Tech Support Forum - View Single Post

john123 · 12-16-2007, 05:05 PM

Okay here is the next log from comboofix.

thankis

ComboFix 07-12-15.5 - John 2007-12-17 18:54:52.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.622 [GMT -5:00]
Running from: C:\Documents and Settings\John\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\John\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\w32drv10.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))
.

2007-12-17 10:42 . 2007-12-17 12:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-17 10:42 . 2007-12-17 10:42 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-16 20:25 . 2007-12-16 20:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-16 18:15 . 2007-12-04 20:31 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-13 21:49 . 2007-12-16 23:40 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-12 19:28 . 2007-12-16 22:52 <DIR> d-------- C:\Program Files\iTunes
2007-12-12 19:26 . 2007-12-12 19:26 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-12 19:26 . 2007-12-12 19:26 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-12 19:26 . 2007-12-12 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-05 15:32 . 2007-12-05 15:32 <DIR> d-------- C:\Deckard
2007-12-05 15:01 . 2007-12-05 15:01 <DIR> d-------- C:\New Folder (2)
2007-12-04 23:57 . 2007-12-04 23:57 <DIR> d-------- C:\KAV
2007-12-04 20:26 . 2007-12-04 20:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-04 20:26 . 2007-12-04 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-04 20:19 . 2007-12-04 20:19 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-03 22:04 . 2007-12-03 22:10 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-12-03 21:59 . 2007-12-03 21:59 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-03 19:25 . 2007-12-03 19:25 <DIR> d-------- C:\Program Files\New Folder 1
2007-12-03 19:24 . 2007-12-03 19:24 <DIR> d-------- C:\Documents and Settings\John\Application Data\DivX
2007-12-03 19:23 . 2007-10-19 19:56 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-03 19:23 . 2007-10-19 19:56 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-03 19:23 . 2007-10-19 19:56 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-03 19:09 . 2007-12-03 19:09 <DIR> d-------- C:\XRAYS
2007-12-03 19:09 . 1993-05-12 00:00 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
2007-12-03 19:09 . 1993-04-28 00:00 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL
2007-12-03 18:26 . 2007-12-03 18:26 <DIR> d-------- C:\finalburner
2007-12-03 18:26 . 2007-12-03 18:26 <DIR> d-------- C:\Documents and Settings\John\Application Data\FinalBurner Video DVD
2007-12-03 17:12 . 2007-12-03 17:12 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-12-03 17:12 . 2007-12-03 17:12 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-12-03 17:11 . 2007-12-03 18:53 <DIR> d-------- C:\Program Files\Gabest
2007-12-03 17:07 . 2007-12-03 17:07 <DIR> d-------- C:\New Folder
2007-12-02 12:40 . 2007-12-02 12:40 <DIR> d-------- C:\WINDOWS\ASYM
2007-12-02 12:40 . 2007-12-02 12:40 <DIR> d-------- C:\CLINATLS
2007-12-02 12:40 . 1998-08-24 16:24 109 --a------ C:\WINDOWS\TB50.INI
2007-12-02 12:40 . 2007-12-02 12:40 0 --a------ C:\WINDOWS\asym.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 23:54 --------- d-----w C:\Program Files\Eraser
2007-12-17 23:51 --------- d-----w C:\Documents and Settings\John\Application Data\BitTorrent DNA
2007-12-17 22:03 --------- d-----w C:\Documents and Settings\John\Application Data\Skype
2007-12-17 16:39 --------- d-----w C:\Documents and Settings\John\Application Data\BitTorrent
2007-12-17 03:54 --------- d-----w C:\Program Files\MSN Messenger
2007-12-17 03:53 --------- d-----w C:\Program Files\ltmoh
2007-12-17 03:50 --------- d-----w C:\Program Files\Google
2007-12-17 03:49 --------- d-----w C:\Program Files\BitTorrent_DNA
2007-12-17 03:47 --------- d-----w C:\Program Files\Apoint2K
2007-12-14 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-13 00:28 --------- d-----w C:\Program Files\QuickTime
2007-12-13 00:28 --------- d-----w C:\Program Files\iPod
2007-12-13 00:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-06 22:40 --------- d-----w C:\Documents and Settings\John\Application Data\AVG7
2007-12-04 00:43 --------- d-----w C:\Program Files\DivX
2007-12-03 21:02 --------- d-----w C:\Program Files\TVU Player
2007-11-14 14:57 --------- d-----w C:\Program Files\PokerStars
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-03 23:35 --------- d-----w C:\Program Files\Full Tilt Poker
2007-11-03 18:39 --------- d-----w C:\Program Files\BitTorrent
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-10-08 19:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2006-11-28 02:13 6,440,983 ----a-w C:\Program Files\VideoraiPodConverter_Install.exe
2006-11-21 05:20 2,017,280 ----a-w C:\Program Files\ewpwin264en.exe
2006-10-13 01:32 22,616 ----a-w C:\Documents and Settings\John\Application Data\GDIPFONTCACHEV1.DAT
2006-02-28 01:15 2,509,704 ----a-w C:\Program Files\fgf171.exe
2006-02-27 23:08 2,417,824 ----a-w C:\Program Files\winzip90sr1.exe
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-16_20.29.55.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-24 13:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
- 2003-08-01 19:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2003-08-01 16:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2007-11-12 14:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll
+ 2007-11-26 16:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll
+ 2007-06-04 16:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll
+ 2007-10-30 15:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll
- 2006-08-23 21

08 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2007-11-21 15:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2007-10-31 18:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll
+ 2007-10-18 14:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll
+ 2007-11-23 19:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll
+ 2007-10-18 14:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll
+ 2007-10-30 16:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll
+ 2007-08-22 13:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll
+ 2007-11-12 20:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll
+ 2007-08-22 13:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll
+ 2007-08-22 13:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll
+ 2007-10-04 20:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll
+ 2007-10-23 16:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll
+ 2007-05-24 16:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll
+ 2007-06-08 14:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys
+ 2007-06-05 15:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys
+ 2007-09-17 14:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 03:32]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 23:46]
"Super Audio Grabber 3.0"="C:\Program Files\Ailansoft\Super Audio Grabber 3.0\SAGrab.exe/a" []
"Eraser"="C:\Program Files\Eraser\eraser.exe" [2006-08-07 16:07]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-11-03 13:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 00:55]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 00:52]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 00:55]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 02:49 C:\WINDOWS\RTHDCPL.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 09:40]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 19:28]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 14:13]
"NDSTray.exe"="NDSTray.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 08:20]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 12:58 C:\WINDOWS\system32\ZoomingHook.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 19:13]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 16:45]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 15:25]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 16:45]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-12-05 17:50 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2005-12-27 19:34 C:\WINDOWS\system32\TDispVol.exe]
"TPSMain"="TPSMain.exe" [2005-05-31 20:16 C:\WINDOWS\system32\TPSMain.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-17 14:37]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 17:29 C:\WINDOWS\agrsmmsg.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 15:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 14:41]
"CFSServ.exe"="CFSServ.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-26 16:30]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2005-12-13 01:18]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-08 22:09]
"Super Audio Grabber 3.0"="C:\Program Files\Ailansoft\Super Audio Grabber 3.0\SAGrab.exe/a" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 16:30]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-12-21 21:00:05]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\Program Files\Eraser\eraser.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys
S3 DLKRCB;D-Link DFE-690TXD CardBus PC Card;C:\WINDOWS\system32\DRIVERS\DLKRCB.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 00:02:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2006-02-13 13:42:32 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-02-13 13:42:33 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 19:02:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\TDispVol.dll
.
Completion time: 2007-12-17 19:03:46 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-17 10:43
C:\ComboFix3.txt ... 2007-12-16 20:30
.
2007-12-14 23:18:26 --- E O F ---

12-16-2007, 05:05 PM	#25 (permalink)
john123 Registered User Join Date: Dec 2007 Posts: 15 OS: xp	Re: trojan and hijack log Okay here is the next log from comboofix. thankis ComboFix 07-12-15.5 - John 2007-12-17 18:54:52.7 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.622 [GMT -5:00] Running from: C:\Documents and Settings\John\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\John\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\w32drv10.exe . ((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))) . 2007-12-17 10:42 . 2007-12-17 12:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-17 10:42 . 2007-12-17 10:42 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-16 20:25 . 2007-12-16 20:25 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-16 18:15 . 2007-12-04 20:31 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-12-13 21:49 . 2007-12-16 23:40 <DIR> d-------- C:\Program Files\Windows Defender 2007-12-12 19:28 . 2007-12-16 22:52 <DIR> d-------- C:\Program Files\iTunes 2007-12-12 19:26 . 2007-12-12 19:26 <DIR> d-------- C:\Program Files\Common Files\Apple 2007-12-12 19:26 . 2007-12-12 19:26 <DIR> d-------- C:\Program Files\Apple Software Update 2007-12-12 19:26 . 2007-12-12 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-12-05 15:32 . 2007-12-05 15:32 <DIR> d-------- C:\Deckard 2007-12-05 15:01 . 2007-12-05 15:01 <DIR> d-------- C:\New Folder (2) 2007-12-04 23:57 . 2007-12-04 23:57 <DIR> d-------- C:\KAV 2007-12-04 20:26 . 2007-12-04 20:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-04 20:26 . 2007-12-04 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-04 20:19 . 2007-12-04 20:19 <DIR> d--h----- C:\WINDOWS\PIF 2007-12-03 22:04 . 2007-12-03 22:10 <DIR> d-------- C:\Program Files\DAEMON Tools 2007-12-03 21:59 . 2007-12-03 21:59 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-03 19:25 . 2007-12-03 19:25 <DIR> d-------- C:\Program Files\New Folder 1 2007-12-03 19:24 . 2007-12-03 19:24 <DIR> d-------- C:\Documents and Settings\John\Application Data\DivX 2007-12-03 19:23 . 2007-10-19 19:56 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-12-03 19:23 . 2007-10-19 19:56 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-12-03 19:23 . 2007-10-19 19:56 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-12-03 19:09 . 2007-12-03 19:09 <DIR> d-------- C:\XRAYS 2007-12-03 19:09 . 1993-05-12 00:00 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL 2007-12-03 19:09 . 1993-04-28 00:00 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL 2007-12-03 18:26 . 2007-12-03 18:26 <DIR> d-------- C:\finalburner 2007-12-03 18:26 . 2007-12-03 18:26 <DIR> d-------- C:\Documents and Settings\John\Application Data\FinalBurner Video DVD 2007-12-03 17:12 . 2007-12-03 17:12 <DIR> d-------- C:\Program Files\AviSynth 2.5 2007-12-03 17:12 . 2007-12-03 17:12 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe 2007-12-03 17:11 . 2007-12-03 18:53 <DIR> d-------- C:\Program Files\Gabest 2007-12-03 17:07 . 2007-12-03 17:07 <DIR> d-------- C:\New Folder 2007-12-02 12:40 . 2007-12-02 12:40 <DIR> d-------- C:\WINDOWS\ASYM 2007-12-02 12:40 . 2007-12-02 12:40 <DIR> d-------- C:\CLINATLS 2007-12-02 12:40 . 1998-08-24 16:24 109 --a------ C:\WINDOWS\TB50.INI 2007-12-02 12:40 . 2007-12-02 12:40 0 --a------ C:\WINDOWS\asym.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-17 23:54 --------- d-----w C:\Program Files\Eraser 2007-12-17 23:51 --------- d-----w C:\Documents and Settings\John\Application Data\BitTorrent DNA 2007-12-17 22:03 --------- d-----w C:\Documents and Settings\John\Application Data\Skype 2007-12-17 16:39 --------- d-----w C:\Documents and Settings\John\Application Data\BitTorrent 2007-12-17 03:54 --------- d-----w C:\Program Files\MSN Messenger 2007-12-17 03:53 --------- d-----w C:\Program Files\ltmoh 2007-12-17 03:50 --------- d-----w C:\Program Files\Google 2007-12-17 03:49 --------- d-----w C:\Program Files\BitTorrent_DNA 2007-12-17 03:47 --------- d-----w C:\Program Files\Apoint2K 2007-12-14 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-13 00:28 --------- d-----w C:\Program Files\QuickTime 2007-12-13 00:28 --------- d-----w C:\Program Files\iPod 2007-12-13 00:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-06 22:40 --------- d-----w C:\Documents and Settings\John\Application Data\AVG7 2007-12-04 00:43 --------- d-----w C:\Program Files\DivX 2007-12-03 21:02 --------- d-----w C:\Program Files\TVU Player 2007-11-14 14:57 --------- d-----w C:\Program Files\PokerStars 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-03 23:35 --------- d-----w C:\Program Files\Full Tilt Poker 2007-11-03 18:39 --------- d-----w C:\Program Files\BitTorrent 2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-10-08 19:14 737,280 ----a-w C:\WINDOWS\iun6002.exe 2006-11-28 02:13 6,440,983 ----a-w C:\Program Files\VideoraiPodConverter_Install.exe 2006-11-21 05:20 2,017,280 ----a-w C:\Program Files\ewpwin264en.exe 2006-10-13 01:32 22,616 ----a-w C:\Documents and Settings\John\Application Data\GDIPFONTCACHEV1.DAT 2006-02-28 01:15 2,509,704 ----a-w C:\Program Files\fgf171.exe 2006-02-27 23:08 2,417,824 ----a-w C:\Program Files\winzip90sr1.exe 2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-16_20.29.55.90 ))))))))))))))))))))))))))))))))))))))))) . + 2006-08-24 13:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll - 2003-08-01 19:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll + 2003-08-01 16:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll + 2007-11-12 14:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll + 2007-11-26 16:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll + 2007-06-04 16:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll + 2007-10-30 15:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll - 2006-08-23 2108 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll + 2007-11-21 15:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll + 2007-10-31 18:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll + 2007-10-18 14:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll + 2007-11-23 19:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll + 2007-10-18 14:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll + 2007-10-30 16:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll + 2007-08-22 13:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll + 2007-11-12 20:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll + 2007-08-22 13:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll + 2007-08-22 13:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll + 2007-10-04 20:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll + 2007-10-23 16:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll + 2007-05-24 16:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll + 2007-06-08 14:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys + 2007-06-05 15:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys + 2007-09-17 14:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 03:32] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 23:46] "Super Audio Grabber 3.0"="C:\Program Files\Ailansoft\Super Audio Grabber 3.0\SAGrab.exe/a" [] "Eraser"="C:\Program Files\Eraser\eraser.exe" [2006-08-07 16:07] "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-11-03 13:39] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 00:55] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 00:52] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 00:55] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 02:49 C:\WINDOWS\RTHDCPL.exe] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 09:40] "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 19:28] "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 14:13] "NDSTray.exe"="NDSTray.exe" [] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 08:20] "ZoomingHook"="ZoomingHook.exe" [2005-06-06 12:58 C:\WINDOWS\system32\ZoomingHook.exe] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 19:13] "HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 16:45] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 15:25] "SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 16:45] "TCtryIOHook"="TCtrlIOHook.exe" [2005-12-05 17:50 C:\WINDOWS\system32\TCtrlIOHook.exe] "TFncKy"="TFncKy.exe" [] "TDispVol"="TDispVol.exe" [2005-12-27 19:34 C:\WINDOWS\system32\TDispVol.exe] "TPSMain"="TPSMain.exe" [2005-05-31 20:16 C:\WINDOWS\system32\TPSMain.exe] "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-17 14:37] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 17:29 C:\WINDOWS\agrsmmsg.exe] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 15:37] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 14:41] "CFSServ.exe"="CFSServ.exe" [] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-26 16:30] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2005-12-13 01:18] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-08 22:09] "Super Audio Grabber 3.0"="C:\Program Files\Ailansoft\Super Audio Grabber 3.0\SAGrab.exe/a" [] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 16:30] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-12-21 21:00:05] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] C:\Program Files\Eraser\eraser.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys S3 DLKRCB;D-Link DFE-690TXD CardBus PC Card;C:\WINDOWS\system32\DRIVERS\DLKRCB.SYS . Contents of the 'Scheduled Tasks' folder "2007-12-18 00:02:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2006-02-13 13:42:32 C:\WINDOWS\Tasks\Registration reminder 2.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2006-02-13 13:42:33 C:\WINDOWS\Tasks\Registration reminder 3.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe . ************************************************************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-17 19:02:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\system32\TDispVol.dll . Completion time: 2007-12-17 19:03:46 - machine was rebooted C:\ComboFix2.txt ... 2007-12-17 10:43 C:\ComboFix3.txt ... 2007-12-16 20:30 . 2007-12-14 23:18:26 --- E O F ---