existentiallove
2007-08-11, 08:06
Here is my Log from ComboFix...
So is it finally gone?!?!?!
ComboFix 07-08-09.3 - "Compaq_Administrator" 2007-08-11 0:51:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.357 [GMT -5:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\autorun.exe
C:\DOCUME~1\COMPAQ~1\STARTM~1\Programs\Startup.\system.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\WinAvXX.exe
D:\Autorun.inf
((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))
2007-08-11 00:47 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 22:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-10 22:26 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-09 19:35 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-08-09 19:35 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-08-08 04:13 37,376 --a------ C:\WINDOWS\system32\vtr135.dll
2007-07-25 20:31 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\WinBatch
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-10 23:06 2424 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
2007-08-10 23:01 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-10 19:35 --------- d-------- C:\Program Files\Full Tilt Poker
2007-08-08 07:30 --------- d-------- C:\Program Files\fsupport
2007-08-04 12:30 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\iMesh
2007-07-25 20:30 --------- d-------- C:\Program Files\HP
2007-07-25 20:30 --------- d-------- C:\Program Files\Hewlett-Packard
2007-07-06 22:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-28 05:41 36112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-06-28 05:41 203024 --a------ C:\WINDOWS\system32\drivers\TmXPFlt.sys
2007-06-28 05:41 1126328 --a------ C:\WINDOWS\system32\drivers\VSAPINT.SYS
2007-05-16 10:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --------- C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2007-02-23 16:20 357 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\DelAll.bat
2006-02-19 05:28 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 16:01]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-07 23:54 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 18:19 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 14:15]
"nwiz"="nwiz.exe" [2006-01-24 14:15 C:\WINDOWS\system32\nwiz.exe]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-03-15 21:12]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-15 21:11]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 17:14]
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 23:19]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 17:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 21:23]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 17:51]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 17:51]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 17:50]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-04 22:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-14 17:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-27 01:38]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 00:40]
"BitTorrent"="C:\Documents and Settings\Compaq_Administrator\Desktop\Jayme\bittorrent.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\hrum135.txt
R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R2 ARSVC;ARSVC;C:\WINDOWS\arservice.exe
R2 Tmpreflt;Tmpreflt;C:\WINDOWS\system32\drivers\Tmpreflt.sys
R3 aracpi;aracpi;C:\WINDOWS\system32\DRIVERS\aracpi.sys
R3 arkbcfltr;Microsoft PS2 Keyboard Filter;C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
R3 armoucfltr;Microsoft PS2 Mouse Filter;C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
R3 ARPolicy;ARPolicy;C:\WINDOWS\system32\DRIVERS\arpolicy.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
S0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys
S3 arhidfltr;MS Ar HID Filter Driver;C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
*Newly Created Service* - COMHOST
Contents of the 'Scheduled Tasks' folder
2007-08-11 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Administrator.job - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
2006-10-27 19:21:11 C:\WINDOWS\Tasks\Warranty Reminder 11 month.job - c:\windows\system32\pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 00:56:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-11 0:59:40 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 00:59
--- E O F ---
So is it finally gone?!?!?!
ComboFix 07-08-09.3 - "Compaq_Administrator" 2007-08-11 0:51:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.357 [GMT -5:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\autorun.exe
C:\DOCUME~1\COMPAQ~1\STARTM~1\Programs\Startup.\system.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\WinAvXX.exe
D:\Autorun.inf
((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))
2007-08-11 00:47 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 22:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-10 22:26 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-09 19:35 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-08-09 19:35 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-08-08 04:13 37,376 --a------ C:\WINDOWS\system32\vtr135.dll
2007-07-25 20:31 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\WinBatch
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-10 23:06 2424 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
2007-08-10 23:01 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-10 19:35 --------- d-------- C:\Program Files\Full Tilt Poker
2007-08-08 07:30 --------- d-------- C:\Program Files\fsupport
2007-08-04 12:30 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\iMesh
2007-07-25 20:30 --------- d-------- C:\Program Files\HP
2007-07-25 20:30 --------- d-------- C:\Program Files\Hewlett-Packard
2007-07-06 22:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-28 05:41 36112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-06-28 05:41 203024 --a------ C:\WINDOWS\system32\drivers\TmXPFlt.sys
2007-06-28 05:41 1126328 --a------ C:\WINDOWS\system32\drivers\VSAPINT.SYS
2007-05-16 10:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --------- C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2007-02-23 16:20 357 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\DelAll.bat
2006-02-19 05:28 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 16:01]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-07 23:54 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 18:19 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 14:15]
"nwiz"="nwiz.exe" [2006-01-24 14:15 C:\WINDOWS\system32\nwiz.exe]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-03-15 21:12]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-15 21:11]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 17:14]
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 23:19]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 17:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 21:23]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 17:51]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 17:51]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 17:50]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-04 22:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-14 17:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-27 01:38]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 00:40]
"BitTorrent"="C:\Documents and Settings\Compaq_Administrator\Desktop\Jayme\bittorrent.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\hrum135.txt
R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R2 ARSVC;ARSVC;C:\WINDOWS\arservice.exe
R2 Tmpreflt;Tmpreflt;C:\WINDOWS\system32\drivers\Tmpreflt.sys
R3 aracpi;aracpi;C:\WINDOWS\system32\DRIVERS\aracpi.sys
R3 arkbcfltr;Microsoft PS2 Keyboard Filter;C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
R3 armoucfltr;Microsoft PS2 Mouse Filter;C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
R3 ARPolicy;ARPolicy;C:\WINDOWS\system32\DRIVERS\arpolicy.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
S0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys
S3 arhidfltr;MS Ar HID Filter Driver;C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
*Newly Created Service* - COMHOST
Contents of the 'Scheduled Tasks' folder
2007-08-11 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Administrator.job - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
2006-10-27 19:21:11 C:\WINDOWS\Tasks\Warranty Reminder 11 month.job - c:\windows\system32\pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 00:56:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-11 0:59:40 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 00:59
--- E O F ---