Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91862 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] adwear & Trojan


  • This topic is locked This topic is locked
25 replies to this topic

#16 smavid

smavid

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 08 June 2008 - 05:42 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:19 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ASUS\AI Booster\OverClk.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\ASUS\AASP\1.00.15\aaCenter.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\n00binator\Desktop\F.I.X\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Rbet] "C:\DOCUME~1\N00BIN~1\APPLIC~1\ASEMBL~1\spool32.exe" -vt yazb
O4 - HKCU\..\Run: [Jcjwu] "C:\Program Files\?dobe\r?ndll32.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6582 bytes


ComboFix 08-06-07.3 - n00binator 2008-06-08 18:35:06.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1577 [GMT -5:00]
Running from: C:\Documents and Settings\n00binator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-08 17:10 . 2008-06-08 17:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-08 17:05 . 2008-06-08 17:05 <DIR> d-------- C:\sdfix
2008-06-08 17:02 . 2008-06-08 17:02 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-08 04:49 . 2008-06-08 04:49 87,511 --a------ C:\WINDOWS\system32\iftuyszv.exe
2008-06-08 04:39 . 2008-06-08 04:39 49,158 --a------ C:\WINDOWS\444.0
2008-06-02 12:44 . 2008-06-02 12:44 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Ubisoft
2008-06-01 21:11 . 2008-06-01 21:11 <DIR> d-------- C:\Program Files\KAPITALSIN
2008-06-01 17:03 . 2008-06-01 17:03 <DIR> d-------- C:\WINDOWS\system32\Gears of War - Screensaver dir
2008-06-01 17:03 . 2008-06-01 21:10 <DIR> d-------- C:\Program Files\Gears of War
2008-06-01 17:03 . 2008-06-01 17:03 520,192 --a------ C:\WINDOWS\system32\Gears of War - Screensaver.scr
2008-06-01 17:00 . 2008-06-01 17:08 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Microsoft Games
2008-06-01 16:44 . 2008-06-01 16:54 <DIR> d-------- C:\Program Files\AMD
2008-06-01 16:43 . 2008-06-01 16:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-01 16:43 . 2007-04-05 16:56 33,792 --a------ C:\WINDOWS\system32\drivers\AmdTools.sys
2008-06-01 02:47 . 2008-06-01 02:47 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\vlc
2008-06-01 02:29 . 2008-06-01 02:29 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-01 02:14 . 2008-06-07 03:35 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-31 22:02 . 2008-05-31 22:02 8 -r-hs---- C:\WINDOWS\system32\67C6F433D4.sys
2008-05-31 21:59 . 2008-05-31 21:59 88 -r-hs---- C:\WINDOWS\system32\FB39D8CA88.sys
2008-05-31 21:58 . 2008-05-31 21:59 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Corel
2008-05-31 21:58 . 2008-05-31 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-05-31 21:57 . 2008-05-31 21:57 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-05-31 21:42 . 2008-05-31 21:57 <DIR> d-------- C:\Program Files\Corel
2008-05-31 21:12 . 2008-06-08 17:47 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-31 09:51 . 2008-05-31 09:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-31 09:51 . 2008-05-31 09:51 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Malwarebytes
2008-05-31 09:51 . 2008-05-31 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-31 09:51 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-31 09:51 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 09:50 . 2008-05-31 09:50 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-31 07:52 . 2008-06-08 18:39 0 --a------ C:\WINDOWS\system.ini
2008-05-31 00:48 . 2008-06-08 04:50 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-05-31 00:39 . 2008-05-31 10:15 <DIR> d-------- C:\WINDOWS\system32\Ucom1
2008-05-31 00:39 . 2008-05-31 00:39 <DIR> d-------- C:\WINDOWS\system32\sIE6
2008-05-31 00:39 . 2008-05-31 00:39 <DIR> d-------- C:\WINDOWS\system32\evd2
2008-05-31 00:39 . 2008-05-31 10:15 <DIR> d-------- C:\WINDOWS\system32\Dev3
2008-05-31 00:39 . 2008-05-31 10:15 <DIR> d-------- C:\WINDOWS\system32\4026c
2008-05-31 00:38 . 2008-06-08 15:19 <DIR> d-------- C:\Temp
2008-05-26 16:26 . 2008-05-26 16:27 <DIR> d-------- C:\WINDOWS\NV16322340.TMP
2008-05-26 02:20 . 2008-05-26 02:20 <DIR> d-------- C:\Documents and Settings\n00binator\My Games
2008-05-26 02:13 . 2007-06-21 01:53 32,768 --a------ C:\WINDOWS\system32\mf.dll
2008-05-26 01:45 . 2008-06-06 11:52 <DIR> d-------- C:\Program Files\Microsoft Games
2008-05-26 01:45 . 2008-05-26 01:45 <DIR> d-------- C:\Documents and Settings\All Users\Microsoft
2008-05-26 01:45 . 2008-05-26 01:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-05-26 01:43 . 2008-05-26 01:43 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Microsoft Game Studios
2008-05-25 23:53 . 2008-05-25 23:53 <DIR> d-------- C:\WINDOWS\95F354E1056743D38B37DFDA257324F0.TMP
2008-05-25 23:51 . 2008-05-25 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BufferZone
2008-05-25 23:12 . 2008-05-25 23:12 <DIR> d-------- C:\Program Files\7-Zip
2008-05-25 00:34 . 2004-08-04 09:56 616,960 --a------ C:\WINDOWS\advapi32.dll
2008-05-24 22:15 . 2008-03-05 15:56 3,952,144 --a------ C:\WINDOWS\system32\D3DX9d_37.dll
2008-05-24 22:15 . 2008-02-05 23:06 3,799,400 --a------ C:\WINDOWS\system32\d3dx9d_33.dll
2008-05-24 22:15 . 2008-02-05 23:06 3,087,208 --a------ C:\WINDOWS\system32\d3d9d.dll
2008-05-24 22:15 . 2008-02-05 23:06 506,384 --a------ C:\WINDOWS\system32\D3DX10d_37.dll
2008-05-24 22:15 . 2008-02-05 23:06 359,624 --a------ C:\WINDOWS\system32\dinput8d.dll
2008-05-24 22:15 . 2008-02-05 23:06 349,416 --a------ C:\WINDOWS\system32\d3dref9.dll
2008-05-24 22:14 . 2008-05-24 22:15 <DIR> d-------- C:\Program Files\Microsoft DirectX SDK (March 2008)
2008-05-24 19:56 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-24 19:56 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-24 19:56 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-05-24 19:56 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-05-24 19:56 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-05-24 19:56 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-05-24 19:45 . 2008-05-24 19:56 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-24 17:26 . 2008-05-24 17:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-24 04:47 . 2008-05-24 04:47 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-24 04:12 . 2008-05-26 02:19 <DIR> d-------- C:\wata
2008-05-22 22:09 . 2008-05-22 22:09 <DIR> d-------- C:\Program Files\Xvid
2008-05-22 22:09 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-22 22:09 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-22 22:09 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-21 23:41 . 2008-05-21 23:41 <DIR> d-------- C:\Program Files\Google
2008-05-20 22:44 . 2008-05-20 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-05-20 22:31 . 2008-05-20 22:31 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-05-20 20:08 . 2008-05-20 20:10 <DIR> d-------- C:\WINDOWS\NV37603764.TMP
2008-05-20 19:05 . 2008-05-20 19:05 <DIR> d-------- C:\Program Files\MadOnion.com
2008-05-20 18:37 . 2008-05-20 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-20 18:30 . 2008-05-20 18:31 <DIR> d-------- C:\WINDOWS\NV32043208.TMP
2008-05-20 18:02 . 2008-05-26 16:26 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-05-20 18:02 . 2008-05-20 18:04 <DIR> d-------- C:\WINDOWS\NV32482924.TMP
2008-05-20 18:02 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-20 18:01 . 2008-05-20 18:01 <DIR> d-------- C:\NVIDIA
2008-05-20 16:05 . 2008-05-20 16:05 <DIR> d-------- C:\Documents and Settings\Owner
2008-05-20 15:20 . 2008-06-02 17:31 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-05-20 15:12 . 2008-06-02 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-05-20 15:11 . 2008-05-20 15:11 22,328 --a------ C:\Documents and Settings\n00binator\Application Data\PnkBstrK.sys
2008-05-20 15:02 . 2008-06-02 12:02 <DIR> d-------- C:\Program Files\Ubisoft
2008-05-20 14:58 . 2008-05-20 14:58 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-20 14:56 . 2008-05-20 14:56 685,816 --------- C:\WINDOWS\system32\drivers\sptd.sys
2008-05-20 14:55 . 2008-06-07 09:40 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\U3
2008-05-20 14:55 . 2004-08-03 23:08 26,496 -----c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-20 02:17 . 2008-05-20 02:18 <DIR> d-------- C:\Program Files\Winamp
2008-05-20 02:17 . 2008-05-20 02:23 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Winamp
2008-05-20 01:15 . 2008-05-20 01:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-05-20 01:00 . 2008-05-20 01:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-05-20 00:58 . 2008-05-29 04:00 <DIR> d-------- C:\Program Files\Xfire
2008-05-20 00:58 . 2008-06-04 11:54 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Xfire
2008-05-19 23:46 . 2008-05-19 23:46 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-05-19 23:45 . 2008-05-24 03:22 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Ahead
2008-05-19 23:45 . 2008-05-19 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-05-19 23:43 . 2008-05-19 23:43 <DIR> d-------- C:\Program Files\Nero
2008-05-19 23:43 . 2008-05-19 23:45 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-19 23:43 . 2008-05-19 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-19 23:36 . 2008-05-19 23:36 <DIR> d-------- C:\Program Files\Free RAR Extract Frog
2008-05-19 22:08 . 2008-05-19 22:08 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-19 22:08 . 2008-05-19 22:08 <DIR> d-------- C:\Program Files\Multimedia Keyboard Application
2008-05-19 21:46 . 2008-05-19 21:46 <DIR> d---s---- C:\Documents and Settings\n00binator\UserData
2008-05-19 21:13 . 2008-06-08 06:19 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\BitTorrent
2008-05-19 21:12 . 2008-05-19 21:12 <DIR> d-------- C:\Program Files\DNA
2008-05-19 21:12 . 2008-05-19 21:12 <DIR> d-------- C:\Program Files\BitTorrent
2008-05-19 21:12 . 2008-06-08 18:35 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\DNA
2008-05-19 19:59 . 2005-03-03 21:47 31,104 --------- C:\WINDOWS\system32\drivers\CYUSB.sys
2008-05-19 19:59 . 2007-04-12 08:46 10,880 --------- C:\WINDOWS\system32\drivers\dadder.sys
2008-05-19 19:15 . 2008-05-19 19:15 <DIR> d-------- C:\WINDOWS\Profiles
2008-05-19 19:15 . 2008-05-19 19:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-19 19:15 . 2008-05-19 19:15 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\InterTrust
2008-05-19 19:15 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-19 19:10 . 2004-08-04 07:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2008-05-19 19:09 . 2001-08-18 00:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-05-19 19:07 . 2007-03-12 18:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-05-19 19:06 . 2008-05-26 16:27 <DIR> d-------- C:\WINDOWS\nview
2008-05-19 19:06 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-19 19:06 . 2008-06-08 18:39 175,419 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-19 19:06 . 2008-05-03 05:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-19 18:59 . 2008-05-19 18:59 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\MSNInstaller
2008-05-19 13:03 . 2001-08-17 08:59 3,072 --------- C:\WINDOWS\system32\drivers\audstub.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 20:37 23,352 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-08 20:37 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-07 00:01 70,144 ----a-w C:\WINDOWS\system32\userinit.exe
2008-06-06 17:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 22:12 --------- d-----w C:\Program Files\DIFX
2008-05-21 03:31 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-05-21 01:26 --------- d-----w C:\Program Files\ASUS
2008-05-20 20:11 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-20 20:11 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-05-20 01:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Maxtor
2008-05-20 01:54 392,320 ------w C:\WINDOWS\system32\drivers\timntr.sys
2008-05-20 01:54 32,768 ------w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-05-20 01:54 120,992 ------w C:\WINDOWS\system32\drivers\snapman.sys
2008-05-20 01:54 --------- d-----w C:\Program Files\Maxtor
2008-05-20 01:54 --------- d-----w C:\Program Files\Common Files\Maxtor
2008-05-20 01:53 --------- d-----w C:\Program Files\Razer
2008-05-20 01:53 --------- d-----w C:\Documents and Settings\n00binator\Application Data\InstallShield
2008-05-20 01:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-20 01:43 --------- d-----w C:\Program Files\Analog Devices
2008-05-20 01:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-03 03:46 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2008-05-03 03:46 6,108,160 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2008-05-03 03:46 425,984 ----a-w C:\WINDOWS\system32\nvapi.dll
2008-05-03 03:46 41,984 ----a-w C:\WINDOWS\system32\nvcod.dll
2008-05-03 03:46 13,529,088 ----a-w C:\WINDOWS\system32\nvcpl.dll
2008-04-30 22:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
.

((((((((((((((((((((((((((((( snapshot_2008-06-08_15.23.12.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-08 07:22:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-08 22:10:50 2,891,776 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-06-08 22:10:50 24,576 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-08 07:22:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-08 22:10:49 2,891,776 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-06-08 22:10:49 24,576 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2007-02-13 01:33:37 1,110,016 ----a-r C:\WINDOWS\Temp\LaunchU3.exe
+ 2008-06-08 23:39:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_770.dat
+ 2008-06-08 23:39:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_eb4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-19 21:12 289088]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-21 23:41 171448]
"Rbet"="C:\DOCUME~1\N00BIN~1\APPLIC~1\ASEMBL~1\spool32.exe" [ ]
"Jcjwu"="C:\Program Files\?dobe\r?ndll32.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch Ai Booster"="C:\Program Files\ASUS\AI Booster\OverClk.exe" [2006-11-28 19:20 3714048]
"MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 09:59 1169720]
"AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 10:09 1945712]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 10:03 149024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 13:49 36352]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 01:25 363008]
"Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" [2006-10-30 22:53 2128896]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 21:34 868352]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2007-05-07 19:40 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 12:21 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-06-01 12:05 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-07-18 19:55 451872 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 17:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-06-01 12:06 1629744 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard]
--a------ 2005-11-30 14:48 94208 C:\Program Files\Multimedia Keyboard Application\StartAutorun.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\RainbowSixVegas2_SADS.exe"=
"C:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2007-04-05 16:56]
R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-04-12 08:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - AEC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 18:39:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\ASUS\AASP\1.00.15\aaCenter.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
.
**************************************************************************
.
Completion time: 2008-06-08 18:41:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-08 23:41:07
ComboFix2.txt 2008-06-08 20:23:25
ComboFix3.txt 2008-06-02 11:37:01
ComboFix4.txt 2008-05-31 12:39:17

Pre-Run: 378,271,428,608 bytes free
Post-Run: 378,263,474,176 bytes free

283

    Advertisements

Register to Remove


#17 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 08 June 2008 - 05:59 PM

Looking alot better :thumbup:

Open notepad and copy/paste the text in the Codebox below into it:

File::
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\444.0
C:\WINDOWS\system32\67C6F433D4.sys
C:\WINDOWS\system32\FB39D8CA88.sys
C:\Program Files\?dobe\r?ndll32.exe
C:\DOCUME~1\N00BIN~1\APPLIC~1\ASEMBL~1\spool32.exe

Folder::
C:\sdfix
C:\WINDOWS\system32\Ucom1
C:\WINDOWS\system32\sIE6
C:\WINDOWS\system32\evd2
C:\WINDOWS\system32\Dev3
C:\WINDOWS\system32\4026c
C:\WINDOWS\95F354E1056743D38B37DFDA257324F0.TMP

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rbet"=-
"Jcjwu"=-

Save this as Save this as "CFScript"


Posted Image

Drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#18 smavid

smavid

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 08 June 2008 - 06:33 PM

its all runing bester than before but time will tell.
do u know what those system32/ files where?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:00 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ASUS\AI Booster\OverClk.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\ASUS\AASP\1.00.15\aaCenter.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\n00binator\Desktop\F.I.X\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6413 bytes



ComboFix 08-06-07.3 - n00binator 2008-06-08 19:21:25.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1626 [GMT -5:00]
Running from: C:\Documents and Settings\n00binator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\n00binator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\DOCUME~1\N00BIN~1\APPLIC~1\ASEMBL~1\spool32.exe
C:\WINDOWS\444.0
C:\WINDOWS\system32\67C6F433D4.sys
C:\WINDOWS\system32\FB39D8CA88.sys
C:\WINDOWS\system32\iftuyszv.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sdfix
C:\sdfix\SDFix\apps\assosfix.reg
C:\sdfix\SDFix\apps\cliptext.exe
C:\sdfix\SDFix\apps\download.exe
C:\sdfix\SDFix\apps\dummy.sys
C:\sdfix\SDFix\apps\Enable_Command_Prompt.reg
C:\sdfix\SDFix\apps\ERDNT.E_E
C:\sdfix\SDFix\apps\ERDNTDOS.LOC
C:\sdfix\SDFix\apps\ERDNTWIN.LOC
C:\sdfix\SDFix\apps\ERUNT.EXE
C:\sdfix\SDFix\apps\ERUNT.LOC
C:\sdfix\SDFix\apps\fix.reg
C:\sdfix\SDFix\apps\FixBH.reg
C:\sdfix\SDFix\apps\FixComponents.reg
C:\sdfix\SDFix\apps\FIXCU.reg
C:\sdfix\SDFix\apps\FIXLM.reg
C:\sdfix\SDFix\apps\FixPath.exe
C:\sdfix\SDFix\apps\FixRedir.reg
C:\sdfix\SDFix\apps\FixSchedule.reg
C:\sdfix\SDFix\apps\FixWebCheck.reg
C:\sdfix\SDFix\apps\fixXP.reg
C:\sdfix\SDFix\apps\FixXPsp2.reg
C:\sdfix\SDFix\apps\grep.exe
C:\sdfix\SDFix\apps\HPFix.reg
C:\sdfix\SDFix\apps\HPFix2.reg
C:\sdfix\SDFix\apps\HPFix3.reg
C:\sdfix\SDFix\apps\HPFix4.reg
C:\sdfix\SDFix\apps\HPFix5.reg
C:\sdfix\SDFix\apps\HPFix6.reg
C:\sdfix\SDFix\apps\HPFix7.reg
C:\sdfix\SDFix\apps\HPFix8.reg
C:\sdfix\SDFix\apps\HPFix9.reg
C:\sdfix\SDFix\apps\isadmin.exe
C:\sdfix\SDFix\apps\leg2.txt
C:\sdfix\SDFix\apps\legacy.txt
C:\sdfix\SDFix\apps\legacybk.txt
C:\sdfix\SDFix\apps\locate.com
C:\sdfix\SDFix\apps\LS.exe
C:\sdfix\SDFix\apps\MD5File.exe
C:\sdfix\SDFix\apps\MyGcpvFix.reg
C:\sdfix\SDFix\apps\MyGkFix2.reg
C:\sdfix\SDFix\apps\Process.exe
C:\sdfix\SDFix\apps\procs.exe
C:\sdfix\SDFix\apps\psservice.exe
C:\sdfix\SDFix\apps\Rem.txt
C:\sdfix\SDFix\apps\Rem2.txt
C:\sdfix\SDFix\apps\Replace\regedit.exe
C:\sdfix\SDFix\apps\Replace\W2K.exe
C:\sdfix\SDFix\apps\Replace\w2k\beep.sys
C:\sdfix\SDFix\apps\Replace\w2k\null.sys
C:\sdfix\SDFix\apps\Replace\XP.exe
C:\sdfix\SDFix\apps\Replace\xp\beep.sys
C:\sdfix\SDFix\apps\Replace\xp\null.sys
C:\sdfix\SDFix\apps\Reset_AppInit_DLLs.reg
C:\sdfix\SDFix\apps\RestartIt!.exe
C:\sdfix\SDFix\apps\Restore_SecurityCenter.reg
C:\sdfix\SDFix\apps\Restore_SharedAccess.reg
C:\sdfix\SDFix\apps\sc.exe
C:\sdfix\SDFix\apps\sed.exe
C:\sdfix\SDFix\apps\SF.exe
C:\sdfix\SDFix\apps\shutdown.exe
C:\sdfix\SDFix\apps\srv2.txt
C:\sdfix\SDFix\apps\srv2bk.txt
C:\sdfix\SDFix\apps\svc.txt
C:\sdfix\SDFix\apps\svcbk.txt
C:\sdfix\SDFix\apps\swreg.exe
C:\sdfix\SDFix\apps\swsc.exe
C:\sdfix\SDFix\apps\unzip.exe
C:\sdfix\SDFix\apps\vfind.exe
C:\sdfix\SDFix\apps\WINMSG.EXE
C:\sdfix\SDFix\apps\winsec.reg
C:\sdfix\SDFix\apps\zip.exe
C:\sdfix\SDFix\catchme.exe
C:\sdfix\SDFix\dummy.sys
C:\sdfix\SDFix\RunThis.bat
C:\sdfix\SDFix\SDFIX_ReadMe_Online.url
C:\sdfix\SDFix\W2K_CodecRepair.inf
C:\sdfix\SDFix\XP_CodecRepair.inf
C:\WINDOWS\444.0
C:\WINDOWS\95F354E1056743D38B37DFDA257324F0.TMP
C:\WINDOWS\95F354E1056743D38B37DFDA257324F0.TMP\WiseCustomCalla.dll
C:\WINDOWS\95F354E1056743D38B37DFDA257324F0.TMP\WiseCustomCalla1.dll
C:\WINDOWS\95F354E1056743D38B37DFDA257324F0.TMP\WiseData.ini
C:\WINDOWS\system32\4026c
C:\WINDOWS\system32\67C6F433D4.sys
C:\WINDOWS\system32\Dev3
C:\WINDOWS\system32\evd2
C:\WINDOWS\system32\evd2\cnc1dll.exe
C:\WINDOWS\system32\FB39D8CA88.sys
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\system32\sIE6
C:\WINDOWS\system32\sIE6\patdll190.exe
C:\WINDOWS\system32\Ucom1

.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-08 17:10 . 2008-06-08 17:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-08 17:02 . 2008-06-08 17:02 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-02 12:44 . 2008-06-02 12:44 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Ubisoft
2008-06-01 21:11 . 2008-06-01 21:11 <DIR> d-------- C:\Program Files\KAPITALSIN
2008-06-01 17:03 . 2008-06-01 17:03 <DIR> d-------- C:\WINDOWS\system32\Gears of War - Screensaver dir
2008-06-01 17:03 . 2008-06-01 21:10 <DIR> d-------- C:\Program Files\Gears of War
2008-06-01 17:03 . 2008-06-01 17:03 520,192 --a------ C:\WINDOWS\system32\Gears of War - Screensaver.scr
2008-06-01 17:00 . 2008-06-01 17:08 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Microsoft Games
2008-06-01 16:44 . 2008-06-01 16:54 <DIR> d-------- C:\Program Files\AMD
2008-06-01 16:43 . 2008-06-01 16:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-01 16:43 . 2007-04-05 16:56 33,792 --a------ C:\WINDOWS\system32\drivers\AmdTools.sys
2008-06-01 02:47 . 2008-06-01 02:47 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\vlc
2008-06-01 02:29 . 2008-06-01 02:29 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-01 02:14 . 2008-06-07 03:35 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-31 21:58 . 2008-05-31 21:59 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Corel
2008-05-31 21:58 . 2008-05-31 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-05-31 21:57 . 2008-05-31 21:57 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-05-31 21:42 . 2008-05-31 21:57 <DIR> d-------- C:\Program Files\Corel
2008-05-31 21:12 . 2008-06-08 17:47 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-31 09:51 . 2008-05-31 09:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-31 09:51 . 2008-05-31 09:51 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Malwarebytes
2008-05-31 09:51 . 2008-05-31 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-31 09:51 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-31 09:51 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 09:50 . 2008-05-31 09:50 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-31 07:52 . 2008-06-08 19:24 0 --a------ C:\WINDOWS\system.ini
2008-05-31 00:48 . 2008-06-08 04:50 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-05-31 00:38 . 2008-06-08 15:19 <DIR> d-------- C:\Temp
2008-05-26 16:26 . 2008-05-26 16:27 <DIR> d-------- C:\WINDOWS\NV16322340.TMP
2008-05-26 02:20 . 2008-05-26 02:20 <DIR> d-------- C:\Documents and Settings\n00binator\My Games
2008-05-26 02:13 . 2007-06-21 01:53 32,768 --a------ C:\WINDOWS\system32\mf.dll
2008-05-26 01:45 . 2008-06-06 11:52 <DIR> d-------- C:\Program Files\Microsoft Games
2008-05-26 01:45 . 2008-05-26 01:45 <DIR> d-------- C:\Documents and Settings\All Users\Microsoft
2008-05-26 01:45 . 2008-05-26 01:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-05-26 01:43 . 2008-05-26 01:43 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Microsoft Game Studios
2008-05-25 23:51 . 2008-05-25 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BufferZone
2008-05-25 23:12 . 2008-05-25 23:12 <DIR> d-------- C:\Program Files\7-Zip
2008-05-25 00:34 . 2004-08-04 09:56 616,960 --a------ C:\WINDOWS\advapi32.dll
2008-05-24 22:15 . 2008-03-05 15:56 3,952,144 --a------ C:\WINDOWS\system32\D3DX9d_37.dll
2008-05-24 22:15 . 2008-02-05 23:06 3,799,400 --a------ C:\WINDOWS\system32\d3dx9d_33.dll
2008-05-24 22:15 . 2008-02-05 23:06 3,087,208 --a------ C:\WINDOWS\system32\d3d9d.dll
2008-05-24 22:15 . 2008-02-05 23:06 506,384 --a------ C:\WINDOWS\system32\D3DX10d_37.dll
2008-05-24 22:15 . 2008-02-05 23:06 359,624 --a------ C:\WINDOWS\system32\dinput8d.dll
2008-05-24 22:15 . 2008-02-05 23:06 349,416 --a------ C:\WINDOWS\system32\d3dref9.dll
2008-05-24 22:14 . 2008-05-24 22:15 <DIR> d-------- C:\Program Files\Microsoft DirectX SDK (March 2008)
2008-05-24 19:56 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-24 19:56 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-24 19:56 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-05-24 19:56 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-05-24 19:56 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-05-24 19:56 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-05-24 19:45 . 2008-05-24 19:56 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-24 17:26 . 2008-05-24 17:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-24 04:47 . 2008-05-24 04:47 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-24 04:12 . 2008-05-26 02:19 <DIR> d-------- C:\wata
2008-05-22 22:09 . 2008-05-22 22:09 <DIR> d-------- C:\Program Files\Xvid
2008-05-22 22:09 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-22 22:09 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-22 22:09 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-21 23:41 . 2008-05-21 23:41 <DIR> d-------- C:\Program Files\Google
2008-05-20 22:44 . 2008-05-20 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-05-20 22:31 . 2008-05-20 22:31 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-05-20 20:08 . 2008-05-20 20:10 <DIR> d-------- C:\WINDOWS\NV37603764.TMP
2008-05-20 19:05 . 2008-05-20 19:05 <DIR> d-------- C:\Program Files\MadOnion.com
2008-05-20 18:37 . 2008-05-20 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-20 18:30 . 2008-05-20 18:31 <DIR> d-------- C:\WINDOWS\NV32043208.TMP
2008-05-20 18:02 . 2008-05-26 16:26 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-05-20 18:02 . 2008-05-20 18:04 <DIR> d-------- C:\WINDOWS\NV32482924.TMP
2008-05-20 18:02 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-20 18:01 . 2008-05-20 18:01 <DIR> d-------- C:\NVIDIA
2008-05-20 16:05 . 2008-05-20 16:05 <DIR> d-------- C:\Documents and Settings\Owner
2008-05-20 15:20 . 2008-06-02 17:31 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-05-20 15:12 . 2008-06-02 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-05-20 15:11 . 2008-05-20 15:11 22,328 --a------ C:\Documents and Settings\n00binator\Application Data\PnkBstrK.sys
2008-05-20 15:02 . 2008-06-02 12:02 <DIR> d-------- C:\Program Files\Ubisoft
2008-05-20 14:58 . 2008-05-20 14:58 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-20 14:56 . 2008-05-20 14:56 685,816 --------- C:\WINDOWS\system32\drivers\sptd.sys
2008-05-20 14:55 . 2008-06-07 09:40 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\U3
2008-05-20 14:55 . 2004-08-03 23:08 26,496 -----c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-20 02:17 . 2008-05-20 02:18 <DIR> d-------- C:\Program Files\Winamp
2008-05-20 02:17 . 2008-05-20 02:23 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Winamp
2008-05-20 01:15 . 2008-05-20 01:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-05-20 01:00 . 2008-05-20 01:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-05-20 00:58 . 2008-05-29 04:00 <DIR> d-------- C:\Program Files\Xfire
2008-05-20 00:58 . 2008-06-04 11:54 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Xfire
2008-05-19 23:46 . 2008-05-19 23:46 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-05-19 23:45 . 2008-05-24 03:22 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\Ahead
2008-05-19 23:45 . 2008-05-19 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-05-19 23:43 . 2008-05-19 23:43 <DIR> d-------- C:\Program Files\Nero
2008-05-19 23:43 . 2008-05-19 23:45 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-19 23:43 . 2008-05-19 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-19 23:36 . 2008-05-19 23:36 <DIR> d-------- C:\Program Files\Free RAR Extract Frog
2008-05-19 22:08 . 2008-05-19 22:08 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-19 22:08 . 2008-05-19 22:08 <DIR> d-------- C:\Program Files\Multimedia Keyboard Application
2008-05-19 21:46 . 2008-05-19 21:46 <DIR> d---s---- C:\Documents and Settings\n00binator\UserData
2008-05-19 21:13 . 2008-06-08 06:19 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\BitTorrent
2008-05-19 21:12 . 2008-05-19 21:12 <DIR> d-------- C:\Program Files\DNA
2008-05-19 21:12 . 2008-05-19 21:12 <DIR> d-------- C:\Program Files\BitTorrent
2008-05-19 21:12 . 2008-06-08 19:22 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\DNA
2008-05-19 19:59 . 2005-03-03 21:47 31,104 --------- C:\WINDOWS\system32\drivers\CYUSB.sys
2008-05-19 19:59 . 2007-04-12 08:46 10,880 --------- C:\WINDOWS\system32\drivers\dadder.sys
2008-05-19 19:15 . 2008-05-19 19:15 <DIR> d-------- C:\WINDOWS\Profiles
2008-05-19 19:15 . 2008-05-19 19:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-19 19:15 . 2008-05-19 19:15 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\InterTrust
2008-05-19 19:15 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-19 19:10 . 2004-08-04 07:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2008-05-19 19:09 . 2001-08-18 00:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-05-19 19:07 . 2007-03-12 18:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-05-19 19:06 . 2008-05-26 16:27 <DIR> d-------- C:\WINDOWS\nview
2008-05-19 19:06 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-19 19:06 . 2008-06-08 19:24 175,419 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-19 19:06 . 2008-05-03 05:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-19 18:59 . 2008-05-19 18:59 <DIR> d-------- C:\Documents and Settings\n00binator\Application Data\MSNInstaller
2008-05-19 13:03 . 2001-08-17 08:59 3,072 --------- C:\WINDOWS\system32\drivers\audstub.sys
2008-05-19 13:02 . 2004-08-03 17:59 57,472 --------- C:\WINDOWS\system32\drivers\redbook.sys
2008-05-19 13:02 . 2004-08-03 19:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-19 13:01 . 2004-08-03 19:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-05-19 13:00 . 2008-05-19 20:08 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-05-13 20:28 . 2008-05-13 20:28 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 20:37 23,352 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-08 20:37 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-07 00:01 70,144 ----a-w C:\WINDOWS\system32\userinit.exe
2008-06-06 17:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 22:12 --------- d-----w C:\Program Files\DIFX
2008-05-21 03:31 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-05-21 01:26 --------- d-----w C:\Program Files\ASUS
2008-05-20 20:11 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-20 20:11 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-05-20 01:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Maxtor
2008-05-20 01:54 392,320 ------w C:\WINDOWS\system32\drivers\timntr.sys
2008-05-20 01:54 32,768 ------w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-05-20 01:54 120,992 ------w C:\WINDOWS\system32\drivers\snapman.sys
2008-05-20 01:54 --------- d-----w C:\Program Files\Maxtor
2008-05-20 01:54 --------- d-----w C:\Program Files\Common Files\Maxtor
2008-05-20 01:53 --------- d-----w C:\Program Files\Razer
2008-05-20 01:53 --------- d-----w C:\Documents and Settings\n00binator\Application Data\InstallShield
2008-05-20 01:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-20 01:43 --------- d-----w C:\Program Files\Analog Devices
2008-05-20 01:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-03 03:46 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2008-05-03 03:46 6,108,160 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2008-05-03 03:46 425,984 ----a-w C:\WINDOWS\system32\nvapi.dll
2008-05-03 03:46 41,984 ----a-w C:\WINDOWS\system32\nvcod.dll
2008-05-03 03:46 13,529,088 ----a-w C:\WINDOWS\system32\nvcpl.dll
2008-04-30 22:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
.

((((((((((((((((((((((((((((( snapshot_2008-06-08_15.23.12.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-08 07:22:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-08 22:10:50 2,891,776 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-06-08 22:10:50 24,576 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-08 07:22:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-08 22:10:49 2,891,776 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-06-08 22:10:49 24,576 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-06-09 00:24:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_754.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-19 21:12 289088]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-21 23:41 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch Ai Booster"="C:\Program Files\ASUS\AI Booster\OverClk.exe" [2006-11-28 19:20 3714048]
"MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 09:59 1169720]
"AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 10:09 1945712]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 10:03 149024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 13:49 36352]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 01:25 363008]
"Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" [2006-10-30 22:53 2128896]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 21:34 868352]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2007-05-07 19:40 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 12:21 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-06-01 12:05 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-07-18 19:55 451872 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 17:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-06-01 12:06 1629744 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard]
--a------ 2005-11-30 14:48 94208 C:\Program Files\Multimedia Keyboard Application\StartAutorun.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\RainbowSixVegas2_SADS.exe"=
"C:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2007-04-05 16:56]
R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-04-12 08:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - AEC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 19:24:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\ASUS\AASP\1.00.15\aaCenter.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
.
**************************************************************************
.
Completion time: 2008-06-08 19:25:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 00:25:29
ComboFix2.txt 2008-06-08 23:41:10
ComboFix3.txt 2008-06-08 20:23:25
ComboFix4.txt 2008-06-02 11:37:01
ComboFix5.txt 2008-05-31 12:39:17

Pre-Run: 377,884,200,960 bytes free
Post-Run: 377,870,082,048 bytes free

378

#19 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 08 June 2008 - 06:36 PM

http://research.prev...asp?d=1066&c=36

Do you have an Anti-Virus program?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#20 smavid

smavid

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 08 June 2008 - 06:47 PM

no nothing popn up :woot: thanks for the help!! ill try to donate is there a good program that a can get to prevent this? sys32 file change time from time?

Edited by smavid, 08 June 2008 - 06:51 PM.


#21 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 08 June 2008 - 06:49 PM

Stay with me until I give you the all clean post.

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    [list]
  • Posted Image


After the above:

I don't see a anti-virus program running or a firewall. Get the free ones.

Click HERE and Save, Install, Update and run a full scan.


Below is a list of two free firewalls (in no order of preference).It is important to note that you should only have one firewall installed at a time, but you can download to your Desktop and install each in turn to see which one you prefer.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#22 smavid

smavid

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 08 June 2008 - 07:06 PM

got the firewall as for anti-v seek&distrory but ill buy 1 later

#23 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 08 June 2008 - 07:09 PM

That's a free anti-virus program.
You can't use the internet without an anti-virus program and keep your system clean.

It's your computer :smack:



Here's my usual all clean post

Log looks good :D


You need to create a new Clean restore point.

Note: This will remove all previous Restore Points

Click Start Menu > Run > copy and paste

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

[*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


[*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
Without a firewall your computer is succeptible to being hacked and taken over.
I am very serious about this and see it happen almost every day with my clients.
Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:
Note: I no longer suggest Zone Alarm

Understanding and Using Firewalls


[*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site
until there are no more critical updates.


[*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


[*] Winpatrol


[*]Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.
[/list]Only run one Anti-Virus and Firewall program.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#24 smavid

smavid

    New Member

  • New Member
  • Pip
  • 13 posts

Posted 08 June 2008 - 07:21 PM

Thanx For the work. and for the quik replys. thanks again

#25 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 08 June 2008 - 07:22 PM

You're more then welcome. Glad we were able to help Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#26 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 08 June 2008 - 07:22 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users