prep for HijackThis Log posting
- Thread starter paulmars
- Start date
- Status
ur request for combofix log was not there when I refreshed, then I posted, and now it is>>>>
ComboFix 09-02-02.03 - pa ma 2009-02-02 16:56:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.313 [GMT -5:00]
Running from: c:\documents and settings\pa ma\Desktop\slow\ComboFix.exe
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-01-02 to 2009-02-02 )))))))))))))))))))))))))))))))
.
2009-01-28 01:57 . 2001-08-17 13:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2009-01-28 01:56 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-01-28 01:55 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-01-28 01:54 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-01-28 01:53 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-01-28 01:52 . 2008-04-14 05:41 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-01-28 01:51 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-01-28 01:50 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-01-28 01:49 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-01-28 01:48 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-01-28 01:47 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-01-27 18:32 . 2009-01-27 19:09 <DIR> d-------- c:\documents and settings\pa ma\.housecall6.6
2009-01-27 18:03 . 2009-01-27 18:03 <DIR> d-------- c:\program files\Spyware Terminator
2009-01-27 18:03 . 2009-01-27 18:04 <DIR> d-------- c:\documents and settings\pa ma\Application Data\Spyware Terminator
2009-01-27 18:03 . 2009-01-27 18:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-01-27 18:03 . 2009-01-27 18:03 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-01-27 16:20 . 2009-01-27 16:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-01-27 16:19 . 2009-01-27 16:20 <DIR> d-------- c:\program files\Trojan Remover
2009-01-27 16:16 . 2009-01-27 16:19 <DIR> d-------- c:\documents and settings\pa ma\Application Data\Simply Super Software
2009-01-27 16:16 . 2009-01-27 16:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-01-27 16:16 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-01-27 16:16 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\unrar3.dll
2009-01-27 16:16 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-01-27 16:16 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-01-27 16:16 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-01-27 02:59 . 2009-01-27 03:12 <DIR> d-------- C:\VundoFix Backups
2009-01-27 02:33 . 2009-01-27 02:33 <DIR> d-------- c:\program files\CCleaner
2009-01-27 02:24 . 2009-01-27 02:24 <DIR> d-------- c:\program files\CleanUp!
2009-01-27 02:20 . 2009-01-27 02:20 <DIR> d-------- c:\program files\MSConfig CleanUp
2009-01-25 22:53 . 2009-01-25 23:17 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-25 22:24 . 2009-01-25 22:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-25 22:24 . 2009-01-25 22:24 <DIR> d-------- c:\documents and settings\pa ma\Application Data\Malwarebytes
2009-01-25 22:24 . 2009-01-25 22:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-25 22:24 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-25 22:24 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-25 20:13 . 2009-01-25 20:13 <DIR> d-------- c:\program files\Trend Micro
2009-01-25 03:30 . 2009-01-25 03:30 <DIR> d-------- c:\program files\The Weather Channel FW
2009-01-25 03:27 . 2009-01-31 04:19 <DIR> d-------- c:\program files\Trillian
2009-01-23 01:51 . 2009-01-23 01:51 <DIR> d-------- c:\program files\AskBarDis
2009-01-23 01:50 . 2009-01-23 01:50 <DIR> d-------- c:\program files\Zone Labs
2009-01-23 01:50 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-01-23 01:50 . 2009-02-02 16:52 348,371 --a------ c:\windows\system32\vsconfig.xml
2009-01-18 01:57 . 2009-01-18 01:57 <DIR> d-------- C:\AUDIO_TS
2009-01-15 01:44 . 2009-01-15 01:44 <DIR> d-------- c:\program files\MagicISO
2009-01-11 20:36 . 2009-01-12 23:00 <DIR> d-------- C:\Flow.For.Love.of.Water(2008)DvDrip-aXXo
2009-01-09 20:47 . 2009-01-09 20:47 <DIR> d-------- C:\Flow.For.Love.of.Water[2008]HDTV.XviD-0TV
2009-01-08 01:15 . 2009-01-26 05:44 116 --a------ c:\windows\NeroDigital.ini
2009-01-08 01:14 . 2009-01-08 01:14 <DIR> d-------- c:\documents and settings\pa ma\Application Data\Ahead
2009-01-08 01:06 . 2009-01-08 01:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead
2009-01-08 01:06 . 2005-12-09 15:02 3,051,520 --------- c:\windows\UNNeroVision.exe
2009-01-08 01:06 . 2006-01-30 14:09 156,471 --------- c:\windows\UNNeroVision.cfg
2009-01-08 01:06 . 2001-06-26 07:15 38,912 --------- c:\windows\system32\picn20.dll
2009-01-08 01:04 . 2009-01-08 01:04 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-08 01:04 . 2009-01-08 01:06 <DIR> d-------- c:\program files\Ahead
2009-01-08 01:04 . 2004-07-26 16:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-01-08 01:04 . 2004-07-26 16:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-01-08 01:04 . 2004-07-26 16:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-01-08 01:04 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2009-01-08 01:04 . 2004-07-26 16:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-01-08 01:04 . 2001-07-09 10:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-01-08 01:04 . 2005-09-01 11:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2009-01-08 01:04 . 2000-06-26 10:45 106,496 --------- c:\windows\system32\TwnLib20.dll
2009-01-08 01:04 . 2005-09-01 11:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2009-01-02 19:56 . 2009-01-03 04:21 26 --a------ c:\windows\dvdSanta.INI
2009-01-02 12:54 . 2009-01-02 12:54 <DIR> d-------- C:\REST2514
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-02 21:46 --------- d-----w c:\documents and settings\pa ma\Application Data\uTorrent
2009-02-02 19:45 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-28 07:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-27 05:17 3,442,615 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-01-25 09:19 1,339,392 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-01-24 00:59 --------- d-----w c:\documents and settings\pa ma\Application Data\dvdcss
2009-01-19 00:41 --------- d-----w c:\program files\Easy Thumbnails
2009-01-03 09:08 --------- d-----w c:\program files\dvdSanta
2008-12-26 02:01 --------- d-----w c:\documents and settings\pa ma\Application Data\DivX
2008-12-19 23:33 19,326,281 ----a-w c:\windows\Internet Logs\vsmon_on_demand_thread_2008_12_19_18_22_47_full.dmp.zip
2008-12-18 05:00 --------- d-----w c:\documents and settings\pa ma\Application Data\ImgBurn
2008-12-18 03:42 --------- d-----w c:\program files\Common Files\Nero
2008-12-18 03:42 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-17 17:21 --------- d-----w c:\program files\DivX
2008-12-17 06:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-17 04:29 --------- d-----w c:\program files\NCH Swift Sound
2008-12-17 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-12-17 04:17 22,782 ----a-w c:\windows\system32\UninstXviDDec.exe
2008-12-17 04:16 --------- d-----w c:\program files\AviSynth 2.5
2008-12-13 05:55 --------- d-----w c:\program files\Canon
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 00:08 --------- d-----w c:\documents and settings\pa ma\Application Data\Easy Thumbnails
2008-12-08 19:00 --------- d-----w c:\documents and settings\pa ma\Application Data\.purple
2008-12-08 05:07 --------- d-----w c:\program files\David Vidmar
2008-12-08 04:25 --------- d-----w c:\program files\Kine
2008-12-08 04:25 --------- d-----w c:\program files\CDSpectrum Pro
2008-12-06 05:29 --------- d-----w c:\program files\NCH Software
2008-12-06 05:00 --------- d-----w c:\documents and settings\pa ma\Application Data\NCH Swift Sound
2008-12-06 04:57 --------- d-----w c:\program files\Audacity
2008-12-05 05:35 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-05 05:35 --------- d-----w c:\program files\Java
2008-12-05 04:01 --------- d-----w c:\program files\IrfanView
2008-11-12 18:25 9,728 ----a-w c:\windows\system32\bdco1ins.dll
2008-11-12 18:25 295,424 ----a-w c:\windows\system32\idecoi.dll
2008-11-12 18:25 201,728 ----a-w c:\windows\system32\fdco1ins.dll
2008-11-12 18:25 176,128 ----a-w c:\windows\system32\nvusmb.exe
2008-11-12 18:25 176,128 ----a-w c:\windows\system32\nvuide.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=c:\windows\pss\Microtek Scanner Finder.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
--a------ 2008-10-06 09:41 793712 c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-05 00:35 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2009-01-01 20:43 1231752 c:\program files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-20 08:42 77824 c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ASKService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-02-11 16640]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [2008-10-31 472644]
R3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2003-10-29 166720]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-01-23 464264]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-Palringo - c:\program files\Palringo\palringo.exe
MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero8\InCD\NBHGui.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\pa ma\Application Data\Mozilla\Firefox\Profiles\l081cnd6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US
fficial
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 16:57:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-02-02 16:58:28
ComboFix-quarantined-files.txt 2009-02-02 21:58:26
Pre-Run: 11,100,405,760 bytes free
Post-Run: 11,095,646,208 bytes free
195 --- E O F --- 2009-01-16 05:47:21
ComboFix 09-02-02.03 - pa ma 2009-02-02 16:56:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.313 [GMT -5:00]
Running from: c:\documents and settings\pa ma\Desktop\slow\ComboFix.exe
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-01-02 to 2009-02-02 )))))))))))))))))))))))))))))))
.
2009-01-28 01:57 . 2001-08-17 13:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2009-01-28 01:56 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-01-28 01:55 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-01-28 01:54 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-01-28 01:53 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-01-28 01:52 . 2008-04-14 05:41 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-01-28 01:51 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-01-28 01:50 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-01-28 01:49 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-01-28 01:48 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-01-28 01:47 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-01-27 18:32 . 2009-01-27 19:09 <DIR> d-------- c:\documents and settings\pa ma\.housecall6.6
2009-01-27 18:03 . 2009-01-27 18:03 <DIR> d-------- c:\program files\Spyware Terminator
2009-01-27 18:03 . 2009-01-27 18:04 <DIR> d-------- c:\documents and settings\pa ma\Application Data\Spyware Terminator
2009-01-27 18:03 . 2009-01-27 18:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-01-27 18:03 . 2009-01-27 18:03 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-01-27 16:20 . 2009-01-27 16:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-01-27 16:19 . 2009-01-27 16:20 <DIR> d-------- c:\program files\Trojan Remover
2009-01-27 16:16 . 2009-01-27 16:19 <DIR> d-------- c:\documents and settings\pa ma\Application Data\Simply Super Software
2009-01-27 16:16 . 2009-01-27 16:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-01-27 16:16 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-01-27 16:16 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\unrar3.dll
2009-01-27 16:16 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-01-27 16:16 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-01-27 16:16 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-01-27 02:59 . 2009-01-27 03:12 <DIR> d-------- C:\VundoFix Backups
2009-01-27 02:33 . 2009-01-27 02:33 <DIR> d-------- c:\program files\CCleaner
2009-01-27 02:24 . 2009-01-27 02:24 <DIR> d-------- c:\program files\CleanUp!
2009-01-27 02:20 . 2009-01-27 02:20 <DIR> d-------- c:\program files\MSConfig CleanUp
2009-01-25 22:53 . 2009-01-25 23:17 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-25 22:24 . 2009-01-25 22:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-25 22:24 . 2009-01-25 22:24 <DIR> d-------- c:\documents and settings\pa ma\Application Data\Malwarebytes
2009-01-25 22:24 . 2009-01-25 22:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-25 22:24 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-25 22:24 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-25 20:13 . 2009-01-25 20:13 <DIR> d-------- c:\program files\Trend Micro
2009-01-25 03:30 . 2009-01-25 03:30 <DIR> d-------- c:\program files\The Weather Channel FW
2009-01-25 03:27 . 2009-01-31 04:19 <DIR> d-------- c:\program files\Trillian
2009-01-23 01:51 . 2009-01-23 01:51 <DIR> d-------- c:\program files\AskBarDis
2009-01-23 01:50 . 2009-01-23 01:50 <DIR> d-------- c:\program files\Zone Labs
2009-01-23 01:50 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-01-23 01:50 . 2009-02-02 16:52 348,371 --a------ c:\windows\system32\vsconfig.xml
2009-01-18 01:57 . 2009-01-18 01:57 <DIR> d-------- C:\AUDIO_TS
2009-01-15 01:44 . 2009-01-15 01:44 <DIR> d-------- c:\program files\MagicISO
2009-01-11 20:36 . 2009-01-12 23:00 <DIR> d-------- C:\Flow.For.Love.of.Water(2008)DvDrip-aXXo
2009-01-09 20:47 . 2009-01-09 20:47 <DIR> d-------- C:\Flow.For.Love.of.Water[2008]HDTV.XviD-0TV
2009-01-08 01:15 . 2009-01-26 05:44 116 --a------ c:\windows\NeroDigital.ini
2009-01-08 01:14 . 2009-01-08 01:14 <DIR> d-------- c:\documents and settings\pa ma\Application Data\Ahead
2009-01-08 01:06 . 2009-01-08 01:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead
2009-01-08 01:06 . 2005-12-09 15:02 3,051,520 --------- c:\windows\UNNeroVision.exe
2009-01-08 01:06 . 2006-01-30 14:09 156,471 --------- c:\windows\UNNeroVision.cfg
2009-01-08 01:06 . 2001-06-26 07:15 38,912 --------- c:\windows\system32\picn20.dll
2009-01-08 01:04 . 2009-01-08 01:04 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-08 01:04 . 2009-01-08 01:06 <DIR> d-------- c:\program files\Ahead
2009-01-08 01:04 . 2004-07-26 16:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-01-08 01:04 . 2004-07-26 16:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-01-08 01:04 . 2004-07-26 16:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-01-08 01:04 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2009-01-08 01:04 . 2004-07-26 16:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-01-08 01:04 . 2001-07-09 10:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-01-08 01:04 . 2005-09-01 11:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2009-01-08 01:04 . 2000-06-26 10:45 106,496 --------- c:\windows\system32\TwnLib20.dll
2009-01-08 01:04 . 2005-09-01 11:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2009-01-02 19:56 . 2009-01-03 04:21 26 --a------ c:\windows\dvdSanta.INI
2009-01-02 12:54 . 2009-01-02 12:54 <DIR> d-------- C:\REST2514
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-02 21:46 --------- d-----w c:\documents and settings\pa ma\Application Data\uTorrent
2009-02-02 19:45 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-28 07:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-27 05:17 3,442,615 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-01-25 09:19 1,339,392 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-01-24 00:59 --------- d-----w c:\documents and settings\pa ma\Application Data\dvdcss
2009-01-19 00:41 --------- d-----w c:\program files\Easy Thumbnails
2009-01-03 09:08 --------- d-----w c:\program files\dvdSanta
2008-12-26 02:01 --------- d-----w c:\documents and settings\pa ma\Application Data\DivX
2008-12-19 23:33 19,326,281 ----a-w c:\windows\Internet Logs\vsmon_on_demand_thread_2008_12_19_18_22_47_full.dmp.zip
2008-12-18 05:00 --------- d-----w c:\documents and settings\pa ma\Application Data\ImgBurn
2008-12-18 03:42 --------- d-----w c:\program files\Common Files\Nero
2008-12-18 03:42 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-17 17:21 --------- d-----w c:\program files\DivX
2008-12-17 06:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-17 04:29 --------- d-----w c:\program files\NCH Swift Sound
2008-12-17 04:29 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-12-17 04:17 22,782 ----a-w c:\windows\system32\UninstXviDDec.exe
2008-12-17 04:16 --------- d-----w c:\program files\AviSynth 2.5
2008-12-13 05:55 --------- d-----w c:\program files\Canon
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 00:08 --------- d-----w c:\documents and settings\pa ma\Application Data\Easy Thumbnails
2008-12-08 19:00 --------- d-----w c:\documents and settings\pa ma\Application Data\.purple
2008-12-08 05:07 --------- d-----w c:\program files\David Vidmar
2008-12-08 04:25 --------- d-----w c:\program files\Kine
2008-12-08 04:25 --------- d-----w c:\program files\CDSpectrum Pro
2008-12-06 05:29 --------- d-----w c:\program files\NCH Software
2008-12-06 05:00 --------- d-----w c:\documents and settings\pa ma\Application Data\NCH Swift Sound
2008-12-06 04:57 --------- d-----w c:\program files\Audacity
2008-12-05 05:35 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-05 05:35 --------- d-----w c:\program files\Java
2008-12-05 04:01 --------- d-----w c:\program files\IrfanView
2008-11-12 18:25 9,728 ----a-w c:\windows\system32\bdco1ins.dll
2008-11-12 18:25 295,424 ----a-w c:\windows\system32\idecoi.dll
2008-11-12 18:25 201,728 ----a-w c:\windows\system32\fdco1ins.dll
2008-11-12 18:25 176,128 ----a-w c:\windows\system32\nvusmb.exe
2008-11-12 18:25 176,128 ----a-w c:\windows\system32\nvuide.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=c:\windows\pss\Microtek Scanner Finder.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
--a------ 2008-10-06 09:41 793712 c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-05 00:35 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2009-01-01 20:43 1231752 c:\program files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-20 08:42 77824 c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ASKService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-02-11 16640]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [2008-10-31 472644]
R3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2003-10-29 166720]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-01-23 464264]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-Palringo - c:\program files\Palringo\palringo.exe
MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero8\InCD\NBHGui.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\pa ma\Application Data\Mozilla\Firefox\Profiles\l081cnd6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US
fficial.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 16:57:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-02-02 16:58:28
ComboFix-quarantined-files.txt 2009-02-02 21:58:26
Pre-Run: 11,100,405,760 bytes free
Post-Run: 11,095,646,208 bytes free
195 --- E O F --- 2009-01-16 05:47:21
I really dont know whats going on with your system. I dont believe you are infected with spyware, you have other system issues I assume.
That log looks fine and so does hijackthis.
As long as you removed all the threats, issues, etc that those spyware programs detected, not sure what else to do.
That log looks fine and so does hijackthis.
As long as you removed all the threats, issues, etc that those spyware programs detected, not sure what else to do.
- Status
