It seems to be running better.
ComboFix 08-01-23.1 - Administrator 2008-01-23 13:20:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.630 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
- Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\winmntx.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\winmntx.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.
2008-01-22 12:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 10:22 . 2008-01-22 10:22 d-------- C:\Program Files\Alwil Software
2008-01-22 10:22 . 2007-12-04 05:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-22 10:22 . 2004-01-09 01:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-22 10:22 . 2007-12-04 04:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-22 10:22 . 2007-12-04 06:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-22 10:22 . 2007-12-04 06:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-22 10:22 . 2007-12-04 06:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-22 10:22 . 2007-12-04 06:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-22 10:22 . 2007-12-04 06:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-22 09:31 . 2008-01-22 09:31 d-------- C:\Program Files\iPod
2008-01-21 22:20 . 2008-01-21 22:20 d-------- C:\Program Files\Trend Micro
2008-01-21 20:42 . 2008-01-21 20:42 d-------- C:\Program Files\CCleaner
2008-01-15 17:42 . 2008-01-21 22:24 d-------- C:\Program Files\KeyScrambler
2008-01-15 17:41 . 2008-01-15 17:41 d-------- C:\Program Files\Microsoft Silverlight
2008-01-15 16:48 . 2008-01-15 16:48 d-------- C:\Program Files\Windows Defender
2008-01-15 16:09 . 2008-01-15 16:29 d-------- C:\Program Files\PC Adware-Spyware Removal
2008-01-11 21:55 . 2008-01-11 21:55 d-------- C:\WINDOWS\system32\LogFiles
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-04 10:28 . 2008-01-04 10:28 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-04 10:05 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-04 10:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-04 10:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-04 10:05 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 17:31 --------- d-----w C:\Program Files\iTunes
2008-01-22 17:30 --------- d-----w C:\Program Files\QuickTime
2008-01-22 04:19 --------- d-----w C:\Program Files\mIRC
2007-12-31 21:23 --------- d-----w C:\Program Files\PokerStars
2007-12-15 18:56 --------- d-----w C:\Program Files\Google
2007-12-13 22:31 --------- d-----w C:\Program Files\Viewpoint
2007-12-13 21:39 --------- d-----w C:\Program Files\Apple Software Update
2007-12-13 21:38 --------- d-----w C:\Program Files\Common Files\Apple
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-01-20 22:17 65 ----a-w C:\Program Files\Common Files\appop.log
.
((((((((((((((((((((((((((((( snapshot@2008-01-23_13.03.42.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-22 20:56:17 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000001\NTUSER.DAT
- 2008-01-23 21:20:49 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000001\NTUSER.DAT
- 2008-01-22 20:56:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000002\UsrClass.dat
- 2008-01-23 21:20:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000002\UsrClass.dat
- 2008-01-22 20:56:17 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000003\NTUSER.DAT
- 2008-01-23 21:20:49 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000003\NTUSER.DAT
- 2008-01-22 20:56:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000004\UsrClass.dat
- 2008-01-23 21:20:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000004\UsrClass.dat
- 2008-01-22 20:56:18 4,247,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000005\NTUSER.DAT
- 2008-01-23 21:20:49 4,251,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000005\NTUSER.DAT
- 2008-01-22 20:56:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000006\UsrClass.dat
- 2008-01-23 21:20:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 16:56 15360]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 08:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-11-10 21:47 7311360]
“nwiz”=“nwiz.exe” [2005-11-10 21:47 1519616 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-11-10 21:47 86016]
“NVIDIA nTune”=“C:\Program Files\NVIDIA Corporation\nTune\nTune.exe” [2004-11-09 08:38 532480]
“Launch Ai Booster”=“C:\Program Files\ASUS\Ai Booster\OverClk.exe” [2004-11-19 14:31 3503616]
“BJCFD”=“C:\Program Files\BroadJump\Client Foundation\CFD.exe” [2002-09-10 18:26 368706]
“SoundMan”=“SOUNDMAN.EXE” [2004-11-15 02:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
“LXSUPMON”=“C:\WINDOWS\system32\LXSUPMON.exe” [2002-03-08 00:02 900096]
“WINCINEMAMGR”=“C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe” [2005-01-20 23:47 270336]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 19:20 866584]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2008-01-10 15:27 385024]
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2008-01-15 03:22 267048]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 16:42 32768]
“HostManager”=“C:\Program Files\Common Files\AOL\1139418256\ee\AOLSoftware.exe” [2005-11-02 19:01 50792]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 05:00 79224]
“UserFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -u”
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” [2007-03-13 16:38 39264]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-20 14:16:05 270336]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 08:05:56 65588]
R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 03:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;“C:\Program Files\Viewpoint\Common\ViewpointService.exe” [2007-01-04 13:38]
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 17:28]
.
Contents of the ‘Scheduled Tasks’ folder
“2008-01-14 20:18:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
“2008-01-23 21:03:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job”
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 13:21:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
.
Completion time: 2008-01-23 13:22:17
ComboFix-quarantined-files.txt 2008-01-23 21:22:01
ComboFix2.txt 2008-01-23 21:03:52
.
2008-01-22 19:23:21 — E O F —
