID to Joystick Port Enabler;D:\WINDOWS\system32\DRIVERS\msgame.sys
R3 tunmp;Microsoft Tun Miniport Adapter Driver;D:\WINDOWS\system32\DRIVERS\tunmp.sys
S3 Amusbprt;Compatible HID-compliant Mouse Driver;D:\WINDOWS\system32\DRIVERS\Amusbprt.sys
S3 sony_ssm.sys;sony_ssm.sys;\??\D:\DOCUME~1\JACOBK~1.JAC\LOCALS~1\Temp\sony_ssm.sys
S3 SQLAgent$SOSHOME22;SQLAgent$SOSHOME22;D:\Program Files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlagent.EXE -i SOSHOME22
S3 STEAMDVR;STEAMDVR;\??\H:\Program Files\Valve\Steam\bin\x86\SteamDvr.sys
S4 6to4;IPv6 Helper Service;D:\WINDOWS\system32\svchost.exe -k netsvcs
S4 Groove Games Licensing Service;Groove Games Licensing Service;"D:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe"
S4 MSSQL$SOSHOME22;MSSQL$SOSHOME22;D:\Program Files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlservr.exe -sSOSHOME22


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{470bf0be-6629-11db-8bea-000461687fac}]
AutoRun\command- K:\LaunchU3.exe -a


Contents of the 'Scheduled Tasks' folder
2007-08-08 08:39:01 D:\WINDOWS\Tasks\MP Scheduled Scan.job - D:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 07:10:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-08 7:12:39 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-08-08 07:12

--- E O F ---
megahurts is offline