My Hijackthis Log

Dr.Gootch · Jan 19, 2008

Can someone please check this, i think i cleaned out all the bad stuff, just wanna someone to double check me please? thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:13 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8CD034DD-E9AD-47D3-8689-51886345799C} - C:\WINDOWS\system32\hgghgee.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] C:\DOCUME~1\Steve\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200366959516
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200677675671
O20 - Winlogon Notify: hgghgee - C:\WINDOWS\SYSTEM32\hgghgee.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6449 bytes

Osiris · Jan 20, 2008

remove

O2 - BHO: (no name) - {8CD034DD-E9AD-47D3-8689-51886345799C} - C:\WINDOWS\system32\hgghgee.dll

O20 - Winlogon Notify: hgghgee - C:\WINDOWS\SYSTEM32\hgghgee.dll

reboot, then see if you still have the same issue

Dr.Gootch · Jan 21, 2008

it will not remove them. i tried in safe mode, i also found the file and tryed to manuel del it and no go. Said it is disk right protected or it may be in use.

Redmo0n · Jan 21, 2008

Start>Run>Msconfig

Stop the process from starting up

or

Ctrl+Alt+Del and end the process then try deleting

Osiris · Jan 21, 2008

any luck?

Dr.Gootch · Jan 22, 2008

No there not running in the process's. But every liek 10 mins or so i get a virus and my avast catchs it. there always something .dll. OK here is a pic of what its doing and all the catchs. ImageShack - Hosting :: pic1zr9.jpg This is ****ing me off can someone please help!

Redmo0n · Jan 22, 2008

Disable all you startup processes but your anti virus

Start>run>msconfig>STARTUP

Then maybe do a combofix scan?

Osiris · Jan 22, 2008

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

run that and then post a new log

Dr.Gootch · Jan 22, 2008

Here is my ComboFix Log....

ComboFix 08-01-23.1 - Steve 2008-01-22 12:55:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.221 [GMT -8:00]
Running from: C:\Documents and Settings\Steve\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\Temporary
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\hgghgee.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\systeminfo.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-22 12:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 09:11 . 2008-01-22 12:48 <DIR> d-------- C:\Remote Programs
2008-01-22 09:11 . 2006-08-22 14:24 7,542 --------- C:\WINDOWS\Verizon.ico
2008-01-22 09:11 . 2008-01-22 09:11 67 --a------ C:\WINDOWS\GPlrLanc.dat
2008-01-22 09:10 . 2008-01-22 12:12 <DIR> d-------- C:\Program Files\Verizon Games on Demand Player
2008-01-22 09:10 . 2008-01-03 12:50 53,314 --------- C:\WINDOWS\ExentInfo.exe
2008-01-21 15:28 . 2008-01-21 15:28 <DIR> d-------- C:\Program Files\Security Task Manager
2008-01-20 14:15 . 2008-01-20 14:15 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-20 14:15 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-20 14:15 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-01-20 10:12 . 2008-01-20 10:12 <DIR> d-------- C:\Program Files\DVD X Studios
2008-01-19 22:58 . 2008-01-20 23:33 <DIR> d-------- C:\Program Files\FriendBlasterPro
2008-01-19 22:58 . 2004-03-08 18:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-01-19 22:58 . 2000-05-22 00:00 140,488 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-01-19 22:58 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-01-19 16:12 . 2008-01-19 16:12 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-19 16:12 . 2008-01-19 16:12 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-19 16:12 . 2008-01-19 16:12 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-19 15:37 . 2008-01-19 15:37 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-01-19 15:36 . 2008-01-19 15:37 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-01-19 12:37 . 2008-01-19 12:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-19 11:38 . 2008-01-19 11:38 <DIR> d-------- C:\Program Files\Winamp
2008-01-19 10:55 . 2008-01-19 17:54 <DIR> d-------- C:\Program Files\Lineage II
2008-01-19 10:16 . 2008-01-19 10:16 86,144 --a------ C:\WINDOWS\system32\drivers\slntamrr.sys
2008-01-19 10:16 . 2008-01-23 13:01 58,883 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-19 10:04 . 2008-01-19 10:09 <DIR> d-------- C:\Program Files\Chat Supremecy
2008-01-19 09:48 . 2008-01-19 09:48 <DIR> d-------- C:\Program Files\Sygate
2008-01-19 09:48 . 2005-09-27 12:15 83,592 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-01-19 09:48 . 2005-09-27 11:43 61,008 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-01-19 09:48 . 2005-09-27 11:44 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-01-19 09:48 . 2005-09-27 12:16 14,944 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-01-19 09:48 . 2005-09-27 12:16 14,944 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-01-19 09:48 . 2005-09-27 12:16 14,944 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-01-19 09:48 . 2005-09-27 12:16 14,944 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-01-19 09:47 . 2008-01-19 09:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-18 21:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-18 21:19 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-18 12:57 . 2008-01-18 12:58 81 --------- C:\WINDOWS\WB.ini
2008-01-18 12:51 . 2008-01-18 12:51 <DIR> d-------- C:\Program Files\Stardock
2008-01-18 12:51 . 2007-07-11 15:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-01-18 00:54 . 2008-01-18 00:54 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-17 22:09 . 2008-01-17 22:09 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-17 22:03 . 2008-01-17 22:09 <DIR> d-------- C:\Program Files\Windows Live
2008-01-17 22:03 . 2008-01-17 22:09 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-17 21:31 . 2008-01-19 10:06 <DIR> d-------- C:\Program Files\BitComet
2008-01-17 21:09 . 2008-01-17 21:09 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-17 21:07 . 2008-01-17 21:07 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-17 20:57 . 2008-01-17 21:16 <DIR> d-------- C:\Program Files\Java
2008-01-17 20:57 . 2008-01-19 14:50 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-17 20:57 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-17 20:56 . 2008-01-17 20:58 <DIR> d-------- C:\Program Files\LimeWire
2008-01-17 20:56 . 2008-01-17 20:56 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-17 19:14 . 2008-01-17 19:14 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-17 19:13 . 2008-01-17 19:13 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-17 19:13 . 2006-10-04 06:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-17 19:13 . 2006-10-04 06:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-17 19:13 . 2006-10-04 06:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-17 19:12 . 2008-01-19 16:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-17 19:12 . 2008-01-19 02:24 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-17 19:05 . 2006-11-12 22:02 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2008-01-17 19:05 . 2006-11-12 22:02 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2008-01-17 19:05 . 2006-11-12 22:02 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2008-01-17 18:53 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-17 18:48 . 2008-01-17 18:48 <DIR> d-------- C:\Program Files\MSBuild
2008-01-17 18:44 . 2008-01-17 19:19 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-17 18:44 . 2008-01-17 18:44 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-17 18:43 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-01-17 18:31 . 2008-01-17 18:31 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-01-17 18:21 . 2007-07-09 05:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-17 18:09 . 2008-01-17 20:34 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-17 18:02 . 2008-01-17 18:34 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-01-17 18:01 . 2008-01-17 18:01 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-17 18:01 . 2008-01-17 18:01 <DIR> d-------- C:\WINDOWS\peernet
2008-01-17 17:59 . 2008-01-17 17:59 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-17 17:56 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-17 17:54 . 2008-01-17 17:54 <DIR> d-------- C:\WINDOWS\EHome
2008-01-17 17:50 . 2008-01-17 17:50 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-01-17 16:18 . 2008-01-17 16:18 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-17 16:16 . 2008-01-17 16:16 <DIR> d-------- C:\WINDOWS\bin
2008-01-17 16:16 . 2008-01-17 16:47 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-01-17 16:15 . 2008-01-17 16:46 <DIR> d-------- C:\Program Files\vol_toolbar
2008-01-15 17:12 . 2008-01-15 17:12 <DIR> d-------- C:\Program Files\EA GAMES
2008-01-14 22:34 . 2008-01-14 22:34 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-14 22:32 . 2004-08-04 00:56 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-01-14 22:32 . 2004-08-02 14:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-01-14 22:32 . 2004-08-02 14:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-01-14 22:09 . 2004-08-03 23:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-01-14 22:09 . 2004-08-03 23:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-01-14 22:09 . 2004-08-03 23:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-01-14 22:09 . 2004-08-03 23:56 77,312 --a------ C:\WINDOWS\system32\browser.dll
2008-01-14 22:09 . 2007-03-08 07:36 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2008-01-14 22:06 . 2004-08-03 23:56 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2008-01-14 22:05 . 2008-01-14 22:09 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2008-01-14 22:05 . 2004-01-09 21:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-01-14 21:51 . 2008-01-14 21:51 <DIR> d-------- C:\Program Files\BitTornado
2008-01-14 20:43 . 2008-01-14 20:43 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-14 19:18 . 2008-01-14 19:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-14 19:17 . 2004-08-03 23:56 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-01-14 19:17 . 2004-08-03 23:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-01-14 19:17 . 2004-08-03 23:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 17:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-18 05:38 --------- d-----w C:\Program Files\AvRack
2008-01-15 02:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-15 02:30 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-01-15 02:25 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-15 02:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-02 10:12 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
.

Code:

<pre>
----a-w            79,224 2008-01-18 05:09:04  C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w           132,496 2008-01-18 05:09:04  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w            15,360 2008-01-18 05:09:06  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CD034DD-E9AD-47D3-8689-51886345799C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"Exetender"="C:\Program Files\Verizon Games on Demand Player\GPlayer.exe" [2008-01-03 13:12 1948160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-06-15 17:20 6803456]
"nwiz"="nwiz.exe" [2005-06-15 17:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-06-15 17:20 86016]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 04:39 69632 C:\WINDOWS\SOUNDMAN.EXE]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2005-09-27 12:16 2635472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="C:\Program Files\Verizon Games on Demand Player\GPlayer.exe" [2008-01-03 13:12 1948160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\ssqpn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Express]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-09-16 04:39 69632 C:\WINDOWS\SOUNDMAN.EXE

R1 slntamrr;slntamrr;C:\WINDOWS\system32\drivers\slntamrr.sys [2008-01-19 10:16]
R2 X4HSX32;X4HSX32;C:\Program Files\Verizon Games on Demand Player\X4HSX32.Sys [2006-12-13 08:34]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 02:12]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 13:01:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-23 13:03:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-23 21:02:57
.
2008-01-19 19:20:18 --- E O F ---

Osiris · Jan 22, 2008

I now need a new hijackthis log after you ran combo

My Hijackthis Log

Dr.Gootch

TechyBurst

Osiris

Golden Master

Dr.Gootch

TechyBurst

Redmo0n

Techalicious

Osiris

Golden Master

Dr.Gootch

TechyBurst

Redmo0n

Techalicious

Osiris

Golden Master

Dr.Gootch

TechyBurst

Osiris

Golden Master

Similar threads