Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32:tratbho [trj] [RESOLVED]

Started by fuganator , Jan 12 2008 12:27 PM

  • This topic is locked This topic is locked

#1
fuganator
Posted 12 January 2008 - 12:27 PM

fuganator

    New Member

  • Member
  • Pip
  • 4 posts
Avast found this virus and it pops up every once in a while. Can't seem to get rid of it.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:04 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5118DC72-BFD4-44AC-A0A9-421C191DBE39} - C:\WINDOWS\system32\fccbcaa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199512937437
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSC\WLService.exe

--
End of file - 7996 bytes
  • 0

Advertisements

#2
Essexboy
Posted 12 January 2008 - 12:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi and welcome lets see what I can do to help

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
fuganator
Posted 12 January 2008 - 02:35 PM

fuganator

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the combofix report


ComboFix 08-01-13.1 - Brian 2008-01-12 14:32:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1546 [GMT -6:00]
Running from: C:\Documents and Settings\Brian\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fccbcaa.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-12 14:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 12:26 . 2008-01-12 12:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-12 12:13 . 2008-01-12 12:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-12 12:13 . 2008-01-12 12:13 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-12 12:13 . 2008-01-12 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-12 12:05 . 2008-01-12 12:05 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-12 10:53 . 2008-01-12 12:04 <DIR> d-------- C:\VundoFix Backups
2008-01-11 01:50 . 2008-01-11 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-10 20:13 . 2008-01-10 20:13 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-01-10 20:13 . 2008-01-10 20:13 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-01-10 20:13 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2008-01-10 20:13 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2008-01-10 20:13 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-01-10 20:12 . 2008-01-10 20:12 <DIR> d-------- C:\Program Files\Futuremark
2008-01-08 23:37 . 2008-01-08 23:38 <DIR> d-------- C:\Program Files\BitLord
2008-01-08 23:26 . 2008-01-08 23:26 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-01-08 23:26 . 2008-01-08 23:26 <DIR> d-------- C:\WINDOWS\Sun
2008-01-08 23:26 . 2008-01-08 23:26 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-01-08 23:26 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-01-08 23:25 . 2008-01-08 23:25 <DIR> d-------- C:\Program Files\Java
2008-01-08 23:25 . 2008-01-08 23:25 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-08 23:25 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-05 19:26 . 2008-01-05 19:26 <DIR> dr-h----- C:\Documents and Settings\Brian\Application Data\SecuROM
2008-01-05 19:26 . 2008-01-05 19:26 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-05 19:25 . 2008-01-05 19:25 <DIR> d-------- C:\Program Files\GameSpy
2008-01-05 19:25 . 2008-01-05 19:25 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-05 19:25 . 2008-01-05 19:25 22,328 --a------ C:\Documents and Settings\Brian\Application Data\PnkBstrK.sys
2008-01-05 19:24 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-01-05 19:24 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-01-05 19:24 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-01-05 19:24 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-01-05 19:24 . 2008-01-05 19:24 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-01-05 19:24 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-01-05 19:24 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-01-05 19:24 . 2008-01-05 19:24 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-05 19:24 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-01-05 19:24 . 2008-01-05 19:24 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-05 19:15 . 2008-01-06 12:27 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-05 19:15 . 2008-01-05 19:15 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-05 16:21 . 2008-01-05 16:21 <DIR> d-------- C:\Program Files\MSBuild
2008-01-05 16:19 . 2008-01-05 16:19 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-05 16:19 . 2008-01-05 16:19 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-05 16:19 . 2008-01-05 16:19 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-05 16:19 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-01-05 16:18 . 2008-01-05 19:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-05 16:18 . 2008-01-05 16:18 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-05 16:18 . 2008-01-05 16:18 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-05 16:18 . 2008-01-05 16:18 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-05 16:14 . 2008-01-05 16:14 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-01-05 16:13 . 2006-11-13 00:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-01-05 16:13 . 2006-11-13 00:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2008-01-05 16:13 . 2006-11-13 00:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2008-01-05 16:06 . 2008-01-05 16:08 <DIR> d-------- C:\WINDOWS\NV8442996.TMP
2008-01-05 16:06 . 2007-12-18 19:55 159,769 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-01-05 16:05 . 2008-01-05 16:05 <DIR> d-------- C:\NVIDIA
2008-01-05 15:33 . 2008-01-05 15:35 <DIR> d-------- C:\Program Files\Philips Intelligent Agent
2008-01-05 15:33 . 2008-01-05 15:33 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-01-05 15:33 . 2008-01-05 15:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Philips Intelligent Agent
2008-01-05 15:32 . 2008-01-05 15:32 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Ahead
2008-01-05 15:29 . 2008-01-05 15:29 <DIR> d-------- C:\Program Files\Nero
2008-01-05 15:29 . 2008-01-05 15:32 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-05 15:29 . 2008-01-05 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-05 14:19 . 2008-01-05 14:19 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Logitech
2008-01-05 14:19 . 2008-01-05 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-01-05 14:18 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-01-05 14:18 . 2007-11-15 10:07 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-01-05 14:18 . 2007-11-15 10:07 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-01-05 14:18 . 2007-11-15 10:07 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-01-05 14:18 . 2007-11-15 10:07 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2008-01-05 14:18 . 2008-01-05 14:18 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-05 14:18 . 2008-01-05 14:18 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-01-05 14:17 . 2008-01-05 14:18 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-01-05 14:17 . 2008-01-05 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-05 14:05 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-05 14:05 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-05 14:04 . 2008-01-05 14:04 <DIR> d-------- C:\Program Files\Belkin
2008-01-05 13:56 . 2008-01-05 13:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-05 13:56 . 2003-03-18 15:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-05 13:56 . 2007-12-04 07:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-05 13:56 . 2004-01-09 03:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-05 13:56 . 2007-12-04 06:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-05 13:56 . 2007-12-04 08:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-05 13:56 . 2007-12-04 08:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-05 13:56 . 2007-12-04 08:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-05 13:56 . 2007-12-04 08:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-05 13:56 . 2007-12-04 08:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-05 13:54 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-05 03:39 . 2008-01-05 03:39 <DIR> d-------- C:\Program Files\Ventrilo
2008-01-05 03:39 . 2008-01-05 03:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 03:39 . 2008-01-05 21:04 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Ventrilo
2008-01-05 03:20 . 2008-01-08 19:16 <DIR> d-------- C:\Program Files\World of Warcraft
2008-01-05 03:20 . 2008-01-05 03:20 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-05 03:14 . 2008-01-05 03:14 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-05 03:07 . 2008-01-05 03:07 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-05 03:07 . 1998-10-29 18:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-05 03:07 . 2004-03-18 18:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-01-05 03:07 . 2004-03-18 18:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-01-05 03:07 . 2004-03-18 18:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-01-05 03:07 . 2004-03-18 18:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-01-05 03:07 . 2004-03-18 18:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 04:44 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
2008-01-04 21:23 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-19 01:55 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-19 01:55 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-19 01:55 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-19 01:55 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-19 01:55 7,435,136 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-19 01:55 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-19 01:55 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-19 01:55 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-19 01:55 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-19 01:55 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-19 01:55 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-19 01:55 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-19 01:55 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-19 01:55 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-19 01:55 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-19 01:55 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-19 01:55 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-19 01:55 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-19 01:55 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-19 01:55 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-19 01:55 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-19 01:55 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-19 01:55 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-19 01:55 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-19 01:55 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-19 01:55 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-19 01:55 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-19 01:55 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-19 01:55 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-12-19 01:55 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 01:30 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-11-07 01:30 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-11-07 01:30 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-11-07 01:30 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-11-07 01:30 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-11-07 01:30 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-11-07 01:30 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-11-07 01:30 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-11-07 01:30 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-11-07 01:30 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-11-07 01:30 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-11-07 01:30 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-11-07 01:30 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-11-07 01:30 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-11-07 01:30 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-11-07 01:30 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-11-07 01:30 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-11-07 01:30 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-11-07 01:30 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-11-07 01:30 3,330,048 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-11-07 01:30 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-11-07 01:30 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-11-07 01:30 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-11-07 01:30 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-11-07 01:30 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-11-07 01:30 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-11-07 01:30 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-11-07 01:30 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-11-07 01:30 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-11-07 01:30 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-11-07 01:30 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-11-07 01:30 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-11-07 01:30 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-11-07 01:30 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-11-07 01:30 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-11-07 01:30 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-11-07 01:30 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-11-07 01:30 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-11-07 01:30 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-11-07 01:30 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-11-07 01:30 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-11-07 01:30 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-11-07 01:30 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-11-07 01:30 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-11-07 01:30 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-11-07 01:30 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-11-07 01:30 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-11-07 01:30 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-11-07 01:30 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-11-07 01:30 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-11-07 01:30 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-11-07 01:30 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-11-07 01:30 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-11-07 01:30 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-11-07 01:30 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-11-07 01:30 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-11-07 01:30 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-11-07 01:30 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-11-07 01:30 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-11-07 01:30 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-11-07 01:30 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-11-07 01:30 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-11-07 01:30 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-04 22:44 16384]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 06:00 15360]
"Philips Intelligent Agent"="C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" [2007-07-05 14:08 615320]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-22 08:51 149040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="LOGI_MWX.EXE" [2003-11-07 03:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 19:55 8523776]
"nwiz"="nwiz.exe" [2007-12-18 19:55 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 07:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 09:12 729088]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe" [2006-12-28 19:54 363008]
"Launch Ai Booster"="C:\Program Files\ASUS\AI Booster\OverClk.exe" [2006-12-08 17:24 3714048]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2006-01-13 18:28 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-01-13 18:28 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-15 20:02 153136]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 19:55 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 06:44:06]
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [2003-06-24 00:31:35]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-04 22:44:43]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-05 14:18:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R2 WUSB54GSC;WUSB54GSC;"C:\Program Files\Linksys\WUSB54GSC\WLService.exe" "WUSB54GSC.exe" []
R3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-23 13:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\AutoRunCD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeb9f210-bab6-11dc-ba0a-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe

*Newly Created Service* - GTNDIS5
*Newly Created Service* - IDSVC
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 14:33:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 14:33:36
ComboFix-quarantined-files.txt 2008-01-13 20:33:34
.
2008-01-09 00:59:59 --- E O F ---



And the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:34 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199512937437
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSC\WLService.exe

--
End of file - 7724 bytes
  • 0

#4
Essexboy
Posted 12 January 2008 - 04:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm that looked a bit easy as the one bad file is now deleted - to confirm this

Download and then run SuperAntispyware
  • On the first page select Check for Updates
  • On completion select SCAN YOUR COMPUTER
  • On the next page select COMPLETE SCAN and tick ALL your drives
  • The next stage will take a while as your entire drive(s), memory and registry are scanned
  • When it has completed click NEXT
  • The next screen shows the problems found click OK
  • On the next screen place a tick against all items and select NEXT
  • Now to get the log Go to the PREFERENCES button on the right bottom
  • Select the STATISTICS/LOG tab
  • Highlight the scan just completed and click VIEW LOG
  • This will open a notepad text file copy and paste this to your next reply

Logs required : Superantispyware and a new Hijackthis plus how is your system running now
  • 0

#5
fuganator
Posted 12 January 2008 - 08:08 PM

fuganator

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/13/2008 at 07:40 PM

Application Version : 3.9.1008

Core Rules Database Version : 3379
Trace Rules Database Version: 1373

Scan type : Complete Scan
Total Scan Time : 00:16:09

Memory items scanned : 509
Memory threats detected : 0
Registry items scanned : 5226
Registry threats detected : 0
File items scanned : 29190
File threats detected : 9

Adware.Tracking Cookie
C:\Documents and Settings\Brian\Cookies\brian@statcounter[2].txt
C:\Documents and Settings\Brian\Cookies\[email protected][1].txt
C:\Documents and Settings\Brian\Cookies\[email protected][2].txt
C:\Documents and Settings\Brian\Cookies\brian@weefind[1].txt
C:\Documents and Settings\Brian\Cookies\brian@specificclick[2].txt
C:\Documents and Settings\Brian\Cookies\brian@hitbox[2].txt

Trojan.Unclassifed/AffiliateBundle
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FCCBCAA.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{06F41DD8-9273-40E5-930B-7AE9FE5B2585}\RP37\A0008463.DLL
C:\VUNDOFIX BACKUPS\FCCBCAA.DLL.BAD




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:00 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199512937437
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSC\WLService.exe

--
End of file - 8050 bytes



Seems to be ok right now. Avast would catch it every once in a while before, but it hasn't yet. I am going to give it a day or so and see what happens.

Edited by fuganator, 12 January 2008 - 10:48 PM.

  • 0

#6
Essexboy
Posted 13 January 2008 - 05:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


    • Posted Image

  • When shown the disclaimer, Select "2"

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.


Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#7
fuganator
Posted 13 January 2008 - 04:54 PM

fuganator

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Just wanted to let you know that everything is still working fine and no more trojan. Thanks for the help again!!!
  • 0

#8
Essexboy
Posted 13 January 2008 - 05:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP