Tech Support Forum - View Single Post

theone320 · 10-03-2007, 03:01 PM

ComboFix 07-10-04.1 - Alex 2007-10-03 22:53:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1145 [GMT 2:00]
Running from: C:\Documents and Settings\Alex\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.ini

.
((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-03 22:53 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-10-03 18:09 <DIR> d-------- C:\Program Files\nHancer
2007-10-03 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nHancer
2007-10-03 16:24 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-03 16:19 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-10-03 16:19 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-03 15:44 <DIR> d-------- C:\Deckard
2007-10-03 15:33 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-03 15:33 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-10-03 15:18 <DIR> d-------- C:\Program Files\hjt
2007-10-03 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 11:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-10-03 11:53 <DIR> d-------- C:\nVidia Forceware
2007-10-02 21:06 35,328 --a------ C:\WINDOWS\system32\gebyvvu.dll
2007-10-02 16:36 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-10-02 16:36 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-10-02 16:36 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-10-02 16:36 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-10-02 16:36 <DIR> d-------- C:\Program Files\Logitech
2007-10-02 16:36 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-10-02 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-02 16:36 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Logitech
2007-10-02 16:32 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-09-30 00:03 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\SystemRequirementsLab
2007-09-25 16:25 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-09-24 20:25 <DIR> d-------- C:\Program Files\Red Kawa
2007-09-16 13:01 <DIR> d-------- C:\Program Files\Stranglehold Demo
2007-09-13 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-09-13 18:57 <DIR> d-------- C:\Program Files\Winamp
2007-09-13 15:14 <DIR> d-------- C:\Program Files\Foxit Software
2007-09-10 20:14 25,896 --a------ C:\WINDOWS\system32\drivers\scramby.sys
2007-09-10 19:13 <DIR> d-------- C:\Program Files\Transclick
2007-09-10 19:13 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Transclick
2007-09-10 18:32 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-09-10 18:32 466,944 --------- C:\WINDOWS\Setup1.exe
2007-09-08 09:58 <DIR> d-------- C:\Program Files\Raxco
2007-09-08 09:58 <DIR> d-------- C:\Program Files\Common Files\Raxco
2007-09-08 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2007-09-04 17:03 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Bioshock
2007-09-04 17:01 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-04 16:50 <DIR> d-------- C:\Program Files\2K Games
2007-09-04 16:50 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 22:56 --------- d-------- C:\Program Files\cFosSpeed
2007-10-04 22:54 --------- d-------- C:\Documents and Settings\Alex\Application Data\uTorrent
2007-10-03 22:53 --------- d-------- C:\Documents and Settings\Alex\Application Data\Skype
2007-10-03 16:29 --------- d-------- C:\Documents and Settings\Alex\Application Data\OpenOffice.org2
2007-10-03 16:00 --------- d-------- C:\Program Files\Zune
2007-10-03 15:56 --------- d-------- C:\Program Files\mIRC
2007-10-03 15:55 --------- d-------- C:\Program Files\DAEMON Tools Pro
2007-10-03 14:01 --------- d-------- C:\Program Files\CDisplayEx
2007-10-03 13:22 --------- d-------- C:\Program Files\Steam
2007-10-03 13:19 --------- d-------- C:\Program Files\DriverCleanerDotNET
2007-10-03 00:14 --------- d-------- C:\Program Files\IGN
2007-10-03 00:14 --------- d-------- C:\Documents and Settings\Alex\Application Data\IGN_DLM
2007-10-02 16:36 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-10-02 16:31 --------- d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2007-09-30 00:14 --------- d-------- C:\Documents and Settings\Alex\Application Data\Hamachi
2007-09-29 16:27 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2007-09-27 15:20 --------- d-------- C:\Program Files\QuickTime Alternative
2007-09-26 22:15 --------- d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-09-25 16:47 --------- d-------- C:\Documents and Settings\Alex\Application Data\Ahead
2007-09-25 16:25 --------- d-------- C:\Program Files\OpenOffice.org 2.2
2007-09-23 18:27 --------- d-------- C:\Program Files\Silkroad
2007-09-23 18:24 --------- d-------- C:\Program Files\PokerStars
2007-09-17 01:07 8491008 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-09-17 01:07 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-09-17 01:07 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-09-17 01:07 6853088 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-17 01:07 6746112 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-09-17 01:07 6344704 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-09-17 01:07 5783040 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-09-17 01:07 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-09-17 01:07 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 01:07 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-09-17 01:07 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-09-17 01:07 36864 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-09-17 01:07 36864 --a------ C:\WINDOWS\system32\nvcod.dll
2007-09-17 01:07 364544 --a------ C:\WINDOWS\system32\nvapi.dll
2007-09-17 01:07 356352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-09-17 01:07 3551232 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-09-17 01:07 3334144 --a------ C:\WINDOWS\system32\nvgames.dll
2007-09-17 01:07 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 01:07 2371584 --a------ C:\WINDOWS\system32\nvwss.dll
2007-09-17 01:07 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-09-17 01:07 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-09-17 01:07 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 01:07 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-09-17 01:07 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-09-17 01:07 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-09-17 01:07 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-09-17 01:07 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 01:07 1150976 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-09-17 01:07 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-09-06 18:56 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-09-06 18:56 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-09-06 18:56 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-09-03 16:30 25544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-09-03 16:30 --------- d-------- C:\Program Files\Hamachi
2007-09-01 19:50 --------- d-------- C:\Program Files\THQ
2007-09-01 15:37 --------- d-------- C:\Program Files\Sternenschiff
2007-09-01 15:16 --------- d-------- C:\Documents and Settings\Alex\Application Data\ICAClient
2007-09-01 15:09 --------- d-------- C:\Program Files\Microsoft Silverlight
2007-08-30 20:23 --------- d-------- C:\Program Files\UBISOFT
2007-08-30 20:21 --------- d-------- C:\Documents and Settings\Alex\Application Data\RapidCRC
2007-08-30 19:35 --------- d-------- C:\Program Files\RapidCRC
2007-08-29 15:59 --------- d-------- C:\Program Files\Analog Devices
2007-08-28 17:41 36864 --a------ C:\WINDOWS\system32\drivers\SSHDRV61.sys
2007-08-28 17:05 55808 --a------ C:\WINDOWS\system32\drivers\xusb21.sys
2007-08-28 16:19 --------- d-------- C:\Program Files\PeerGuardian2
2007-08-26 18:47 --------- dr-h----- C:\Documents and Settings\Alex\Application Data\SecuROM
2007-08-24 15:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2007-08-23 19:09 --------- d-------- C:\Documents and Settings\All Users\Application Data\POPWWPROFILES
2007-08-23 18:27 --------- d-------- C:\Documents and Settings\Alex\Application Data\Talkback
2007-08-23 17:11 51600 --a------ C:\WINDOWS\system32\RadLightMPCUninstall.exe
2007-08-22 16:12 696784 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
2007-08-22 16:12 281552 --a------ C:\WINDOWS\system32\cfosspeed.dll
2007-08-20 15:48 --------- d-------- C:\Program Files\SiSoftware
2007-08-20 11:14 --------- d-------- C:\Program Files\Electronic Arts
2007-08-18 22:04 --------- d-------- C:\Program Files\GameWiz32
2007-08-16 16:17 51568 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-08-16 11:55 --------- d-------- C:\Program Files\Windows Media-Komponenten
2007-08-16 11:55 --------- d-------- C:\Program Files\Encode360
2007-08-15 11:32 --------- d-------- C:\Program Files\MSXML 6.0
2007-08-15 11:31 --------- d-------- C:\Program Files\MSXML 4.0
2007-08-12 16:47 --------- d-------- C:\Documents and Settings\Alex\Application Data\teamspeak2
2007-08-12 16:46 --------- d-------- C:\Program Files\Teamspeak2_RC2
2007-08-12 03:28 --------- d-------- C:\Program Files\YAMIKUMO
2007-08-07 07:37 --------- d-------- C:\Program Files\Peach Princess
2007-08-05 18:53 --------- d-------- C:\Program Files\SystemRequirementsLab
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2006-09-21 15:40]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-09-09 10:44]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2007-04-03 20:55]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 08:06]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-08-22 16:12]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08]
"nHancer"="C:\Program Files\nHancer\nHancer.exe" [2007-10-03 14:19]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-02 16:36:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-02 16:36:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8CEFE835-8EBF-420F-AFA2-807008E32917}"= C:\WINDOWS\system32\gebyvvu.dll [2007-10-02 21:06 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyvvu]
gebyvvu.dll 2007-10-02 21:06 35328 C:\WINDOWS\system32\gebyvvu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R0 Si3132;SiI-3132 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3132.sys
R1 SSHDRV61;SSHDRV61;\??\C:\WINDOWS\system32\drivers\SSHDRV61.sys
R2 nHancer;nHancer Support;"C:\Program Files\nHancer\nHancerService.exe"
R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys
S3 ADIDTSFiltService;ADI DTS Filter Service;C:\WINDOWS\system32\drivers\adidts.sys
S3 cmigameport;cmigameport;C:\WINDOWS\system32\drivers\cmigameport.sys
S3 PDExchange;PDExchange;"C:\Program Files\Raxco\PerfectDisk\PDExchange.exe"
S3 SANDRA;SANDRA;\??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Sandra.sys
S3 scramby;Scramby Microphone;C:\WINDOWS\system32\drivers\scramby.sys
S3 Xponaut_WBD;Xponaut WaveBridge Device (WDM);C:\WINDOWS\system32\drivers\xpntwbd.sys
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21;C:\WINDOWS\system32\DRIVERS\xusb21.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43995a54-6233-11dc-9ed3-044b80808003}]
AutoRun\command- I:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f4016ca-56f7-11dc-9eb9-044b80808003}]
AutoRun\command- I:\Launch.exe

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 22:56:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-04 22:57:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-04 22:57
C:\ComboFix2.txt ... 2007-10-03 12:18
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:10, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\nHancer\nHancerService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\nHancer\nHancer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=66.98.238.8:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D585446-0F65-49CE-8C07-9C3A976CCDCA}: NameServer = 192.168.178.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: gebyvvu - C:\WINDOWS\SYSTEM32\gebyvvu.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 9400 bytes

10-03-2007, 03:01 PM	#3 (permalink)
theone320 Registered User Join Date: Oct 2007 Posts: 4 OS: Windows XP SP2	Re: Trojan Suspicion ComboFix 07-10-04.1 - Alex 2007-10-03 22:53:53.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1145 [GMT 2:00] Running from: C:\Documents and Settings\Alex\desktop\combofix.exe Command switches used :: /killall * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\WINDOWS\system32\awtst.dll C:\WINDOWS\system32\tstwa.bak1 C:\WINDOWS\system32\tstwa.bak2 C:\WINDOWS\system32\tstwa.ini . ((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 ))))))))))))))))))))))))))))))) . 2007-10-03 22:53 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-03 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA 2007-10-03 18:09 <DIR> d-------- C:\Program Files\nHancer 2007-10-03 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nHancer 2007-10-03 16:24 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-03 16:19 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-10-03 16:19 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-03 15:44 <DIR> d-------- C:\Deckard 2007-10-03 15:33 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-03 15:33 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2007-10-03 15:18 <DIR> d-------- C:\Program Files\hjt 2007-10-03 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-03 11:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-10-03 11:53 <DIR> d-------- C:\nVidia Forceware 2007-10-02 21:06 35,328 --a------ C:\WINDOWS\system32\gebyvvu.dll 2007-10-02 16:36 69,632 --a------ C:\WINDOWS\system32\KemXML.dll 2007-10-02 16:36 163,840 --a------ C:\WINDOWS\system32\kemutb.dll 2007-10-02 16:36 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll 2007-10-02 16:36 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll 2007-10-02 16:36 <DIR> d-------- C:\Program Files\Logitech 2007-10-02 16:36 <DIR> d-------- C:\Program Files\Common Files\Logitech 2007-10-02 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2007-10-02 16:36 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Logitech 2007-10-02 16:32 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS 2007-09-30 00:03 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\SystemRequirementsLab 2007-09-25 16:25 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3 2007-09-24 20:25 <DIR> d-------- C:\Program Files\Red Kawa 2007-09-16 13:01 <DIR> d-------- C:\Program Files\Stranglehold Demo 2007-09-13 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2007-09-13 18:57 <DIR> d-------- C:\Program Files\Winamp 2007-09-13 15:14 <DIR> d-------- C:\Program Files\Foxit Software 2007-09-10 20:14 25,896 --a------ C:\WINDOWS\system32\drivers\scramby.sys 2007-09-10 19:13 <DIR> d-------- C:\Program Files\Transclick 2007-09-10 19:13 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Transclick 2007-09-10 18:32 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-09-10 18:32 466,944 --------- C:\WINDOWS\Setup1.exe 2007-09-08 09:58 <DIR> d-------- C:\Program Files\Raxco 2007-09-08 09:58 <DIR> d-------- C:\Program Files\Common Files\Raxco 2007-09-08 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco 2007-09-04 17:03 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\Bioshock 2007-09-04 17:01 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-09-04 16:50 <DIR> d-------- C:\Program Files\2K Games 2007-09-04 16:50 <DIR> d-------- C:\Documents and Settings\Alex\Application Data\InstallShield . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-04 22:56 --------- d-------- C:\Program Files\cFosSpeed 2007-10-04 22:54 --------- d-------- C:\Documents and Settings\Alex\Application Data\uTorrent 2007-10-03 22:53 --------- d-------- C:\Documents and Settings\Alex\Application Data\Skype 2007-10-03 16:29 --------- d-------- C:\Documents and Settings\Alex\Application Data\OpenOffice.org2 2007-10-03 16:00 --------- d-------- C:\Program Files\Zune 2007-10-03 15:56 --------- d-------- C:\Program Files\mIRC 2007-10-03 15:55 --------- d-------- C:\Program Files\DAEMON Tools Pro 2007-10-03 14:01 --------- d-------- C:\Program Files\CDisplayEx 2007-10-03 13:22 --------- d-------- C:\Program Files\Steam 2007-10-03 13:19 --------- d-------- C:\Program Files\DriverCleanerDotNET 2007-10-03 00:14 --------- d-------- C:\Program Files\IGN 2007-10-03 00:14 --------- d-------- C:\Documents and Settings\Alex\Application Data\IGN_DLM 2007-10-02 16:36 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-10-02 16:31 --------- d-------- C:\Program Files\Microsoft Xbox 360 Accessories 2007-09-30 00:14 --------- d-------- C:\Documents and Settings\Alex\Application Data\Hamachi 2007-09-29 16:27 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf 2007-09-27 15:20 --------- d-------- C:\Program Files\QuickTime Alternative 2007-09-26 22:15 --------- d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-09-25 16:47 --------- d-------- C:\Documents and Settings\Alex\Application Data\Ahead 2007-09-25 16:25 --------- d-------- C:\Program Files\OpenOffice.org 2.2 2007-09-23 18:27 --------- d-------- C:\Program Files\Silkroad 2007-09-23 18:24 --------- d-------- C:\Program Files\PokerStars 2007-09-17 01:07 8491008 --a------ C:\WINDOWS\system32\nvcpl.dll 2007-09-17 01:07 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2007-09-17 01:07 81920 --a------ C:\WINDOWS\system32\nvmctray.dll 2007-09-17 01:07 6853088 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-09-17 01:07 6746112 --a------ C:\WINDOWS\system32\nvoglnt.dll 2007-09-17 01:07 6344704 --a------ C:\WINDOWS\system32\nvdisps.dll 2007-09-17 01:07 5783040 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-09-17 01:07 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-09-17 01:07 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2007-09-17 01:07 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-09-17 01:07 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-09-17 01:07 36864 --a------ C:\WINDOWS\system32\nvcodins.dll 2007-09-17 01:07 36864 --a------ C:\WINDOWS\system32\nvcod.dll 2007-09-17 01:07 364544 --a------ C:\WINDOWS\system32\nvapi.dll 2007-09-17 01:07 356352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-09-17 01:07 3551232 --a------ C:\WINDOWS\system32\nvvitvs.dll 2007-09-17 01:07 3334144 --a------ C:\WINDOWS\system32\nvgames.dll 2007-09-17 01:07 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2007-09-17 01:07 2371584 --a------ C:\WINDOWS\system32\nvwss.dll 2007-09-17 01:07 229376 --a------ C:\WINDOWS\system32\nvmccs.dll 2007-09-17 01:07 188416 --a------ C:\WINDOWS\system32\nvmccss.dll 2007-09-17 01:07 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-09-17 01:07 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-09-17 01:07 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe 2007-09-17 01:07 1478656 --a------ C:\WINDOWS\system32\nview.dll 2007-09-17 01:07 147456 --a------ C:\WINDOWS\system32\nvcolor.exe 2007-09-17 01:07 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-09-17 01:07 1150976 --a------ C:\WINDOWS\system32\nvmobls.dll 2007-09-17 01:07 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-09-06 18:56 753664 --a------ C:\WINDOWS\system32\nvcplui.exe 2007-09-06 18:56 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll 2007-09-06 18:56 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll 2007-09-03 16:30 25544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-09-03 16:30 --------- d-------- C:\Program Files\Hamachi 2007-09-01 19:50 --------- d-------- C:\Program Files\THQ 2007-09-01 15:37 --------- d-------- C:\Program Files\Sternenschiff 2007-09-01 15:16 --------- d-------- C:\Documents and Settings\Alex\Application Data\ICAClient 2007-09-01 15:09 --------- d-------- C:\Program Files\Microsoft Silverlight 2007-08-30 20:23 --------- d-------- C:\Program Files\UBISOFT 2007-08-30 20:21 --------- d-------- C:\Documents and Settings\Alex\Application Data\RapidCRC 2007-08-30 19:35 --------- d-------- C:\Program Files\RapidCRC 2007-08-29 15:59 --------- d-------- C:\Program Files\Analog Devices 2007-08-28 17:41 36864 --a------ C:\WINDOWS\system32\drivers\SSHDRV61.sys 2007-08-28 17:05 55808 --a------ C:\WINDOWS\system32\drivers\xusb21.sys 2007-08-28 16:19 --------- d-------- C:\Program Files\PeerGuardian2 2007-08-26 18:47 --------- dr-h----- C:\Documents and Settings\Alex\Application Data\SecuROM 2007-08-24 15:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf 2007-08-23 19:09 --------- d-------- C:\Documents and Settings\All Users\Application Data\POPWWPROFILES 2007-08-23 18:27 --------- d-------- C:\Documents and Settings\Alex\Application Data\Talkback 2007-08-23 17:11 51600 --a------ C:\WINDOWS\system32\RadLightMPCUninstall.exe 2007-08-22 16:12 696784 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys 2007-08-22 16:12 281552 --a------ C:\WINDOWS\system32\cfosspeed.dll 2007-08-20 15:48 --------- d-------- C:\Program Files\SiSoftware 2007-08-20 11:14 --------- d-------- C:\Program Files\Electronic Arts 2007-08-18 22:04 --------- d-------- C:\Program Files\GameWiz32 2007-08-16 16:17 51568 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-08-16 11:55 --------- d-------- C:\Program Files\Windows Media-Komponenten 2007-08-16 11:55 --------- d-------- C:\Program Files\Encode360 2007-08-15 11:32 --------- d-------- C:\Program Files\MSXML 6.0 2007-08-15 11:31 --------- d-------- C:\Program Files\MSXML 4.0 2007-08-12 16:47 --------- d-------- C:\Documents and Settings\Alex\Application Data\teamspeak2 2007-08-12 16:46 --------- d-------- C:\Program Files\Teamspeak2_RC2 2007-08-12 03:28 --------- d-------- C:\Program Files\YAMIKUMO 2007-08-07 07:37 --------- d-------- C:\Program Files\Peach Princess 2007-08-05 18:53 --------- d-------- C:\Program Files\SystemRequirementsLab 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2006-09-21 15:40] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-09-09 10:44] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2007-04-03 20:55] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 08:06] "cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-08-22 16:12] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07] "nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08] "nHancer"="C:\Program Files\nHancer\nHancer.exe" [2007-10-03 14:19] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "ShowDeskFix"=regsvr32 /s /n /i:u shell32 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-02 16:36:14] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-02 16:36:14] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{8CEFE835-8EBF-420F-AFA2-807008E32917}"= C:\WINDOWS\system32\gebyvvu.dll [2007-10-02 21:06 35328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyvvu] gebyvvu.dll 2007-10-02 21:06 35328 C:\WINDOWS\system32\gebyvvu.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" R0 Si3132;SiI-3132 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3132.sys R1 SSHDRV61;SSHDRV61;\??\C:\WINDOWS\system32\drivers\SSHDRV61.sys R2 nHancer;nHancer Support;"C:\Program Files\nHancer\nHancerService.exe" R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys S3 ADIDTSFiltService;ADI DTS Filter Service;C:\WINDOWS\system32\drivers\adidts.sys S3 cmigameport;cmigameport;C:\WINDOWS\system32\drivers\cmigameport.sys S3 PDExchange;PDExchange;"C:\Program Files\Raxco\PerfectDisk\PDExchange.exe" S3 SANDRA;SANDRA;\??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Sandra.sys S3 scramby;Scramby Microphone;C:\WINDOWS\system32\drivers\scramby.sys S3 Xponaut_WBD;Xponaut WaveBridge Device (WDM);C:\WINDOWS\system32\drivers\xpntwbd.sys S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21;C:\WINDOWS\system32\DRIVERS\xusb21.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43995a54-6233-11dc-9ed3-044b80808003}] AutoRun\command- I:\Launch.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f4016ca-56f7-11dc-9eb9-044b80808003}] AutoRun\command- I:\Launch.exe . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-04 22:56:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-04 22:57:21 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-04 22:57 C:\ComboFix2.txt ... 2007-10-03 12:18 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:00:10, on 10/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20627) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\cFosSpeed\spd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\nHancer\nHancerService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\cFosSpeed\cFosSpeed.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\nHancer\nHancer.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=66.98.238.8:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2D585446-0F65-49CE-8C07-9C3A976CCDCA}: NameServer = 192.168.178.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: gebyvvu - C:\WINDOWS\SYSTEM32\gebyvvu.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 9400 bytes