Here are the logs
VirSCAN.org Scanned Report :
Scanned time : 2008/11/07 22:46:22 (CST)
Scanner results: All Scanners reported not find malware!
File Name : LOGVIRUS2.EXE
File Size : 120154 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 138afdba7049de9e86bfa48c781fdbfe
SHA1 : 35ccdfb37317f6a580e09716f73f6b7764a9984b
Online report : http://virscan.org/report/56ead590cc...d310b5cd3.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.23 2008.11.03 2008-11-03 1.69 -
AhnLab V3 2008.11.08.00 2008.11.08 2008-11-08 1.12 -
AntiVir 7.9.0.29 7.1.0.55 2008-11-07 1.52 -
Antiy 2.0.18 20081106.1560299 2008-11-06 0.12 -
Arcavir 1.0.5 200811061144 2008-11-06 1.34 -
Authentium 5.1.1 200811070922 2008-11-07 1.06 -
AVAST! 3.0.1 081107-0 2008-11-07 0.01 -
AVG 7.5.52.442 270.9.0/1774 2008-11-07 1.73 -
BitDefender 7.60825.2082914 7.21743 2008-11-08 3.40 -
CA (VET) 9.0.0.143 31.6.6199 2008-11-07 3.83 -
ClamAV 0.94 8591 2008-11-08 0.03 -
Comodo 2.11 2.0.0.700 2008-11-07 0.43 -
CP Secure 1.1.0.715 2008.11.08 2008-11-08 6.44 -
Dr.Web 4.44.0.9170 2008.11.08 2008-11-08 3.49 -
ewido 4.0.0.2 2008.11.07 2008-11-07 3.03 -
F-Prot 4.4.4.56 20081107 2008-11-07 1.06 -
F-Secure 5.51.6100 2008.11.08.01 2008-11-08 0.14 -
Fortinet 2.81-3.117 9.696 2008-11-07 0.20 -
GData 19.1416/19.95 20081108 2008-11-08 2.72 -
ViRobot 20081107 2008.11.07 2008-11-07 0.40 -
Ikarus T3.1.01.45 2008.11.08.71815 2008-11-08 3.64 -
JiangMin 11.0.706 2008.11.07 2008-11-07 1.31 -
Kaspersky 5.5.10 2008.11.08 2008-11-08 0.12 -
KingSoft 2008.9.8.18 2008.11.7.20 2008-11-07 0.68 -
McAfee 5.3.00 5427 2008-11-07 2.40 -
Microsoft 1.4104 2008.11.07 2008-11-07 4.55 -
mks_vir 2.01 2008.11.08 2008-11-08 2.69 -
Norman 5.93.01 5.93.00 2008-11-07 5.28 -
Panda 9.05.01 2008.11.07 2008-11-07 2.32 -
Trend Micro 8.700-1004 5.644.14 2008-11-07 0.03 -
Quick Heal 9.50 2008.11.07 2008-11-07 1.88 -
Rising 20.0 21.02.50.00 2008-11-08 0.90 -
Sophos 2.80.0 4.35 2008-11-08 1.90 -
Sunbelt 3.1.1785.2 4374 2008-11-04 0.71 -
Symantec 1.3.0.24 20081107.008 2008-11-07 0.05 -
nProtect 2008-11-07.00 2383957 2008-11-07 4.42 -
The Hacker 6.3.1.1 v00145 2008-11-07 0.47 -
VBA32 3.12.8.9 20081107.1704 2008-11-07 1.40 -
VirusBuster 4.5.11.10 10.91.1/671326 2008-11-07 0.90 -
Combo Fix
ComboFix 08-11-01.06 - ChamberS 2008-11-07 22:57:40.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.201 [GMT -6:00]
Running from: C:\Documents and Settings\chambers\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\chambers\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\PrivacIE.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\NetworkService\PrivacIE
C:\Documents and Settings\NetworkService\PrivacIE\index.dat
C:\WINDOWS\system32\PrivacIE.dll
.
((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))
.
2008-11-05 20:44 . 2008-11-05 20:45 330 --a------ C:\END
2008-10-30 19:28 . 2008-10-30 19:28 7,704 --a------ C:\WINDOWS\system32\mst120.dll
2008-10-22 17:57 . 2008-10-22 19:09 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-10-21 17:59 . 2008-10-22 17:57 <DIR> d-------- C:\Program Files\Windows Defender
2008-10-20 22:30 . 2008-10-20 22:30 95 --a------ C:\WINDOWS\wininit.ini
2008-10-20 19:46 . 2008-10-20 19:46 <DIR> d-------- C:\WINDOWS\Sun
2008-10-19 12:04 . 2008-10-19 12:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-18 16:23 . 2006-10-04 08:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-10-18 16:22 . 2008-10-18 16:22 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-10-18 16:17 . 2008-10-18 16:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-18 16:17 . 2008-10-18 16:20 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-10-17 14:00 . 2008-10-17 14:00 <DIR> d-------- C:\Documents and Settings\chambers\Application Data\Leadertech
2008-10-17 13:58 . 2008-10-17 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2008-10-17 13:57 . 2008-10-23 21:23 <DIR> d-------- C:\Program Files\palmOne
2008-10-17 13:56 . 2008-10-17 13:56 <DIR> d-------- C:\Documents and Settings\chambers\Application Data\HotSync
2008-10-09 20:59 . 2008-10-09 20:59 <DIR> d-------- C:\Documents and Settings\chambers\Application Data\PlayFirst
2008-10-09 20:59 . 2008-10-14 18:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-09 20:59 . 2008-10-09 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-10-09 20:58 . 2008-10-18 22:43 <DIR> d-------- C:\Program Files\iWin.com
2008-10-09 20:57 . 2008-10-09 20:57 <DIR> d-------- C:\Documents and Settings\chambers\Application Data\iWinArcade
2008-10-09 20:57 . 2008-10-09 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 01:55 --------- d-----w C:\Documents and Settings\chambers\Application Data\Move Networks
2008-11-02 15:15 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-11-02 15:00 2,634,240 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-11-02 15:00 1,065,472 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-10-30 15:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-30 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-29 02:08 5,690,331 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-22 22:11 2,216,448 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-10-17 01:51 2,636,800 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-10-17 01:51 1,001,472 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-10-14 23:27 999,424 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-09-27 22:03 --------- d-----w C:\Documents and Settings\chambers\Application Data\Apple Computer
2008-09-27 21:54 --------- d-----w C:\Program Files\QuickTime
2008-09-27 21:53 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-27 21:52 --------- d-----w C:\Program Files\Apple Software Update
2008-09-27 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-27 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-09-23 15:57 275,968 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-09-23 02:06 591,872 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-09-21 17:41 404,480 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-09-20 04:50 353,792 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-08-22 08:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 08:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 08:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 08:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
2008-08-22 08:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-08-22 08:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-08-22 08:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-22 08:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-22 08:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 07:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2005-08-18 08:39 120,154 ----a-w C:\WINDOWS\system32\config\systemprofile\LOGVIRUS2.EXE
2005-08-18 08:39 120,154 ----a-w C:\Documents and Settings\nathem\LOGVIRUS2.EXE
2005-08-18 08:39 120,154 ----a-w C:\Documents and Settings\Default User\LOGVIRUS2.EXE
2005-08-18 08:39 120,154 ----a-w C:\Documents and Settings\chambers\LOGVIRUS2.EXE
2003-08-20 22:34 120,313 ----a-w C:\Documents and Settings\SMSCCMBootAcct&\LOGVIRUS1.EXE
2003-08-20 17:34 120,313 ----a-w C:\WINDOWS\system32\config\systemprofile\LOGVIRUS1.EXE
2003-08-20 17:34 120,313 ----a-w C:\Documents and Settings\nathem\LOGVIRUS1.EXE
2003-08-20 17:34 120,313 ----a-w C:\Documents and Settings\Default User\LOGVIRUS1.EXE
2003-08-20 17:34 120,313 ----a-w C:\Documents and Settings\chambers\LOGVIRUS1.EXE
2002-11-11 13:19 34,304 ----a-w C:\Documents and Settings\SMSCCMBootAcct&\Shutdown.exe
2002-11-11 08:19 34,304 ----a-w C:\WINDOWS\system32\config\systemprofile\Shutdown.exe
2002-11-11 08:19 34,304 ----a-w C:\Documents and Settings\nathem\Shutdown.exe
2002-11-11 08:19 34,304 ----a-w C:\Documents and Settings\Default User\Shutdown.exe
2002-11-11 08:19 34,304 ----a-w C:\Documents and Settings\chambers\Shutdown.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-22_20.16.09.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
- 2000-08-31 13:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe
+ 2000-08-31 14:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe
- 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
+ 2000-08-31 14:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
- 2008-06-09 16:21:24 55,790 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-11-02 15:32:40 55,790 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-09 16:21:24 387,808 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-11-02 15:32:40 387,808 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"AbacastDistributedOnDemand:11"="C:\Documents and Settings\chambers\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" [2008-09-29 54776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-11-19 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-19 512000]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2003-10-23 897024]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SPYBOTD"="C:\WINDOWS\system32\Dis_Spybot_Wizard.EXE" [2004-12-02 110791]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-14 118784]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-04-13 196608]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-04-13 208896]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-25 344064]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-17 8433664]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-17 81920]
"ProductView8_0---UserRegSet"="C:\WINDOWS\Productview\ProductView8_0---UserRegSet.EXE" [2006-06-30 120823]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"TP4EX"="tp4ex.exe" [2002-09-03 C:\WINDOWS\system32\TP4EX.exe]
"TpShocks"="TpShocks.exe" [2005-11-07 C:\WINDOWS\system32\TpShocks.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 C:\WINDOWS\AGRSMMSG.exe]
"Hot Key Kbd Daemon"="SKDAEMON.EXE" [2004-03-05 C:\WINDOWS\system32\SKDAEMON.EXE]
C:\Documents and Settings\chambers\Start Menu\Programs\Startup\
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2005-09-19 2367488]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader\reader_sl.exe [2005-09-23 29696]
BSCI AWE Tools.lnk - C:\Program Files\AWE Tools\AWE Tools.exe [2006-09-28 13312]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 471040]
VPN Client.lnk - C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2006-09-28 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 10:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2724113797-4241170016-2566783980-8360\Scripts\Logon\0\0]
"Script"=EnableHTTP11onIE.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2724113797-4241170016-2566783980-8360\Scripts\Logon\1\0]
"Script"=EnableHTTP11onIE.bat
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-11-30 85760]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 4736]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-04-13 4442]
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 578784]
R2 iPCAgent;iPCAgent;C:\Program Files\iPass\iPassConnect\iPCAgent.exe [2004-10-19 90112]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;C:\WINDOWS\system32\DRIVERS\mdc80211.sys [2006-09-27 15793]
S3 LenovoRd;LenovoRd;C:\WINDOWS\system32\Drivers\LenovoRd.sys [2007-02-26 81920]
S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2006-02-09 20704]
S3 vsinstdv;vsinstdv;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{61B245E9-100A-46E9-8760-31EBEC18F586}\vsinstdv.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
2008-11-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-08 C:\WINDOWS\Tasks\PMTask.job
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-04-13 00:15]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-07 23:00:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\csgina.dll
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
-> C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
.
Completion time: 2008-11-07 23:02:34
ComboFix-quarantined-files.txt 2008-11-08 05:02:30
ComboFix2.txt 2008-11-03 14:59:15
ComboFix3.txt 2008-11-02 15:26:49
ComboFix4.txt 2008-10-23 01:16:52
Pre-Run: 25,057,701,888 bytes free
Post-Run: 25,092,317,184 bytes free
195
