[Dr.Gootch]

Can someone please check this, i think i cleaned out all the bad stuff, just wanna someone to double check me please? thanks



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:13 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8CD034DD-E9AD-47D3-8689-51886345799C} - C:\WINDOWS\system32\hgghgee.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] C:\DOCUME~1\Steve\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1200366959516
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1200677675671
O20 - Winlogon Notify: hgghgee - C:\WINDOWS\SYSTEM32\hgghgee.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6449 bytes

[Osiris]

remove

O2 - BHO: (no name) - {8CD034DD-E9AD-47D3-8689-51886345799C} - C:\WINDOWS\system32\hgghgee.dll

O20 - Winlogon Notify: hgghgee - C:\WINDOWS\SYSTEM32\hgghgee.dll

reboot, then see if you still have the same issue

[Dr.Gootch]

it will not remove them. i tried in safe mode, i also found the file and tryed to manuel del it and no go. Said it is disk right protected or it may be in use.

[Redmo0n]

Start>Run>Msconfig

Stop the process from starting up

or

Ctrl+Alt+Del and end the process then try deleting

[Osiris]

any luck?

[Dr.Gootch]

No there not running in the process's. But every liek 10 mins or so i get a virus and my avast catchs it. there always something .dll. OK here is a pic of what its doing and all the catchs. ImageShack - Hosting :: pic1zr9.jpg This is ****ing me off can someone please help!

[Redmo0n]

Disable all you startup processes but your anti virus

Start>run>msconfig>STARTUP

Then maybe do a combofix scan?

[Osiris]

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

run that and then post a new log

[Dr.Gootch]

Here is my ComboFix Log....


ComboFix 08-01-23.1 - Steve 2008-01-22 12:55:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.221 [GMT -8:00]
Running from: C:\Documents and Settings\Steve\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\Temporary
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\hgghgee.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\systeminfo.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-22 12:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 09:11 . 2008-01-22 12:48 <DIR> d-------- C:\Remote Programs
2008-01-22 09:11 . 2006-08-22 14:24 7,542 --------- C:\WINDOWS\Verizon.ico
2008-01-22 09:11 . 2008-01-22 09:11 67 --a------ C:\WINDOWS\GPlrLanc.dat
2008-01-22 09:10 . 2008-01-22 12:12 <DIR> d-------- C:\Program Files\Verizon Games on Demand Player
2008-01-22 09:10 . 2008-01-03 12:50 53,314 --------- C:\WINDOWS\ExentInfo.exe
2008-01-21 15:28 . 2008-01-21 15:28 <DIR> d-------- C:\Program Files\Security Task Manager
2008-01-20 14:15 . 2008-01-20 14:15 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-20 14:15 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-20 14:15 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-01-20 10:12 . 2008-01-20 10:12 <DIR> d-------- C:\Program Files\DVD X Studios
2008-01-19 22:58 . 2008-01-20 23:33 <DIR> d-------- C:\Program Files\FriendBlasterPro
2008-01-19 22:58 . 2004-03-08 18:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-01-19 22:58 . 2000-05-22 00:00 140,488 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-01-19 22:58 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-01-19 16:12 . 2008-01-19 16:12 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-19 16:12 . 2008-01-19 16:12 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-19 16:12 . 2008-01-19 16:12 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-19 15:37 . 2008-01-19 15:37 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-01-19 15:36 . 2008-01-19 15:37 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-01-19 12:37 . 2008-01-19 12:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-19 11:38 . 2008-01-19 11:38 <DIR> d-------- C:\Program Files\Winamp
2008-01-19 10:55 . 2008-01-19 17:54 <DIR> d-------- C:\Program Files\Lineage II
2008-01-19 10:16 . 2008-01-19 10:16 86,144 --a------ C:\WINDOWS\system32\drivers\slntamrr.sys
2008-01-19 10:16 . 2008-01-23 13:01 58,883 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-19 10:04 . 2008-01-19 10:09 <DIR> d-------- C:\Program Files\Chat Supremecy
2008-01-19 09:48 . 2008-01-19 09:48 <DIR> d-------- C:\Program Files\Sygate
2008-01-19 09:48 . 2005-09-27 12:15 83,592 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-01-19 09:48 . 2005-09-27 11:43 61,008 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-01-19 09:48 . 2005-09-27 11:44 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-01-19 09:48 . 2005-09-27 12:16 14,944 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-01-19 09:48 . 2005-09-27 12:16 14,944 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-01-19 09:48 . 2005-09-27 12:16 14,944 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-01-19 09:48 . 2005-09-27 12:16 14,944 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-01-19 09:47 . 2008-01-19 09:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-18 21:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-18 21:19 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-18 12:57 . 2008-01-18 12:58 81 --------- C:\WINDOWS\WB.ini
2008-01-18 12:51 . 2008-01-18 12:51 <DIR> d-------- C:\Program Files\Stardock
2008-01-18 12:51 . 2007-07-11 15:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-01-18 00:54 . 2008-01-18 00:54 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-17 22:09 . 2008-01-17 22:09 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-17 22:03 . 2008-01-17 22:09 <DIR> d-------- C:\Program Files\Windows Live
2008-01-17 22:03 . 2008-01-17 22:09 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-17 21:31 . 2008-01-19 10:06 <DIR> d-------- C:\Program Files\BitComet
2008-01-17 21:09 . 2008-01-17 21:09 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-17 21:07 . 2008-01-17 21:07 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-17 20:57 . 2008-01-17 21:16 <DIR> d-------- C:\Program Files\Java
2008-01-17 20:57 . 2008-01-19 14:50 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-17 20:57 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-17 20:56 . 2008-01-17 20:58 <DIR> d-------- C:\Program Files\LimeWire
2008-01-17 20:56 . 2008-01-17 20:56 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-17 19:14 . 2008-01-17 19:14 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-17 19:13 . 2008-01-17 19:13 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-17 19:13 . 2006-10-04 06:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-17 19:13 . 2006-10-04 06:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-17 19:13 . 2006-10-04 06:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-17 19:12 . 2008-01-19 16:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-17 19:12 . 2008-01-19 02:24 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-17 19:05 . 2006-11-12 22:02 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2008-01-17 19:05 . 2006-11-12 22:02 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2008-01-17 19:05 . 2006-11-12 22:02 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2008-01-17 18:53 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-17 18:48 . 2008-01-17 18:48 <DIR> d-------- C:\Program Files\MSBuild
2008-01-17 18:44 . 2008-01-17 19:19 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-17 18:44 . 2008-01-17 18:44 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-17 18:43 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-01-17 18:31 . 2008-01-17 18:31 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-01-17 18:21 . 2007-07-09 05:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-17 18:09 . 2008-01-17 20:34 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-17 18:02 . 2008-01-17 18:34 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-01-17 18:01 . 2008-01-17 18:01 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-17 18:01 . 2008-01-17 18:01 <DIR> d-------- C:\WINDOWS\peernet
2008-01-17 17:59 . 2008-01-17 17:59 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-17 17:56 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-17 17:54 . 2008-01-17 17:54 <DIR> d-------- C:\WINDOWS\EHome
2008-01-17 17:50 . 2008-01-17 17:50 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-01-17 16:18 . 2008-01-17 16:18 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-17 16:16 . 2008-01-17 16:16 <DIR> d-------- C:\WINDOWS\bin
2008-01-17 16:16 . 2008-01-17 16:47 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-01-17 16:15 . 2008-01-17 16:46 <DIR> d-------- C:\Program Files\vol_toolbar
2008-01-15 17:12 . 2008-01-15 17:12 <DIR> d-------- C:\Program Files\EA GAMES
2008-01-14 22:34 . 2008-01-14 22:34 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-14 22:32 . 2004-08-04 00:56 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-01-14 22:32 . 2004-08-02 14:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-01-14 22:32 . 2004-08-02 14:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-01-14 22:09 . 2004-08-03 23:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-01-14 22:09 . 2004-08-03 23:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-01-14 22:09 . 2004-08-03 23:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-01-14 22:09 . 2004-08-03 23:56 77,312 --a------ C:\WINDOWS\system32\browser.dll
2008-01-14 22:09 . 2007-03-08 07:36 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2008-01-14 22:06 . 2004-08-03 23:56 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2008-01-14 22:05 . 2008-01-14 22:09 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2008-01-14 22:05 . 2004-01-09 21:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-01-14 21:51 . 2008-01-14 21:51 <DIR> d-------- C:\Program Files\BitTornado
2008-01-14 20:43 . 2008-01-14 20:43 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-14 19:18 . 2008-01-14 19:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-14 19:17 . 2004-08-03 23:56 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-01-14 19:17 . 2004-08-03 23:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-01-14 19:17 . 2004-08-03 23:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-22 17:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-18 05:38 --------- d-----w C:\Program Files\AvRack
2008-01-15 02:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-15 02:30 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-01-15 02:25 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-15 02:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-02 10:12 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
.

Code:

<pre>
----a-w            79,224 2008-01-18 05:09:04  C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w           132,496 2008-01-18 05:09:04  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w            15,360 2008-01-18 05:09:06  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CD034DD-E9AD-47D3-8689-51886345799C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"Exetender"="C:\Program Files\Verizon Games on Demand Player\GPlayer.exe" [2008-01-03 13:12 1948160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-06-15 17:20 6803456]
"nwiz"="nwiz.exe" [2005-06-15 17:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray. dll" [2005-06-15 17:20 86016]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 05:00 79224]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 04:39 69632 C:\WINDOWS\SOUNDMAN.EXE]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2005-09-27 12:16 2635472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Exetender"="C:\Program Files\Verizon Games on Demand Player\GPlayer.exe" [2008-01-03 13:12 1948160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\ssqpn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Express]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-09-16 04:39 69632 C:\WINDOWS\SOUNDMAN.EXE

R1 slntamrr;slntamrr;C:\WINDOWS\system32\drivers\slnt amrr.sys [2008-01-19 10:16]
R2 X4HSX32;X4HSX32;C:\Program Files\Verizon Games on Demand Player\X4HSX32.Sys [2006-12-13 08:34]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 02:12]

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 13:01:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-23 13:03:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-23 21:02:57
.
2008-01-19 19:20:18 --- E O F ---

[Osiris]

I now need a new hijackthis log after you ran combo