Virtumonde Still on Computer?
Hello,
I had the Virtumonde infection on my computer about 5 days ago and after reading threads in many forums, I took the steps they said. I had downloaded all of the programs (RegCure, ATF-Cleaner, ComboFix, Malwarebytes' Anti-Malware) and my computer was working fine for the most part.
Then last night the same issues happened again. Random pop-ups, my computer did a strange beep/ honk at me, programs shut down, and system low on virtual memory. After reading about this malware, I am assuming that it's a pretty vicious one to kill. I didn't want to bother anyone online with this issue but I'm stuck now and need some help. Below I will provide a HijackThis log. Thank you in advance.
*******
Logfile of random's system information tool 1.04 (written by random/random)
Run by EndUser at 2008-11-16 20:42:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 63 GB (83%) free of 76 GB
Total RAM: 446 MB (20% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:43 PM, on 11/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\EndUser\Desktop\Anti-Virus Stuff\RSIT.exe
C:\Program Files\trend micro\EndUser.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 5907 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-10-12 1282048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"PCTAVApp"=C:\Program Files\PC Tools AntiVirus\PCTAV.exe [2008-07-23 1259408]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2005-01-24 81920]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Documents and Settings\EndUser\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-29 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCTAVSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\EndUser\Desktop\utorrent.exe"="C:\Documents and Settings\EndUser\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 1 months======
2008-11-16 20:37:39 ----SHD---- C:\RECYCLER
2008-11-16 15:30:39 ----D---- C:\Documents and Settings\EndUser\Application Data\Help
2008-11-16 15:28:38 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-11-16 15:28:32 ----D---- C:\Program Files\Security Task Manager
2008-11-16 15:16:50 ----D---- C:\Program Files\Enigma Software Group
2008-11-15 01:07:13 ----A---- C:\WINDOWS\zip.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\VFIND.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\SWSC.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\SWREG.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\sed.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\grep.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\fdsv.exe
2008-11-15 01:06:21 ----D---- C:\Qoobox
2008-11-12 21:15:43 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 21:15:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 21:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 16:34:35 ----D---- C:\Documents and Settings\EndUser\Application Data\Ahead
2008-11-11 18:32:40 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-09 13:05:05 ----A---- C:\Boot.bak
2008-11-09 13:05:00 ----RASHD---- C:\cmdcons
2008-11-09 13:03:39 ----D---- C:\WINDOWS\ERDNT
2008-11-09 12:39:06 ----D---- C:\Documents and Settings\EndUser\Application Data\Malwarebytes
2008-11-09 12:38:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-09 12:38:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-09 12:32:06 ----D---- C:\Program Files\trend micro
2008-11-09 12:32:03 ----D---- C:\rsit
2008-11-08 00:47:19 ----D---- C:\Documents and Settings\EndUser\Application Data\Uniblue
2008-11-08 00:46:24 ----D---- C:\Program Files\Uniblue
2008-11-07 19:01:44 ----D---- C:\Program Files\RegCure
2008-11-07 17:15:09 ----DC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-06 18:49:09 ----RHD---- C:\AHCache
2008-11-03 21:41:21 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2008-11-03 21:39:31 ----D---- C:\Program Files\Common Files\Ahead
2008-11-03 19:24:05 ----A---- C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-10-27 06:11:00 ----D---- C:\Documents and Settings\EndUser\Application Data\HP
2008-10-26 21:16:52 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-10-26 21:09:43 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-10-26 21:09:11 ----D---- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-10-26 21:08:54 ----D---- C:\Program Files\Common Files\HP
2008-10-26 21:08:31 ----D---- C:\Program Files\Hewlett-Packard
2008-10-26 21:08:13 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-10-26 21:00:03 ----D---- C:\Program Files\HP
2008-10-26 20:59:58 ----HD---- C:\Config.Msi
2008-10-26 20:57:28 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-10-26 20:57:15 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2008-10-26 20:57:11 ----A---- C:\WINDOWS\system32\hpzll4v2.dll
2008-10-26 20:56:15 ----RA---- C:\WINDOWS\system32\difxapi.dll
2008-10-26 20:56:14 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2008-10-26 20:56:14 ----RA---- C:\WINDOWS\system32\hpovst10.dll
2008-10-26 20:56:13 ----RA---- C:\WINDOWS\system32\hpotscl3.dll
2008-10-26 20:56:12 ----RA---- C:\WINDOWS\system32\hpowiax3.dll
2008-10-26 20:53:52 ----A---- C:\WINDOWS\ODBC.INI
2008-10-26 20:53:07 ----D---- C:\Program Files\Microsoft ActiveSync
2008-10-26 20:52:53 ----D---- C:\Program Files\Common Files\Designer
2008-10-26 20:51:59 ----D---- C:\WINDOWS\ShellNew
2008-10-26 20:51:57 ----D---- C:\Program Files\Microsoft Office
2008-10-23 14:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
======List of files/folders modified in the last 1 months======
2008-11-16 20:42:40 ----D---- C:\WINDOWS\Prefetch
2008-11-16 20:40:18 ----RD---- C:\Program Files
2008-11-16 20:39:29 ----D---- C:\Program Files\Mozilla Firefox
2008-11-16 20:26:07 ----D---- C:\WINDOWS\Temp
2008-11-16 20:22:10 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-16 20:21:52 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-16 20:21:48 ----D---- C:\WINDOWS
2008-11-16 20:21:47 ----D---- C:\Program Files\PC Tools AntiVirus
2008-11-16 16:22:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-16 16:10:05 ----D---- C:\WINDOWS\system32
2008-11-16 16:08:59 ----A---- C:\WINDOWS\system.ini
2008-11-16 16:08:30 ----D---- C:\WINDOWS\system32\drivers
2008-11-16 16:08:29 ----D---- C:\WINDOWS\AppPatch
2008-11-16 16:08:29 ----D---- C:\Program Files\Common Files
2008-11-16 15:51:24 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-12 21:15:47 ----HD---- C:\WINDOWS\inf
2008-11-12 21:15:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-12 21:15:43 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 21:15:41 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 21:14:48 ----SHD---- C:\WINDOWS\Installer
2008-11-12 21:14:47 ----D---- C:\WINDOWS\WinSxS
2008-11-11 12:45:29 ----D---- C:\Documents and Settings\EndUser\Application Data\AdobeUM
2008-11-11 12:42:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-11 12:35:58 ----D---- C:\Program Files\Adobe
2008-11-09 13:06:45 ----D---- C:\WINDOWS\system32\config
2008-11-09 13:05:05 ----ASH---- C:\boot.ini
2008-11-09 00:14:48 ----SD---- C:\Documents and Settings\EndUser\Application Data\Microsoft
2008-11-08 01:39:35 ----D---- C:\Program Files\Nero
2008-11-08 01:36:24 ----D---- C:\TEMP
2008-11-07 19:07:04 ----SD---- C:\WINDOWS\Tasks
2008-11-07 19:06:59 ----D---- C:\Documents and Settings\EndUser\Application Data\uTorrent
2008-11-07 18:16:31 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-07 18:16:25 ----RSD---- C:\WINDOWS\assembly
2008-11-07 17:11:38 ----D---- C:\WINDOWS\pchealth
2008-11-07 17:11:20 ----D---- C:\Program Files\Internet Explorer
2008-11-03 21:39:32 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-11-03 20:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 19:25:31 ----D---- C:\Program Files\Common Files\Nero
2008-11-03 19:22:34 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2008-11-03 18:51:24 ----D---- C:\WINDOWS\Help
2008-11-03 17:50:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 01:03:59 ----D---- C:\WINDOWS\system32\wbem
2008-11-01 01:03:58 ----D---- C:\WINDOWS\Registration
2008-11-01 01:02:56 ----D---- C:\WINDOWS\system32\Restore
2008-10-29 19:11:53 ----A---- C:\WINDOWS\win.ini
2008-10-28 22:22:43 ----A---- C:\WINDOWS\WORDPAD.INI
2008-10-28 16:53:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-26 21:08:39 ----D---- C:\WINDOWS\twain_32
2008-10-26 20:56:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-26 20:52:24 ----D---- C:\Program Files\Common Files\System
2008-10-26 20:52:12 ----RSD---- C:\WINDOWS\Fonts
2008-10-26 20:51:57 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-26 20:50:41 ----D---- C:\WINDOWS\system
2008-10-19 00:33:27 ----D---- C:\Documents and Settings\EndUser\Application Data\LimeWire
2008-10-17 16:26:03 ----SD---- C:\WINDOWS\Downloaded Program Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AVFilter;AVFilter; C:\WINDOWS\system32\drivers\AVFilter.sys [2008-02-12 21904]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-29 1132544]
R3 AVHook;AVHook; C:\WINDOWS\system32\drivers\AVHook.sys [2007-12-06 28568]
R3 AVRec;AVRec; C:\WINDOWS\system32\drivers\AVRec.sys [2007-12-06 21912]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-04-20 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-04-20 350080]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-01-25 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-01-25 200576]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-25 703616]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-04-18 230912]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-29 364544]
R2 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 PCTAVSvc;PC Tools AntiVirus Engine; C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe [2008-06-19 964496]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-10-12 20480]
R3 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-09 611664]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-10 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-01-26 53337]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-01-26 53337]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-01-26 69718]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
EOF
I had the Virtumonde infection on my computer about 5 days ago and after reading threads in many forums, I took the steps they said. I had downloaded all of the programs (RegCure, ATF-Cleaner, ComboFix, Malwarebytes' Anti-Malware) and my computer was working fine for the most part.
Then last night the same issues happened again. Random pop-ups, my computer did a strange beep/ honk at me, programs shut down, and system low on virtual memory. After reading about this malware, I am assuming that it's a pretty vicious one to kill. I didn't want to bother anyone online with this issue but I'm stuck now and need some help. Below I will provide a HijackThis log. Thank you in advance.
*******
Logfile of random's system information tool 1.04 (written by random/random)
Run by EndUser at 2008-11-16 20:42:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 63 GB (83%) free of 76 GB
Total RAM: 446 MB (20% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:43 PM, on 11/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\EndUser\Desktop\Anti-Virus Stuff\RSIT.exe
C:\Program Files\trend micro\EndUser.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 5907 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-10-12 1282048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"PCTAVApp"=C:\Program Files\PC Tools AntiVirus\PCTAV.exe [2008-07-23 1259408]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2005-01-24 81920]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Documents and Settings\EndUser\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-29 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCTAVSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\EndUser\Desktop\utorrent.exe"="C:\Documents and Settings\EndUser\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 1 months======
2008-11-16 20:37:39 ----SHD---- C:\RECYCLER
2008-11-16 15:30:39 ----D---- C:\Documents and Settings\EndUser\Application Data\Help
2008-11-16 15:28:38 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-11-16 15:28:32 ----D---- C:\Program Files\Security Task Manager
2008-11-16 15:16:50 ----D---- C:\Program Files\Enigma Software Group
2008-11-15 01:07:13 ----A---- C:\WINDOWS\zip.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\VFIND.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\SWSC.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\SWREG.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\sed.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\grep.exe
2008-11-15 01:07:13 ----A---- C:\WINDOWS\fdsv.exe
2008-11-15 01:06:21 ----D---- C:\Qoobox
2008-11-12 21:15:43 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 21:15:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 21:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 16:34:35 ----D---- C:\Documents and Settings\EndUser\Application Data\Ahead
2008-11-11 18:32:40 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-09 13:05:05 ----A---- C:\Boot.bak
2008-11-09 13:05:00 ----RASHD---- C:\cmdcons
2008-11-09 13:03:39 ----D---- C:\WINDOWS\ERDNT
2008-11-09 12:39:06 ----D---- C:\Documents and Settings\EndUser\Application Data\Malwarebytes
2008-11-09 12:38:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-09 12:38:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-09 12:32:06 ----D---- C:\Program Files\trend micro
2008-11-09 12:32:03 ----D---- C:\rsit
2008-11-08 00:47:19 ----D---- C:\Documents and Settings\EndUser\Application Data\Uniblue
2008-11-08 00:46:24 ----D---- C:\Program Files\Uniblue
2008-11-07 19:01:44 ----D---- C:\Program Files\RegCure
2008-11-07 17:15:09 ----DC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-06 18:49:09 ----RHD---- C:\AHCache
2008-11-03 21:41:21 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2008-11-03 21:39:31 ----D---- C:\Program Files\Common Files\Ahead
2008-11-03 19:24:05 ----A---- C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-10-27 06:11:00 ----D---- C:\Documents and Settings\EndUser\Application Data\HP
2008-10-26 21:16:52 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-10-26 21:09:43 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-10-26 21:09:11 ----D---- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-10-26 21:08:54 ----D---- C:\Program Files\Common Files\HP
2008-10-26 21:08:31 ----D---- C:\Program Files\Hewlett-Packard
2008-10-26 21:08:13 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-10-26 21:00:03 ----D---- C:\Program Files\HP
2008-10-26 20:59:58 ----HD---- C:\Config.Msi
2008-10-26 20:57:28 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-10-26 20:57:15 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2008-10-26 20:57:11 ----A---- C:\WINDOWS\system32\hpzll4v2.dll
2008-10-26 20:56:15 ----RA---- C:\WINDOWS\system32\difxapi.dll
2008-10-26 20:56:14 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2008-10-26 20:56:14 ----RA---- C:\WINDOWS\system32\hpovst10.dll
2008-10-26 20:56:13 ----RA---- C:\WINDOWS\system32\hpotscl3.dll
2008-10-26 20:56:12 ----RA---- C:\WINDOWS\system32\hpowiax3.dll
2008-10-26 20:53:52 ----A---- C:\WINDOWS\ODBC.INI
2008-10-26 20:53:07 ----D---- C:\Program Files\Microsoft ActiveSync
2008-10-26 20:52:53 ----D---- C:\Program Files\Common Files\Designer
2008-10-26 20:51:59 ----D---- C:\WINDOWS\ShellNew
2008-10-26 20:51:57 ----D---- C:\Program Files\Microsoft Office
2008-10-23 14:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
======List of files/folders modified in the last 1 months======
2008-11-16 20:42:40 ----D---- C:\WINDOWS\Prefetch
2008-11-16 20:40:18 ----RD---- C:\Program Files
2008-11-16 20:39:29 ----D---- C:\Program Files\Mozilla Firefox
2008-11-16 20:26:07 ----D---- C:\WINDOWS\Temp
2008-11-16 20:22:10 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-16 20:21:52 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-16 20:21:48 ----D---- C:\WINDOWS
2008-11-16 20:21:47 ----D---- C:\Program Files\PC Tools AntiVirus
2008-11-16 16:22:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-16 16:10:05 ----D---- C:\WINDOWS\system32
2008-11-16 16:08:59 ----A---- C:\WINDOWS\system.ini
2008-11-16 16:08:30 ----D---- C:\WINDOWS\system32\drivers
2008-11-16 16:08:29 ----D---- C:\WINDOWS\AppPatch
2008-11-16 16:08:29 ----D---- C:\Program Files\Common Files
2008-11-16 15:51:24 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-12 21:15:47 ----HD---- C:\WINDOWS\inf
2008-11-12 21:15:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-12 21:15:43 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 21:15:41 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 21:14:48 ----SHD---- C:\WINDOWS\Installer
2008-11-12 21:14:47 ----D---- C:\WINDOWS\WinSxS
2008-11-11 12:45:29 ----D---- C:\Documents and Settings\EndUser\Application Data\AdobeUM
2008-11-11 12:42:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-11 12:35:58 ----D---- C:\Program Files\Adobe
2008-11-09 13:06:45 ----D---- C:\WINDOWS\system32\config
2008-11-09 13:05:05 ----ASH---- C:\boot.ini
2008-11-09 00:14:48 ----SD---- C:\Documents and Settings\EndUser\Application Data\Microsoft
2008-11-08 01:39:35 ----D---- C:\Program Files\Nero
2008-11-08 01:36:24 ----D---- C:\TEMP
2008-11-07 19:07:04 ----SD---- C:\WINDOWS\Tasks
2008-11-07 19:06:59 ----D---- C:\Documents and Settings\EndUser\Application Data\uTorrent
2008-11-07 18:16:31 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-07 18:16:25 ----RSD---- C:\WINDOWS\assembly
2008-11-07 17:11:38 ----D---- C:\WINDOWS\pchealth
2008-11-07 17:11:20 ----D---- C:\Program Files\Internet Explorer
2008-11-03 21:39:32 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-11-03 20:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 19:25:31 ----D---- C:\Program Files\Common Files\Nero
2008-11-03 19:22:34 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2008-11-03 18:51:24 ----D---- C:\WINDOWS\Help
2008-11-03 17:50:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 01:03:59 ----D---- C:\WINDOWS\system32\wbem
2008-11-01 01:03:58 ----D---- C:\WINDOWS\Registration
2008-11-01 01:02:56 ----D---- C:\WINDOWS\system32\Restore
2008-10-29 19:11:53 ----A---- C:\WINDOWS\win.ini
2008-10-28 22:22:43 ----A---- C:\WINDOWS\WORDPAD.INI
2008-10-28 16:53:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-26 21:08:39 ----D---- C:\WINDOWS\twain_32
2008-10-26 20:56:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-26 20:52:24 ----D---- C:\Program Files\Common Files\System
2008-10-26 20:52:12 ----RSD---- C:\WINDOWS\Fonts
2008-10-26 20:51:57 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-26 20:50:41 ----D---- C:\WINDOWS\system
2008-10-19 00:33:27 ----D---- C:\Documents and Settings\EndUser\Application Data\LimeWire
2008-10-17 16:26:03 ----SD---- C:\WINDOWS\Downloaded Program Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AVFilter;AVFilter; C:\WINDOWS\system32\drivers\AVFilter.sys [2008-02-12 21904]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-29 1132544]
R3 AVHook;AVHook; C:\WINDOWS\system32\drivers\AVHook.sys [2007-12-06 28568]
R3 AVRec;AVRec; C:\WINDOWS\system32\drivers\AVRec.sys [2007-12-06 21912]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-04-20 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-04-20 350080]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-01-25 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-01-25 200576]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-25 703616]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-04-18 230912]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-29 364544]
R2 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 PCTAVSvc;PC Tools AntiVirus Engine; C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe [2008-06-19 964496]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-10-12 20480]
R3 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-09 611664]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-10 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-01-26 53337]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-01-26 53337]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-01-26 69718]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
EOF
0
This discussion has been closed.
Comments
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly
Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
There is no sign of problems in that log, are you still having troubles ?
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review:
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
I did the Kaspersky scan you listed above with 0 infections found. I really don't know what to do now.
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
See HERE for help
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.79 [GMT -4:00]
Running from: c:\documents and settings\EndUser\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\hpowiax3.dll
.
((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.
2008-11-24 01:02 . 2008-11-24 01:02 17,856 --a
c:\documents and settings\EndUser\Application Data\GDIPFONTCACHEV1.DAT
2008-11-24 00:44 . 2008-11-24 00:43 410,976 --a
c:\windows\system32\deploytk.dll
2008-11-16 15:28 . 2008-11-16 15:30 <DIR> d
c:\program files\Security Task Manager
2008-11-16 15:28 . 2008-11-16 15:29 <DIR> d
c:\documents and settings\All Users\Application Data\SecTaskMan
2008-11-12 21:13 . 2008-09-04 13:15 1,106,944
c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 21:13 . 2008-10-24 07:21 455,296
c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 16:34 . 2008-11-12 16:34 <DIR> d
c:\documents and settings\EndUser\Application Data\Ahead
2008-11-11 18:32 . 2008-11-11 18:32 <DIR> d
c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-09 12:39 . 2008-11-09 12:39 <DIR> d
c:\documents and settings\EndUser\Application Data\Malwarebytes
2008-11-09 12:38 . 2008-11-09 12:39 <DIR> d
c:\program files\Malwarebytes' Anti-Malware
2008-11-09 12:38 . 2008-11-09 12:38 <DIR> d
c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-09 12:38 . 2008-10-22 16:28 38,496 --a
c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-09 12:38 . 2008-10-22 16:28 15,504 --a
c:\windows\system32\drivers\mbam.sys
2008-11-09 12:32 . 2008-11-16 20:42 <DIR> d
C:\rsit
2008-11-09 12:32 . 2008-11-16 20:42 <DIR> d
c:\program files\trend micro
2008-11-08 00:47 . 2008-11-08 00:47 <DIR> d
c:\documents and settings\EndUser\Application Data\Uniblue
2008-11-08 00:46 . 2008-11-08 00:46 <DIR> d
c:\program files\Uniblue
2008-11-07 19:01 . 2008-11-16 20:41 <DIR> d
c:\program files\RegCure
2008-11-07 17:15 . 2008-11-07 17:15 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-06 18:49 . 2008-11-06 18:49 <DIR> dr-h
C:\AHCache
2008-11-03 21:41 . 2008-11-03 21:41 <DIR> d
c:\documents and settings\All Users\Application Data\Ahead
2008-11-03 21:39 . 2008-11-03 21:40 <DIR> d
c:\program files\Common Files\Ahead
2008-11-03 19:24 . 2008-06-24 12:45 1,414,440 --a
c:\windows\system32\ShellManager310E2D762.dll
2008-11-03 19:24 . 2008-06-23 16:36 773,120 --a
c:\windows\system32\NEROINSTAEC43759.DB
2008-10-27 06:11 . 2008-10-27 06:11 <DIR> d
c:\documents and settings\EndUser\Application Data\HP
2008-10-26 21:16 . 2008-10-26 21:16 <DIR> d
c:\documents and settings\All Users\Application Data\WEBREG
2008-10-26 21:12 . 2008-10-26 22:12 <DIR> d
c:\documents and settings\LocalService\Application Data\HP
2008-10-26 21:09 . 2008-10-26 21:09 <DIR> d
c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-10-26 21:09 . 2008-10-29 17:08 <DIR> d
c:\documents and settings\All Users\Application Data\HP
2008-10-26 21:08 . 2008-10-26 21:08 <DIR> d
c:\program files\Hewlett-Packard
2008-10-26 21:08 . 2008-10-26 21:11 <DIR> d
c:\program files\Common Files\HP
2008-10-26 21:08 . 2008-10-26 21:08 <DIR> d
c:\program files\Common Files\Hewlett-Packard
2008-10-26 21:00 . 2008-10-26 21:11 <DIR> d
c:\program files\HP
2008-10-26 20:58 . 2006-12-06 02:02 49,920 -ra
c:\windows\system32\drivers\HPZid412.sys
2008-10-26 20:58 . 2006-12-06 02:02 16,496 -ra
c:\windows\system32\drivers\HPZipr12.sys
2008-10-26 20:57 . 2008-10-26 20:57 <DIR> d
c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-10-26 20:57 . 2006-12-15 12:04 258,048 -ra
c:\windows\system32\hpzids01.dll
2008-10-26 20:57 . 2008-10-26 21:16 130,958 --a
c:\windows\hpoins12.dat
2008-10-26 20:57 . 2006-12-30 14:49 117,760 --a
c:\windows\system32\hpzll4v2.dll
2008-10-26 20:57 . 2007-01-22 12:05 1,470
c:\windows\hpomdl12.dat
2008-10-26 20:56 . 2006-12-06 02:00 569,344 -ra
c:\windows\system32\hpotscl3.dll
2008-10-26 20:56 . 2006-12-06 02:02 364,544 -ra
c:\windows\system32\hppldcoi.dll
2008-10-26 20:56 . 2006-12-06 02:02 309,760 -ra
c:\windows\system32\difxapi.dll
2008-10-26 20:56 . 2006-12-06 02:00 294,912 -ra
c:\windows\system32\hpovst10.dll
2008-10-26 20:56 . 2008-04-13 14:47 25,856 --a
c:\windows\system32\drivers\usbprint.sys
2008-10-26 20:56 . 2008-04-13 14:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-26 20:56 . 2006-12-06 02:02 21,568 -ra
c:\windows\system32\drivers\HPZius12.sys
2008-10-26 20:53 . 2008-10-26 20:53 <DIR> d
c:\program files\Microsoft ActiveSync
2008-10-26 20:53 . 2008-10-26 20:53 376 --a
c:\windows\ODBC.INI
2008-10-26 20:51 . 2008-10-26 20:52 <DIR> d
c:\windows\ShellNew
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 19:24
d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-24 19:18
d
w c:\program files\PC Tools AntiVirus
2008-11-24 04:42
d
w c:\program files\Java
2008-11-18 02:43
d
w c:\program files\LimeWire
2008-11-11 16:45
d
w c:\documents and settings\EndUser\Application Data\AdobeUM
2008-11-08 05:39
d
w c:\program files\Nero
2008-11-07 23:06
d
w c:\documents and settings\EndUser\Application Data\uTorrent
2008-11-04 01:39
d
w c:\documents and settings\All Users\Application Data\Nero
2008-11-03 23:25
d
w c:\program files\Common Files\Nero
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 04:33
d
w c:\documents and settings\EndUser\Application Data\LimeWire
2008-10-16 18:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 18:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 18:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 18:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 18:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 18:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 18:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 18:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 18:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 18:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-04 05:14
d
w c:\documents and settings\All Users\Application Data\PopCap
2008-09-30 20:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 02:54 151,552
w c:\windows\system32\pxwma.dll
2008-09-10 02:54 108,544
w c:\windows\system32\pxcpyi64.exe
2008-09-10 02:54 104,960
w c:\windows\system32\pxinsi64.exe
2008-09-10 01:14 1,307,648
w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-07-23 1259408]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
c:\documents and settings\EndUser\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\EndUser\\Desktop\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-01-25 200576]
S2 OneStepSearch Service;OneStepSearch Service; []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2008-11-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]
2008-11-20 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]
.
.
Supplementary Scan
.
FireFox -: Profile - c:\documents and settings\EndUser\Application Data\Mozilla\Firefox\Profiles\8la1ahaz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.deviantart.com/
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 15:36:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'lsass.exe'(876)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2008-11-24 15:37:29
ComboFix-quarantined-files.txt 2008-11-24 19:37:07
ComboFix2.txt 2008-11-15 05:11:10
Pre-Run: 65,946,271,744 bytes free
Post-Run: 65,940,992,000 bytes free
177 --- E O F --- 2008-11-13 01:17:40
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK
uTorrent
LimeWire
Uniblue
RegCure
There is no active malware that would be causing your problem.
Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.
http://icrontic.com/forum/forumdisplay.php?f=32
http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html
All the forums above have good support for software/OS problems, and I'm sure they will be able to help.
You can also delete any logs we have produced, and empty your Recycle bin.