Tech Support Forum banner
Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
73 Posts
Discussion Starter · #1 ·
Yes, I know I've had the same problem before, but now it's a different machine. I'm not sure if I can apply the same steps as before so here's a new HJT log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:50:00, on 03.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\Windows\system32\isys32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Lumi\Policies\catsrv.exe
C:\Documents and Settings\Lumi\Desktop\HiJackThis_v2.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [MonAppli] C:\Windows\system32\isys32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [catsrv] C:\Documents and Settings\Lumi\Policies\catsrv.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\RunOnce: [SWUPath] C:\Program Files\Hewlett-Packard\HP Software Update\shellExWin.exe -m
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [catsrv] C:\Documents and Settings\Lumi\Policies\catsrv.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A02B7725-A62D-4C3E-95E1-18F475D3B2B0}: NameServer = 193.231.100.130 193.231.100.134
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

--
End of file - 6336 bytes

EDIT: I'll deactivate TeaTimer.
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
I thought you reformatted this machine. Where did those things come from?

Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
C:\Windows\system32\isys32.exe
Folder::
C:\Documents and Settings\Lumi\Policies
Driver::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MonAppli"=-
"catsrv"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"catsrv"=-
Save this as ComboFix-Do.txt




Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe
Then post the resultant log
 

·
Registered
Joined
·
73 Posts
Discussion Starter · #3 ·
That should solve it, right?

TEH LOGZ!

"Lumi" - 2007-07-03 23:11:29 - ComboFix 07-07-04.1 - Service Pack 2 FAT32
Command switches used :: C:\Documents and Settings\Lumi\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Lumi\Policies
C:\Documents and Settings\Lumi\Policies\catsrv.exe
C:\Documents and Settings\Lumi\Policies\fxset\001.part
C:\Documents and Settings\Lumi\Policies\fxset\001.part.met
C:\Documents and Settings\Lumi\Policies\fxset\001.part.met.bak
C:\Documents and Settings\Lumi\Policies\key_index.dat
C:\Documents and Settings\Lumi\Policies\load_index.dat
C:\Documents and Settings\Lumi\Policies\nodes.com
C:\Documents and Settings\Lumi\Policies\preferencesKad.dat
C:\Documents and Settings\Lumi\Policies\src_index.dat
C:\Documents and Settings\Lumi\Policies\sys.net
C:\Documents and Settings\Lumi\Policies\win32_srv.dll
C:\Windows\system32\isys32.exe
C:\WINDOWS\system32\winsys.exe


((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))


2007-07-03 22:13 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-07-03 22:13 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-07-03 22:13 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-07-03 22:13 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-07-03 22:06 <DIR> d-------- C:\Temp
2007-07-03 22:06 <DIR> d-------- C:\Program Files\VibrateGameDeviceDriver
2007-07-03 21:42 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-03 21:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-03 18:55 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-07-03 18:52 <DIR> d-------- C:\Program Files\HP
2007-07-03 18:52 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-07-03 18:51 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-07-03 18:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-03 18:36 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-03 18:30 <DIR> d-------- C:\Program Files\Yahoo!
2007-07-03 18:29 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2007-07-03 18:29 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2007-07-03 18:29 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2007-07-03 18:29 355 --a------ C:\WINDOWS\EReg072.dat
2007-07-03 18:29 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-07-03 18:29 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2007-07-03 18:29 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2007-07-03 18:29 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2007-07-03 18:29 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2007-07-03 18:27 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-07-03 18:27 <DIR> d-------- C:\DOCUME~1\Lumi\WINDOWS
2007-07-03 18:23 1,165 --a------ C:\WINDOWS\mozver.dat
2007-07-03 18:13 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-07-03 18:10 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-03 18:10 <DIR> d--hs---- C:\DOCUME~1\Lumi\temp
2007-07-03 18:09 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2007-07-03 18:05 <DIR> d-------- C:\Program Files\Launchy
2007-07-03 18:05 <DIR> d-------- C:\DOCUME~1\Lumi\APPLIC~1\Launchy
2007-07-03 18:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-03 17:36 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-03 17:36 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-03 17:36 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-03 17:36 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-03 17:36 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-07-03 17:36 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-03 17:36 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-07-03 17:36 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-03 17:36 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-03 17:36 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-07-03 17:36 <DIR> d-------- C:\Program Files\Alwil Software
2007-07-03 17:29 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-03 17:29 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-03 17:29 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-03 17:29 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-03 17:29 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-03 17:29 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-03 17:29 <DIR> d-------- C:\Program Files\Winamp
2007-07-03 17:29 <DIR> d-------- C:\DOCUME~1\Lumi\APPLIC~1\Winamp
2007-07-03 17:29 <DIR> d-------- C:\DOCUME~1\Lumi\APPLIC~1\Talkback
2007-07-03 17:22 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-07-03 17:13 40,320 --a------ C:\WINDOWS\system32\drivers\steth.sys
2007-07-03 17:13 30,464 --a------ C:\WINDOWS\system32\drivers\st330.sys
2007-07-03 17:13 16,128 --a------ C:\WINDOWS\system32\drivers\lpwdm.sys
2007-07-03 17:13 12,672 --a------ C:\WINDOWS\system32\drivers\stbus.sys
2007-07-03 17:13 <DIR> d-------- C:\Program Files\Thomson SpeedTouch
2007-07-03 17:08 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-07-03 17:08 <DIR> d-------- C:\WINDOWS\system32\ime
2007-07-03 17:08 <DIR> d-------- C:\WINDOWS\srchasst
2007-07-03 17:08 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-03 17:08 <DIR> d-------- C:\Program Files\msn gaming zone
2007-07-03 17:08 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-07-03 17:08 <DIR> d-------- C:\Program Files\Common Files\speechengines
2007-07-03 17:05 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-07-03 17:05 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2007-07-03 17:05 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-07-03 17:05 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2007-07-03 17:05 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-07-03 17:05 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2007-07-03 17:05 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-07-03 17:05 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-07-03 17:05 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-07-03 17:05 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-07-03 17:05 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-07-03 17:05 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-07-03 17:05 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2007-07-03 17:05 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-07-03 17:05 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-07-03 17:05 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-07-03 17:05 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-07-03 17:05 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-07-03 17:05 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-07-03 17:05 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-07-03 17:05 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-07-03 17:05 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2007-07-03 17:05 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-07-03 17:05 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2007-07-03 17:05 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2007-07-03 17:05 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-07-03 17:05 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-07-03 17:05 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-07-03 17:05 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-07-03 17:05 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-07-03 17:05 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-07-03 17:05 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2007-07-03 17:05 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-24 22:02:16 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2007-05-24 22:02:16 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
2007-05-24 22:02:16 8,192 ----a-w C:\WINDOWS\system32\streamci.dll
2007-05-24 22:02:16 63,744 ----a-w C:\WINDOWS\system32\drivers\mf.sys
2007-05-24 22:02:16 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2007-05-24 22:02:16 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2007-05-24 22:02:16 55,296 ----a-w C:\WINDOWS\system32\dvdplay.exe
2007-05-24 22:02:16 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
2007-05-24 22:02:16 52,224 ----a-w C:\WINDOWS\system32\dmutil.dll
2007-05-24 22:02:16 476,160 ----a-w C:\WINDOWS\system32\wzcsvc.dll
2007-05-24 22:02:16 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
2007-05-24 22:02:16 42,496 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2007-05-24 22:02:16 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2007-05-24 22:02:16 37,376 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2007-05-24 22:02:16 36,992 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2007-05-24 22:02:16 36,480 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2007-05-24 22:02:16 35,456 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2007-05-24 22:02:16 35,328 ----a-w C:\WINDOWS\system32\pid.dll
2007-05-24 22:02:16 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2007-05-24 22:02:16 25,472 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2007-05-24 22:02:16 23,936 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
2007-05-24 22:02:16 23,808 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys
2007-05-24 22:02:16 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2007-05-24 22:02:16 21,376 ----a-w C:\WINDOWS\system32\drivers\tsbvcap.sys
2007-05-24 22:02:16 20,992 ----a-w C:\WINDOWS\system32\hid.dll
2007-05-24 22:02:16 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys
2007-05-24 22:02:16 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
2007-05-24 22:02:16 16,000 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
2007-05-24 22:02:16 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys
2007-05-24 22:02:16 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2007-05-24 22:02:16 12,416 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2007-05-24 22:02:16 12,160 ----a-w C:\WINDOWS\system32\drivers\fsvga.sys
2007-05-24 22:00:26 360,704 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-05-24 22:00:26 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-05-24 21:59:56 984,576 ----a-w C:\WINDOWS\system32\syssetup.dll
2007-05-23 15:13:30 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
2007-05-23 12:14:06 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-05-23 12:14:06 383,488 ----a-w C:\WINDOWS\system32\wzcdlg.dll
2007-05-23 12:13:56 65,536 ----a-w C:\WINDOWS\system32\wshext.dll
2007-05-23 12:13:56 28,672 ----a-w C:\WINDOWS\system32\wshcon.dll
2007-05-23 12:13:56 114,688 ----a-w C:\WINDOWS\system32\wscript.exe
2007-05-23 12:13:54 69,120 ----a-w C:\WINDOWS\system32\wlanapi.dll
2007-05-23 12:13:52 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
2007-05-23 12:13:50 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-05-23 12:13:50 1,843,968 ----a-w C:\WINDOWS\system32\win32k.sys
2007-05-23 12:13:42 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
2007-05-23 12:13:42 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
2007-05-23 12:13:40 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2007-05-23 12:13:38 26,624 ----a-w C:\WINDOWS\system32\verifier.dll
2007-05-23 12:13:36 438,272 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-05-23 12:13:36 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe
2007-05-23 12:13:34 578,048 ----a-w C:\WINDOWS\system32\user32.dll
2007-05-23 12:13:34 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
2007-05-23 12:13:34 20,608 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
2007-05-23 12:13:32 59,392 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
2007-05-23 12:13:32 30,208 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
2007-05-23 12:13:32 143,488 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
2007-05-23 12:13:30 209,280 ----a-w C:\WINDOWS\system32\drivers\update.sys
2007-05-23 12:13:28 35,840 ----a-w C:\WINDOWS\system32\umandlg.dll
2007-05-23 12:13:28 123,392 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
2007-05-23 12:13:28 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
2007-05-23 12:13:26 36,352 ----a-w C:\WINDOWS\system32\tsgqec.dll
2007-05-23 12:13:16 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll
2007-05-23 12:13:16 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-05-23 12:13:14 117,760 ----a-w C:\WINDOWS\system32\t2embed.dll
2007-05-23 12:13:08 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
2007-05-23 12:13:08 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
2007-05-23 12:13:06 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
2007-05-23 12:13:06 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2007-05-23 12:13:04 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
2007-05-23 12:12:46 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2007-05-23 12:12:44 519,280 ----a-w C:\WINDOWS\system32\SecProc_isv.dll
2007-05-23 12:12:44 518,768 ----a-w C:\WINDOWS\system32\SecProc.dll
2007-05-23 12:12:44 192,624 ----a-w C:\WINDOWS\system32\SecProc_ssp_isv.dll
2007-05-23 12:12:44 192,624 ----a-w C:\WINDOWS\system32\SecProc_ssp.dll
2007-05-23 12:12:42 11,904 ----a-w C:\WINDOWS\system32\drivers\sffdisk.sys
2007-05-23 12:12:42 11,008 ----a-w C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-05-23 12:12:42 10,240 ----a-w C:\WINDOWS\system32\drivers\sffp_mmc.sys
2007-05-23 12:12:40 78,720 ----a-w C:\WINDOWS\system32\drivers\sdbus.sys
2007-05-23 12:12:40 151,552 ----a-w C:\WINDOWS\system32\scrrun.dll
2007-05-23 12:12:40 151,552 ----a-w C:\WINDOWS\system32\scrobj.dll
2007-05-23 12:12:38 62,336 ----a-w C:\WINDOWS\system32\drivers\rspndr.sys
2007-05-23 12:12:36 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
2007-05-23 12:12:36 399,360 ----a-w C:\WINDOWS\system32\rpcss.dll
2007-05-23 12:12:36 10,752 ----a-w C:\WINDOWS\system32\rspndr.exe
2007-05-23 12:12:34 358,000 ----a-w C:\WINDOWS\system32\RmActivate_ssp.exe
2007-05-23 12:12:34 354,416 ----a-w C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2007-05-23 12:12:34 202,496 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2007-05-23 12:12:32 531,568 ----a-w C:\WINDOWS\system32\RmActivate_isv.exe
2007-05-23 12:12:32 523,376 ----a-w C:\WINDOWS\system32\RmActivate.exe
2007-05-23 12:12:30 288,768 ----a-w C:\WINDOWS\system32\rhttpaa.dll
2007-05-23 12:12:30 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2007-05-23 12:12:28 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
2007-05-23 12:12:26 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-05-23 12:12:24 386,048 ----a-w C:\WINDOWS\system32\qdvd.dll
2007-05-23 12:12:24 35,840 ----a-w C:\WINDOWS\system32\qfecheck.exe
2007-05-23 12:12:24 279,040 ----a-w C:\WINDOWS\system32\qdv.dll
2007-05-23 12:12:22 84,480 ----a-w C:\WINDOWS\system32\pintool.exe
2007-05-23 12:12:22 192,512 ----a-w C:\WINDOWS\system32\qcap.dll
2007-05-23 12:12:18 74,752 ----a-w C:\WINDOWS\system32\olecli32.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 00:12 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2006-04-16 17:51 C:\WINDOWS\system32\nwiz.exe]
"diagnostics"="C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" [2007-07-03 17:13]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 18:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"catsrv"="C:\Documents and Settings\Lumi\Policies\catsrv.exe" []
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"RTBatteryMeter"="C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 11:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 17:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 13:48]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16]
"catsrv"="C:\Documents and Settings\Lumi\Policies\catsrv.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"HideRunAsVerb"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts upnphost SSDPSRV


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9b5cc88-2977-11dc-b027-000e50f19cbb}]
AutoRun\command- G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9b5cc89-2977-11dc-b027-000e50f19cbb}]
AutoRun\command- H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9b5cc8a-2977-11dc-b027-000e50f19cbb}]
AutoRun\command- I:\panel.exe


**************************************************************************

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 23:12:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-03 23:12:51
C:\ComboFix-quarantined-files.txt ... 2007-07-03 23:12

--- E O F ---


Well, you see, I didn't reformat my machine. I got a new one and installed windows on that one. However, I've transfered over some files from my old one (which is working well now). I think those files messed it up.
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Have Hijackthis fix this:

O4 - HKCU\..\Run: [catsrv] C:\Documents and Settings\Lumi\Policies\catsrv.exe -AutoStart


Then to play it safe, let's perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
        [*]Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. We only require a report from it.
    It does not provide an option to clean/disinfect.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
 

·
Registered
Joined
·
73 Posts
Discussion Starter · #5 ·
I had it repair the catsrv thing but it still showed up at the next scan. I can't start scanning now because it's really late here, but i guess I'll do it tomorrow.

Oh, one more thing: in the last thread you said that I should have Windows hide known file extensions. Why would I do that?
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
I had it repair the catsrv thing but it still showed up at the next scan.
Is Tea Timer running?

That's to prevent accidental renaming of file extensions. When that happenes, the executable will fail to run.
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top