Tech Support Forum - View Single Post - [SOLVED] Trojan.vundo, Constant Popups and slowed system.

frantheonlyter · 12-08-2007, 10:42 AM

Hello,

The only thing that changed is that Norton picked up two entries for trojan.vundo.

Here is my logs:

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:33:29 PM, on 2007/12/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\Francois\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\Francois.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.salestronics.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = dsl-cache.saix.net:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
O4 - HKLM\..\Run: [ntiMUI] "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Acer\OrbiCam\CameraAssistant.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Acer\OrbiCam\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196164825156
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12639 bytes

ComboFix:

ComboFix 07-12-02.7 - Francois 2007-12-08 18:48:52.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.453 [GMT 2:00]
Running from: C:\Documents and Settings\Francois\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Francois\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\nqtwa.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nqtwa.ini2

.
((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))
.

2007-12-05 16:33 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-05 15:34 . 2007-12-05 15:34 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-05 15:34 . 2007-12-06 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-30 15:56 . 2007-11-30 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-29 20:09 . 2007-11-29 20:09 <DIR> d-------- C:\Program Files\RegistrySmart
2007-11-29 20:09 . 2007-11-29 20:09 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\RegistrySmart
2007-11-29 19:49 . 2007-11-29 19:49 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-29 19:47 . 2007-11-29 19:48 <DIR> d-------- C:\Deckard
2007-11-29 19:33 . 2007-12-06 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-29 19:32 . 2007-12-06 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-29 18:51 . 2007-11-29 18:51 164 --a------ C:\install.dat
2007-11-28 21:24 . 2007-11-28 21:24 <DIR> d--hs---- C:\FOUND.000
2007-11-28 20:27 . 2003-09-03 15:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-11-28 20:27 . 2003-09-03 15:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-28 20:27 . 2003-09-03 15:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Acer
2007-11-27 23:04 . 2007-11-27 23:04 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-27 21:10 . 2007-11-27 21:11 38 --a------ C:\WINDOWS\avisplitter.INI
2007-11-27 21:00 . 2007-11-27 21:00 46,360 --a------ C:\WINDOWS\FontData.fdb
2007-11-27 20:58 . 2007-11-27 20:58 56 -r-hs---- C:\WINDOWS\system32\3557BE4C83.sys
2007-11-27 15:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-27 15:35 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-27 15:18 . 2007-11-27 15:18 <DIR> d-------- C:\Program Files\Corel
2007-11-27 15:18 . 2007-11-27 15:18 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-11-27 15:07 . 2007-11-27 15:07 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Corel
2007-11-27 15:06 . 2007-11-27 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-27 14:53 . 2007-11-27 20:58 3,610 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-27 14:29 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-11-27 14:29 . 2007-11-27 14:41 376 --a------ C:\WINDOWS\ODBC.INI
2007-11-27 14:15 . 2007-11-27 14:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-11-27 14:15 . 2007-11-27 14:15 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-11-27 14:14 . 2007-11-27 14:14 <DIR> d-------- C:\Program Files\Microsoft Works
2007-11-27 14:13 . 2007-11-27 14:13 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-27 14:13 . 2007-11-27 14:13 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-27 12:56 . 2007-11-27 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-27 12:48 . 2007-11-27 12:48 <DIR> d-------- C:\Program Files\Bonjour
2007-11-27 12:40 . 2007-11-27 12:40 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-26 21:59 . 2007-11-26 21:59 <DIR> d-------- C:\Program Files\EwisoftWeb
2007-11-23 15:36 . 2007-11-23 15:36 <DIR> d-------- C:\Program Files\Atari
2007-11-22 22:31 . 2007-11-22 22:31 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Media Player Classic
2007-11-22 22:30 . 2007-11-22 22:30 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-22 18:56 . 2007-11-22 18:56 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-11-22 18:45 . 2007-11-22 18:45 <DIR> d-------- C:\Program Files\Codemasters
2007-11-22 18:44 . 2007-11-22 18:44 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\InstallShield
2007-11-22 18:33 . 2007-11-22 18:33 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\AdobeUM
2007-11-21 15:13 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-11-21 15:13 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2007-11-21 15:13 . 2004-08-04 05:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-11-21 15:13 . 2004-08-04 05:00 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2007-11-21 10:10 . 2007-11-21 10:10 <DIR> d-------- C:\Program Files\The Witcher
2007-11-20 09:35 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-20 09:35 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-11-20 09:35 . 2007-11-21 10:20 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-11-20 09:35 . 2007-11-20 09:35 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-11-20 09:31 . 2007-11-20 09:31 <DIR> d-------- C:\Program Files\Ubisoft
2007-11-20 09:27 . 2007-11-20 09:27 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\DAEMON Tools Pro
2007-11-20 09:26 . 2007-11-20 09:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-11-20 09:24 . 2007-11-20 09:24 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2007-11-20 09:22 . 2007-11-20 09:22 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-20 09:18 . 2004-08-04 05:00 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-20 09:08 . 2007-11-20 09:08 <DIR> d--hs---- C:\Recycled
2007-11-20 08:57 . 2007-08-20 12:04 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-20 08:57 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-20 08:57 . 2007-03-08 07:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-20 08:57 . 2007-08-20 12:04 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-20 08:57 . 2007-08-20 12:04 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-20 08:57 . 2007-08-20 12:04 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-20 08:57 . 2007-08-20 12:04 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-20 08:57 . 2007-08-20 12:04 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-20 08:57 . 2007-08-17 12:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-20 05:53 . 2007-12-08 18:42 343 --a------ C:\WINDOWS\system32\eRLog.ini
2007-11-20 05:52 . 2007-11-20 05:52 92 --a------ C:\WINDOWS\GridV.UNI
2007-11-20 05:48 . 2007-11-20 05:48 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-11-20 05:48 . 2007-11-20 05:48 <DIR> d-------- C:\Program Files\Common Files\Acer
2007-11-20 05:46 . 2007-11-20 05:46 <DIR> d-------- C:\Program Files\WinPCap
2007-11-20 05:46 . 2006-01-23 12:41 78,208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys
2007-11-20 05:46 . 2007-11-20 05:46 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-20 05:46 . 2006-01-23 12:41 4,096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys
2007-11-20 05:45 . 2007-11-20 05:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2007-11-20 05:45 . 2007-11-20 05:45 <DIR> d-------- C:\Program Files\Launch Manager
2007-11-20 05:45 . 2007-11-20 05:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-11-20 05:45 . 2006-04-10 10:09 61,440 --a------ C:\WINDOWS\system32\acerGina.dll
2007-11-20 05:45 . 2002-12-19 15:58 49,152 --a------ C:\WINDOWS\system32\QtBtLib.dll
2007-11-20 05:45 . 2004-12-08 14:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2007-11-20 05:45 . 2004-12-09 12:04 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL
2007-11-20 05:45 . 2007-11-20 05:45 83 --a------ C:\WINDOWS\QtZgAcer.UNI
2007-11-20 05:45 . 2007-11-20 05:45 0 --a------ C:\WINDOWS\NT.INI
2007-11-20 05:43 . 2007-11-20 05:43 <DIR> d-------- C:\Documents and Settings\Francois\Bluetooth Software
2007-11-20 05:43 . 2006-01-20 15:56 225,350 --a------ C:\WINDOWS\system32\Epm-Po.dll
2007-11-20 05:43 . 2006-01-20 15:56 53,248 --a------ C:\WINDOWS\system32\acpimof.dll
2007-11-20 05:38 . 2007-11-20 05:38 <DIR> d-------- C:\Program Files\WIDCOMM
2007-11-20 05:38 . 2007-11-20 05:38 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\ATI
2007-11-20 05:31 . 2007-11-20 05:31 <DIR> d-------- C:\WINDOWS\Acer
2007-11-20 05:31 . 2007-11-20 05:31 <DIR> d-------- C:\Program Files\ATI Technologies
2007-11-20 05:30 . 2003-09-03 15:57 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Symantec
2007-11-20 05:30 . 2003-09-03 15:59 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\CyberLink
2007-11-20 05:30 . 2003-09-03 15:38 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Acer
2007-11-20 05:29 . 2003-09-03 15:57 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2007-11-20 05:29 . 2003-09-03 15:59 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\CyberLink
2007-11-20 05:29 . 2003-09-03 15:38 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer
2007-11-20 00:20 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\SET89.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 20:21 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-19 20:21 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-01 12:49 542,088 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-01 12:49 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-09-28 15:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 15:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 15:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-04_23.40.04.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-24 06:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.dll
+ 2007-03-29 07:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-05 14:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 12:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 09:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 11:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2007-11-12 07:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll
+ 2006-02-16 16:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-25 16:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2007-11-26 09:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll
+ 2004-05-04 13:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 11:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 08:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 11:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-16 16:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-05 14:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2007-06-04 09:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll
+ 2006-06-30 12:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 12:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2007-10-30 08:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll
+ 2006-08-01 11:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2006-08-23 11

08 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2007-10-31 11:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll
+ 2006-08-17 09:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 09:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 06:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 12:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 08:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 08:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 14:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 07:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 08:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 12:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 12:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 11:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 06:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 06:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-10-18 07:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll
+ 2007-11-23 12:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll
+ 2007-10-18 07:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll
+ 2007-10-30 09:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll
+ 2007-08-22 06:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll
+ 2007-11-12 13:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll
+ 2007-08-22 06:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll
+ 2007-08-22 06:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll
+ 2007-10-04 13:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll
+ 2007-10-23 09:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll
+ 2007-05-24 09:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll
+ 2007-04-18 15:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 12:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 2007-06-08 07:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys
+ 2007-06-05 08:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys
+ 1997-09-18 04:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-02-28 15:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2007-09-17 07:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll
+ 2003-03-25 16:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-12-13 21:31]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 00:25]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 00:22]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 00:26]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\SymProbe.exe" []
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 02:44 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 23:21]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 18:41]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-04-03 17:03]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-03-31 10:47]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-03-31 10:24]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-03-31 10:32]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-27 14:47:48]

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R1 OsaFsLoc;OsaFsLoc;\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys
R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys
R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys
S3 SDTHOOK;SDTHOOK;C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 20:33:18 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Francois.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2007-11-29 18:09:58 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 19:25:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 19:26:14 - machine was rebooted
C:\ComboFix3.txt ... 2007-12-04 23:41
C:\ComboFix2.txt ... 2007-12-05 15:29
.
--- E O F ---

12-08-2007, 10:42 AM	#9 (permalink)
frantheonlyter Registered User Join Date: Nov 2007 Posts: 12 OS: Windows XP Home Service Pack 2	Re: Trojan.vundo, Constant Popups and slowed system. Hello, The only thing that changed is that Norton picked up two entries for trojan.vundo. Here is my logs: HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:33:29 PM, on 2007/12/08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\DOCUME~1\Francois\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\Francois.exe C:\Program Files\Symantec\LiveUpdate\AUpdate.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.salestronics.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = dsl-cache.saix.net:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" O4 - HKLM\..\Run: [ntiMUI] "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Acer\OrbiCam\InstallHelper.exe" /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196164825156 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 12639 bytes ComboFix: ComboFix 07-12-02.7 - Francois 2007-12-08 18:48:52.3 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.453 [GMT 2:00] Running from: C:\Documents and Settings\Francois\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Francois\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\nqtwa.ini2 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\nqtwa.ini2 . ((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))) . 2007-12-05 16:33 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2007-12-05 15:34 . 2007-12-05 15:34 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-05 15:34 . 2007-12-06 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-11-30 15:56 . 2007-11-30 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-29 20:09 . 2007-11-29 20:09 <DIR> d-------- C:\Program Files\RegistrySmart 2007-11-29 20:09 . 2007-11-29 20:09 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\RegistrySmart 2007-11-29 19:49 . 2007-11-29 19:49 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-29 19:47 . 2007-11-29 19:48 <DIR> d-------- C:\Deckard 2007-11-29 19:33 . 2007-12-06 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-11-29 19:32 . 2007-12-06 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-11-29 18:51 . 2007-11-29 18:51 164 --a------ C:\install.dat 2007-11-28 21:24 . 2007-11-28 21:24 <DIR> d--hs---- C:\FOUND.000 2007-11-28 20:27 . 2003-09-03 15:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2007-11-28 20:27 . 2003-09-03 15:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink 2007-11-28 20:27 . 2003-09-03 15:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Acer 2007-11-27 23:04 . 2007-11-27 23:04 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-27 21:10 . 2007-11-27 21:11 38 --a------ C:\WINDOWS\avisplitter.INI 2007-11-27 21:00 . 2007-11-27 21:00 46,360 --a------ C:\WINDOWS\FontData.fdb 2007-11-27 20:58 . 2007-11-27 20:58 56 -r-hs---- C:\WINDOWS\system32\3557BE4C83.sys 2007-11-27 15:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-11-27 15:35 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-11-27 15:18 . 2007-11-27 15:18 <DIR> d-------- C:\Program Files\Corel 2007-11-27 15:18 . 2007-11-27 15:18 <DIR> d-------- C:\Program Files\Common Files\Corel 2007-11-27 15:07 . 2007-11-27 15:07 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Corel 2007-11-27 15:06 . 2007-11-27 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2007-11-27 14:53 . 2007-11-27 20:58 3,610 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-11-27 14:29 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-11-27 14:29 . 2007-11-27 14:41 376 --a------ C:\WINDOWS\ODBC.INI 2007-11-27 14:15 . 2007-11-27 14:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-11-27 14:15 . 2007-11-27 14:15 <DIR> d-------- C:\Program Files\Common Files\L&H 2007-11-27 14:14 . 2007-11-27 14:14 <DIR> d-------- C:\Program Files\Microsoft Works 2007-11-27 14:13 . 2007-11-27 14:13 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-11-27 14:13 . 2007-11-27 14:13 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-11-27 12:56 . 2007-11-27 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-11-27 12:48 . 2007-11-27 12:48 <DIR> d-------- C:\Program Files\Bonjour 2007-11-27 12:40 . 2007-11-27 12:40 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-11-26 21:59 . 2007-11-26 21:59 <DIR> d-------- C:\Program Files\EwisoftWeb 2007-11-23 15:36 . 2007-11-23 15:36 <DIR> d-------- C:\Program Files\Atari 2007-11-22 22:31 . 2007-11-22 22:31 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Media Player Classic 2007-11-22 22:30 . 2007-11-22 22:30 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-11-22 18:56 . 2007-11-22 18:56 <DIR> d-------- C:\Program Files\Common Files\DirectX 2007-11-22 18:45 . 2007-11-22 18:45 <DIR> d-------- C:\Program Files\Codemasters 2007-11-22 18:44 . 2007-11-22 18:44 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\InstallShield 2007-11-22 18:33 . 2007-11-22 18:33 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\AdobeUM 2007-11-21 15:13 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-21 15:13 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2007-11-21 15:13 . 2004-08-04 05:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-11-21 15:13 . 2004-08-04 05:00 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2007-11-21 10:10 . 2007-11-21 10:10 <DIR> d-------- C:\Program Files\The Witcher 2007-11-20 09:35 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-11-20 09:35 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-11-20 09:35 . 2007-11-21 10:20 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2007-11-20 09:35 . 2007-11-20 09:35 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2007-11-20 09:31 . 2007-11-20 09:31 <DIR> d-------- C:\Program Files\Ubisoft 2007-11-20 09:27 . 2007-11-20 09:27 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\DAEMON Tools Pro 2007-11-20 09:26 . 2007-11-20 09:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2007-11-20 09:24 . 2007-11-20 09:24 <DIR> d-------- C:\Program Files\DAEMON Tools Pro 2007-11-20 09:22 . 2007-11-20 09:22 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-20 09:18 . 2004-08-04 05:00 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-20 09:08 . 2007-11-20 09:08 <DIR> d--hs---- C:\Recycled 2007-11-20 08:57 . 2007-08-20 12:04 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-20 08:57 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-20 08:57 . 2007-03-08 07:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-11-20 08:57 . 2007-08-20 12:04 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-20 08:57 . 2007-08-20 12:04 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-20 08:57 . 2007-08-20 12:04 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-20 08:57 . 2007-08-20 12:04 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-20 08:57 . 2007-08-20 12:04 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-20 08:57 . 2007-08-17 12:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-20 05:53 . 2007-12-08 18:42 343 --a------ C:\WINDOWS\system32\eRLog.ini 2007-11-20 05:52 . 2007-11-20 05:52 92 --a------ C:\WINDOWS\GridV.UNI 2007-11-20 05:48 . 2007-11-20 05:48 <DIR> d-------- C:\Program Files\Common Files\Logitech 2007-11-20 05:48 . 2007-11-20 05:48 <DIR> d-------- C:\Program Files\Common Files\Acer 2007-11-20 05:46 . 2007-11-20 05:46 <DIR> d-------- C:\Program Files\WinPCap 2007-11-20 05:46 . 2006-01-23 12:41 78,208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys 2007-11-20 05:46 . 2007-11-20 05:46 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-11-20 05:46 . 2006-01-23 12:41 4,096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys 2007-11-20 05:45 . 2007-11-20 05:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel 2007-11-20 05:45 . 2007-11-20 05:45 <DIR> d-------- C:\Program Files\Launch Manager 2007-11-20 05:45 . 2007-11-20 05:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel 2007-11-20 05:45 . 2006-04-10 10:09 61,440 --a------ C:\WINDOWS\system32\acerGina.dll 2007-11-20 05:45 . 2002-12-19 15:58 49,152 --a------ C:\WINDOWS\system32\QtBtLib.dll 2007-11-20 05:45 . 2004-12-08 14:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS 2007-11-20 05:45 . 2004-12-09 12:04 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL 2007-11-20 05:45 . 2007-11-20 05:45 83 --a------ C:\WINDOWS\QtZgAcer.UNI 2007-11-20 05:45 . 2007-11-20 05:45 0 --a------ C:\WINDOWS\NT.INI 2007-11-20 05:43 . 2007-11-20 05:43 <DIR> d-------- C:\Documents and Settings\Francois\Bluetooth Software 2007-11-20 05:43 . 2006-01-20 15:56 225,350 --a------ C:\WINDOWS\system32\Epm-Po.dll 2007-11-20 05:43 . 2006-01-20 15:56 53,248 --a------ C:\WINDOWS\system32\acpimof.dll 2007-11-20 05:38 . 2007-11-20 05:38 <DIR> d-------- C:\Program Files\WIDCOMM 2007-11-20 05:38 . 2007-11-20 05:38 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\ATI 2007-11-20 05:31 . 2007-11-20 05:31 <DIR> d-------- C:\WINDOWS\Acer 2007-11-20 05:31 . 2007-11-20 05:31 <DIR> d-------- C:\Program Files\ATI Technologies 2007-11-20 05:30 . 2003-09-03 15:57 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Symantec 2007-11-20 05:30 . 2003-09-03 15:59 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\CyberLink 2007-11-20 05:30 . 2003-09-03 15:38 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Acer 2007-11-20 05:29 . 2003-09-03 15:57 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec 2007-11-20 05:29 . 2003-09-03 15:59 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\CyberLink 2007-11-20 05:29 . 2003-09-03 15:38 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer 2007-11-20 00:20 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\SET89.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-19 20:21 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-11-19 20:21 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-01 12:49 542,088 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-10-01 12:49 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-09-28 15:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 15:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 15:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-04_23.40.04.15 ))))))))))))))))))))))))))))))))))))))))) . + 2006-08-24 06:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\asinst.dll + 2007-03-29 07:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll + 2006-10-05 14:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll + 2005-06-03 12:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll + 2003-08-01 09:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll + 2005-05-20 11:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll + 2007-11-12 07:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll + 2006-02-16 16:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll + 2005-10-25 16:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll + 2007-11-26 09:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll + 2004-05-04 13:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll + 2006-07-14 11:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe + 2006-04-10 08:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll + 2006-02-14 11:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll + 2006-02-16 16:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll + 2006-10-05 14:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll + 2007-06-04 09:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll + 2006-06-30 12:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe + 2004-02-04 12:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll + 2007-10-30 08:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll + 2006-08-01 11:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll + 2006-08-23 1108 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll + 2007-10-31 11:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll + 2006-08-17 09:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll + 2006-09-04 09:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll + 2006-08-18 06:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll + 2007-03-26 12:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll + 2006-08-09 08:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll + 2006-07-19 08:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll + 2006-01-20 14:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll + 2006-05-17 07:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll + 2006-08-16 08:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll + 2006-06-30 12:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll + 2006-08-17 12:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll + 2006-08-08 11:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll + 2006-08-18 06:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll + 2006-08-18 06:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll + 2007-10-18 07:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll + 2007-11-23 12:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll + 2007-10-18 07:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll + 2007-10-30 09:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll + 2007-08-22 06:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll + 2007-11-12 13:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll + 2007-08-22 06:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll + 2007-08-22 06:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll + 2007-10-04 13:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll + 2007-10-23 09:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll + 2007-05-24 09:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll + 2007-04-18 15:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll + 2007-01-22 12:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll + 2007-06-08 07:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys + 2007-06-05 08:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys + 1997-09-18 04:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll + 2006-02-28 15:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll + 2007-09-17 07:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll + 2003-03-25 16:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-12-13 21:31] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 00:25] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 00:22] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 00:26] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19] "NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\SymProbe.exe" [] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 02:44 C:\WINDOWS\RTHDCPL.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 23:21] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 18:41] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-04-03 17:03] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-03-31 10:47] "LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-03-31 10:24] "LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-03-31 10:32] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-27 14:47:48] R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R1 OsaFsLoc;OsaFsLoc;\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys S3 SDTHOOK;SDTHOOK;C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys . Contents of the 'Scheduled Tasks' folder "2007-12-07 20:33:18 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Francois.job" - C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK: "2007-11-29 18:09:58 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job" - C:\Program Files\RegistrySmart\RegistrySmart.ex - C:\Program Files\RegistrySmart . ************************************************************************ catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-08 19:25:07 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-12-08 19:26:14 - machine was rebooted C:\ComboFix3.txt ... 2007-12-04 23:41 C:\ComboFix2.txt ... 2007-12-05 15:29 . --- E O F ---