Froboy7391_99
New Member
Been having some troubles with this, did a clean install of Vista and it just came back again right away, so I assume its got itself onto my backup External HDD. Anyway I can get it off my external
ComboFix Log
ComboFix 09-02-21.01 - Jourdain 2009-02-22 21:25:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2596 [GMT -4:00]
Running from: c:\users\Jourdain\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
c:\windows\system32\BCMLogon.dll
c:\windows\system32\bcmwlrmt.dll
.
((((((((((((((((((((((((( Files Created from 2009-01-23 to 2009-02-23 )))))))))))))))))))))))))))))))
.
2009-02-22 17:16 . 2009-02-22 17:18 293,187,071 --a------ c:\windows\MEMORY.DMP
2009-02-20 00:49 . 2009-02-20 00:49 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-19 20:43 . 2009-02-19 21:18 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-19 20:43 . 2009-02-19 21:18 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-19 20:17 . 2009-02-19 20:17 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-19 20:17 . 2009-02-19 20:17 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-19 19:47 . 2009-02-19 19:47 <DIR> d-------- c:\program files\SigmaTel
2009-02-19 19:47 . 2007-05-10 17:20 4,952,064 --a------ c:\windows\System32\stacgui.cpl
2009-02-19 19:47 . 2007-04-10 18:02 1,601,536 --a------ c:\windows\System32\stlang.dll
2009-02-19 19:47 . 2007-05-06 17:11 587,776 --a------ c:\windows\System32\stapo.dll
2009-02-19 19:47 . 2007-05-06 17:11 326,144 --a------ c:\windows\System32\stcplx.dll
2009-02-19 19:47 . 2007-05-06 17:10 244,736 --a------ c:\windows\System32\stapi32.dll
2009-02-19 19:47 . 2007-05-06 17:11 94,208 --a------ c:\windows\System32\stacsv.exe
2009-02-19 17:21 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-19 17:21 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-19 17:21 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-19 17:21 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-19 17:21 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-19 17:21 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-19 17:21 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-19 15:51 . 2009-02-19 15:51 22,328 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2009-02-19 15:51 . 2009-02-19 15:51 22,328 --a------ c:\users\Jourdain\AppData\Roaming\PnkBstrK.sys
2009-02-19 15:50 . 2009-02-19 15:50 103,736 --a------ c:\windows\System32\PnkBstrB.exe
2009-02-19 15:50 . 2009-02-19 15:50 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2009-02-19 15:50 . 2009-02-19 15:50 311 --a------ c:\windows\game.ini
2009-02-19 15:31 . 2009-02-19 22:33 <DIR> d-------- c:\users\All Users\NexonUS
2009-02-19 15:31 . 2009-02-19 22:33 <DIR> d-------- c:\programdata\NexonUS
2009-02-19 15:21 . 2009-02-19 15:21 <DIR> d--hs---- c:\windows\ftpcache
2009-02-19 14:53 . 2009-02-19 19:51 <DIR> d-------- c:\program files\Common Files\Steam
2009-02-19 14:53 . 2009-02-19 19:27 <DIR> d-------- C:\Games
2009-02-19 14:35 . 2009-02-21 15:52 <DIR> d-------- c:\users\Jourdain\Tracing
2009-02-19 14:33 . 2009-02-19 14:33 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-19 14:33 . 2009-02-19 14:33 <DIR> d-------- c:\program files\Windows Live
2009-02-19 14:33 . 2009-02-19 20:19 <DIR> d-------- c:\program files\Microsoft
2009-02-19 14:28 . 2009-02-19 14:28 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-19 11:59 . 2009-02-19 11:59 0 --a------ c:\windows\nsreg.dat
2009-02-19 11:43 . 2009-02-19 11:43 <DIR> d-------- c:\windows\Sun
2009-02-19 02:24 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2009-02-19 01:38 . 2009-02-19 01:40 <DIR> d-------- c:\users\Jourdain\AppData\Roaming\vlc
2009-02-19 01:10 . 2009-02-19 01:10 <DIR> d-------- c:\program files\TGTSoft
2009-02-19 01:02 . 2009-02-19 01:02 <DIR> d-------- c:\program files\PC Wizard
2009-02-19 00:57 . 2009-02-19 00:57 <DIR> d-------- c:\program files\MoRUN.net
2009-02-19 00:43 . 2009-02-19 00:43 182,784 --a------ c:\program files\KB56310.exe
2009-02-19 00:43 . 2009-02-19 00:43 176,128 --a------ c:\windows\System32\hq46911.dll
2009-02-19 00:12 . 2008-10-21 21:22 2,048 --a------ c:\windows\System32\tzres.dll
2009-02-19 00:11 . 2009-02-19 00:11 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-18 23:53 . 2008-07-27 14:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-18 23:53 . 2008-07-27 14:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-18 23:53 . 2008-07-27 14:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-18 23:52 . 2008-07-27 14:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-18 23:52 . 2008-07-27 14:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-18 23:51 . 2008-10-21 01:25 1,645,568 --a------ c:\windows\System32\connect.dll
2009-02-18 23:51 . 2008-08-27 23:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2009-02-18 23:51 . 2008-08-27 23:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-02-18 23:51 . 2008-08-27 23:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-02-18 23:51 . 2008-10-21 23:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-02-18 23:51 . 2008-09-18 00:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2009-02-18 23:51 . 2008-09-18 00:56 125,952 --a------ c:\windows\System32\wersvc.dll
2009-02-18 23:48 . 2008-10-31 21:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-02-18 23:48 . 2008-09-17 22:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2009-02-18 23:48 . 2008-03-08 00:21 1,695,744 --a------ c:\windows\System32\gameux.dll
2009-02-18 23:48 . 2008-09-05 01:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2009-02-18 23:48 . 2008-04-26 04:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-18 23:48 . 2008-04-11 23:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-02-18 23:48 . 2008-04-18 01:48 269,312 --a------ c:\windows\System32\es.dll
2009-02-18 23:48 . 2008-04-04 21:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-02-18 23:48 . 2008-10-31 23:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-02-18 23:48 . 2008-04-04 23:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-02-18 23:47 . 2008-10-29 02:29 2,927,104 --a------ c:\windows\explorer.exe
2009-02-18 23:47 . 2008-08-01 21:01 625,152 --a------ c:\windows\System32\drivers\dxgkrnl.sys
2009-02-18 23:47 . 2008-06-25 23:29 565,248 --a------ c:\windows\System32\emdmgmt.dll
2009-02-18 23:47 . 2008-08-11 23:39 443,392 --a------ c:\windows\System32\win32spl.dll
2009-02-18 23:47 . 2008-06-18 23:31 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-02-18 23:47 . 2008-06-25 23:29 303,616 --a------ c:\windows\System32\wmpeffects.dll
2009-02-18 23:47 . 2008-05-19 22:07 148,480 --a------ c:\windows\System32\drivers\nwifi.sys
2009-02-18 23:47 . 2008-05-09 21:33 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2009-02-18 23:47 . 2008-06-25 23:29 45,056 --a------ c:\windows\System32\dataclen.dll
2009-02-18 23:47 . 2008-08-01 23:26 36,864 --a------ c:\windows\System32\cdd.dll
2009-02-18 23:46 . 2008-06-22 21:59 2,868,736 --a------ c:\windows\System32\mf.dll
2009-02-18 23:46 . 2008-04-26 04:08 1,314,816 --a------ c:\windows\System32\quartz.dll
2009-02-18 23:46 . 2008-06-22 21:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2009-02-18 23:46 . 2008-06-22 21:58 94,720 --a------ c:\windows\System32\logagent.exe
2009-02-18 23:43 . 2008-09-18 01:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2009-02-18 23:43 . 2008-09-18 01:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2009-02-18 23:43 . 2008-09-09 23:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2009-02-18 23:43 . 2008-04-10 01:12 738,304 --a------ c:\windows\System32\inetcomm.dll
2009-02-18 23:43 . 2008-05-08 17:59 430,080 --a------ c:\windows\System32\vbscript.dll
2009-02-18 23:43 . 2008-05-08 17:59 180,224 --a------ c:\windows\System32\scrobj.dll
2009-02-18 23:43 . 2008-05-08 17:59 172,032 --a------ c:\windows\System32\scrrun.dll
2009-02-18 23:43 . 2008-05-08 17:59 155,648 --a------ c:\windows\System32\wscript.exe
2009-02-18 23:43 . 2008-05-08 17:58 135,168 --a------ c:\windows\System32\wshom.ocx
2009-02-18 23:43 . 2008-05-08 17:58 135,168 --a------ c:\windows\System32\cscript.exe
2009-02-18 23:43 . 2008-05-08 17:59 90,112 --a------ c:\windows\System32\wshext.dll
2009-02-18 23:36 . 2009-02-18 23:36 <DIR> d-------- c:\users\All Users\FLEXnet
2009-02-18 23:36 . 2009-02-18 23:36 <DIR> d-------- c:\programdata\FLEXnet
2009-02-18 23:32 . 2009-02-18 23:32 <DIR> d-------- c:\users\All Users\Adobe
2009-02-18 23:31 . 2009-02-18 23:31 <DIR> d-------- c:\program files\Bonjour
2009-02-18 23:27 . 2009-02-18 23:27 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-02-18 23:26 . 2009-02-18 23:31 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-18 23:16 . 2009-02-18 23:16 <DIR> d-------- c:\program files\PowerISO
2009-02-18 23:11 . 2009-02-18 23:12 <DIR> d-------- c:\program files\MagicDisc
2009-02-18 23:11 . 2008-07-28 17:19 116,736 --a------ c:\windows\System32\drivers\mcdbus.sys
2009-02-18 23:10 . 2009-02-18 23:10 182,784 --a------ c:\program files\KB38098.exe
2009-02-18 23:10 . 2009-02-18 23:10 182,784 --a------ c:\program files\KB38081.exe
2009-02-18 23:10 . 2009-02-18 23:10 176,128 --a------ c:\windows\System32\hq71240.dll
2009-02-18 22:43 . 2009-02-18 19:50 <DIR> d-------- c:\windows\Panther
2009-02-18 22:43 . 2009-02-18 21:17 <DIR> d--hs---- C:\Boot
2009-02-18 22:43 . 2008-01-18 23:45 333,203 -rahs---- C:\bootmgr
2009-02-18 22:43 . 2009-02-18 22:43 8,192 -ra-s---- C:\BOOTSECT.BAK
2009-02-18 22:42 . 2009-02-18 22:42 <DIR> d-------- c:\windows\System32\OEM
2009-02-18 22:42 . 2007-02-21 15:56 36 -rah----- c:\windows\DELL_VERSION
2009-02-18 22:31 . 2004-03-29 17:23 90,112 --a------ c:\windows\unvise32.exe
2009-02-18 22:29 . 2009-02-18 22:55 <DIR> d-------- c:\program files\DAZ
2009-02-18 22:29 . 2009-02-18 22:29 <DIR> d-------- c:\program files\Common Files\DAZ
2009-02-18 22:28 . 2009-02-18 22:28 <DIR> d-------- c:\program files\DynamicPhotoHDR
2009-02-18 22:28 . 2009-02-18 22:28 10,272,041 --a------ c:\windows\System32\xa4509084.exe
2009-02-18 22:28 . 2009-02-18 22:28 10,272,041 --a------ c:\windows\System32\xa4508132.exe
2009-02-18 22:28 . 2009-02-18 22:28 172,032 --a------ c:\windows\System32\xwr95116.dll
2009-02-18 22:28 . 2009-02-18 22:28 172,032 --a------ c:\windows\System32\wr95116.dll
2009-02-18 22:23 . 2009-02-18 22:23 <DIR> d-------- c:\users\All Users\SRS Labs
2009-02-18 22:23 . 2009-02-18 22:23 <DIR> d-------- c:\programdata\SRS Labs
2009-02-18 22:21 . 2009-02-18 22:21 <DIR> d-------- c:\program files\SRS Labs
2009-02-18 22:21 . 2007-07-26 09:25 47,360 --a------ c:\windows\System32\drivers\Surroundhp_kern_i386.sys
2009-02-18 22:21 . 2007-07-26 09:25 47,104 --a------ c:\windows\System32\drivers\tshd4_kern_i386.sys
2009-02-18 22:21 . 2007-07-26 09:25 42,112 --a------ c:\windows\System32\drivers\csiidecoder_kern_i386.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 00:17 --------- d-----w c:\program files\Windows Mail
2009-02-19 01:24 --------- d-----w c:\program files\MSBuild
2009-02-19 01:17 174 --sha-w c:\program files\desktop.ini
2009-02-19 01:05 --------- d-----w c:\program files\Windows Sidebar
2009-02-19 01:05 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-19 01:05 --------- d-----w c:\program files\Windows Journal
2009-02-19 01:05 --------- d-----w c:\program files\Windows Defender
2009-02-19 01:05 --------- d-----w c:\program files\Windows Collaboration
2009-02-19 01:05 --------- d-----w c:\program files\Windows Calendar
2009-01-30 13:12 7,544,832 ----a-w c:\windows\system32\drivers\nvlddmkm.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C329AA7-69D8-366A-A697-B6E487E7D3A2}]
2009-02-19 00:43 176128 --a------ c:\windows\system32\hq46911.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 3.5"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2006-07-08 1101824]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2009-02-18 3215360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2009-02-18 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-01-30 96800]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]
c:\users\Jourdain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-02-18 575488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2ECC6FDF-745B-489E-B4B0-E903F112C14C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{89C0A935-3C72-4B74-AC3F-B5CB4F8C73DC}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{4C26B045-AC1B-4BC3-BCC3-B271879CBCCB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6BABFB83-15D0-4A58-A3FF-733D875D5145}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{798F7C34-CB9C-43E1-AB4D-D1AC62E88362}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{53B1F83C-4B04-468F-A2E2-6CAABE05C0C2}"= UDP:c:\windows\System32\PnkBstrA.exe
nkBstrA
"{E4F53D79-552B-4B84-B5E7-E7615E38C2B5}"= TCP:c:\windows\System32\PnkBstrA.exenkBstrA
"{A7616B5C-24CC-4B1C-8546-BB19F5B74B86}"= UDP:c:\windows\System32\PnkBstrB.exenkBstrB
"{5B33A831-1163-4CF4-A467-32A3610BDD65}"= TCP:c:\windows\System32\PnkBstrB.exenkBstrB
"{ACC7FBF0-F24A-437F-BB36-BFAF8377D80C}"= UDP:c:\games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{2F5FC71F-2CA4-4778-B6AD-48F17021D877}"= TCP:c:\games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{8344FB43-7161-4028-A28B-178800F1078C}"= UDP:c:\games\Combat Arms\NMService.exe:Nexon Messenger Core
"{3B0BF071-AD35-4DC5-8D7B-433D59708D66}"= TCP:c:\games\Combat Arms\NMService.exe:Nexon Messenger Core
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2009-02-18 7424]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jourdain\AppData\Roaming\Mozilla\Firefox\Profiles\3cr60usq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 21:29:32
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\conime.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\wermgr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\BCMWLTRY.EXE
c:\windows\System32\WerFault.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-02-22 21:35:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-23 01:35:17
Pre-Run: 114,692,222,976 bytes free
Post-Run: 113,840,721,920 bytes free
248 --- E O F --- 2009-02-20 00:22:55
HiJack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:39 PM, on 22/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\wsqmcons.exe
C:\Users\Jourdain\Desktop\JG\Programs\Virus Protection\hijackthis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: D - {8E0F2C96-506F-3863-B62D-AC91C290210A} - C:\Windows\system32\hq15337.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5182 bytes
ComboFix Log
ComboFix 09-02-21.01 - Jourdain 2009-02-22 21:25:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2596 [GMT -4:00]
Running from: c:\users\Jourdain\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
c:\windows\system32\BCMLogon.dll
c:\windows\system32\bcmwlrmt.dll
.
((((((((((((((((((((((((( Files Created from 2009-01-23 to 2009-02-23 )))))))))))))))))))))))))))))))
.
2009-02-22 17:16 . 2009-02-22 17:18 293,187,071 --a------ c:\windows\MEMORY.DMP
2009-02-20 00:49 . 2009-02-20 00:49 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-19 20:43 . 2009-02-19 21:18 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-19 20:43 . 2009-02-19 21:18 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-19 20:17 . 2009-02-19 20:17 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-19 20:17 . 2009-02-19 20:17 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-19 19:47 . 2009-02-19 19:47 <DIR> d-------- c:\program files\SigmaTel
2009-02-19 19:47 . 2007-05-10 17:20 4,952,064 --a------ c:\windows\System32\stacgui.cpl
2009-02-19 19:47 . 2007-04-10 18:02 1,601,536 --a------ c:\windows\System32\stlang.dll
2009-02-19 19:47 . 2007-05-06 17:11 587,776 --a------ c:\windows\System32\stapo.dll
2009-02-19 19:47 . 2007-05-06 17:11 326,144 --a------ c:\windows\System32\stcplx.dll
2009-02-19 19:47 . 2007-05-06 17:10 244,736 --a------ c:\windows\System32\stapi32.dll
2009-02-19 19:47 . 2007-05-06 17:11 94,208 --a------ c:\windows\System32\stacsv.exe
2009-02-19 17:21 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-19 17:21 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-19 17:21 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-19 17:21 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-19 17:21 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-19 17:21 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-19 17:21 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-19 15:51 . 2009-02-19 15:51 22,328 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2009-02-19 15:51 . 2009-02-19 15:51 22,328 --a------ c:\users\Jourdain\AppData\Roaming\PnkBstrK.sys
2009-02-19 15:50 . 2009-02-19 15:50 103,736 --a------ c:\windows\System32\PnkBstrB.exe
2009-02-19 15:50 . 2009-02-19 15:50 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2009-02-19 15:50 . 2009-02-19 15:50 311 --a------ c:\windows\game.ini
2009-02-19 15:31 . 2009-02-19 22:33 <DIR> d-------- c:\users\All Users\NexonUS
2009-02-19 15:31 . 2009-02-19 22:33 <DIR> d-------- c:\programdata\NexonUS
2009-02-19 15:21 . 2009-02-19 15:21 <DIR> d--hs---- c:\windows\ftpcache
2009-02-19 14:53 . 2009-02-19 19:51 <DIR> d-------- c:\program files\Common Files\Steam
2009-02-19 14:53 . 2009-02-19 19:27 <DIR> d-------- C:\Games
2009-02-19 14:35 . 2009-02-21 15:52 <DIR> d-------- c:\users\Jourdain\Tracing
2009-02-19 14:33 . 2009-02-19 14:33 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-19 14:33 . 2009-02-19 14:33 <DIR> d-------- c:\program files\Windows Live
2009-02-19 14:33 . 2009-02-19 20:19 <DIR> d-------- c:\program files\Microsoft
2009-02-19 14:28 . 2009-02-19 14:28 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-19 11:59 . 2009-02-19 11:59 0 --a------ c:\windows\nsreg.dat
2009-02-19 11:43 . 2009-02-19 11:43 <DIR> d-------- c:\windows\Sun
2009-02-19 02:24 . 2009-02-19 17:21 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2009-02-19 01:38 . 2009-02-19 01:40 <DIR> d-------- c:\users\Jourdain\AppData\Roaming\vlc
2009-02-19 01:10 . 2009-02-19 01:10 <DIR> d-------- c:\program files\TGTSoft
2009-02-19 01:02 . 2009-02-19 01:02 <DIR> d-------- c:\program files\PC Wizard
2009-02-19 00:57 . 2009-02-19 00:57 <DIR> d-------- c:\program files\MoRUN.net
2009-02-19 00:43 . 2009-02-19 00:43 182,784 --a------ c:\program files\KB56310.exe
2009-02-19 00:43 . 2009-02-19 00:43 176,128 --a------ c:\windows\System32\hq46911.dll
2009-02-19 00:12 . 2008-10-21 21:22 2,048 --a------ c:\windows\System32\tzres.dll
2009-02-19 00:11 . 2009-02-19 00:11 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-18 23:53 . 2008-07-27 14:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-18 23:53 . 2008-07-27 14:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-18 23:53 . 2008-07-27 14:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-18 23:52 . 2008-07-27 14:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-18 23:52 . 2008-07-27 14:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-18 23:51 . 2008-10-21 01:25 1,645,568 --a------ c:\windows\System32\connect.dll
2009-02-18 23:51 . 2008-08-27 23:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2009-02-18 23:51 . 2008-08-27 23:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-02-18 23:51 . 2008-08-27 23:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-02-18 23:51 . 2008-10-21 23:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-02-18 23:51 . 2008-09-18 00:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2009-02-18 23:51 . 2008-09-18 00:56 125,952 --a------ c:\windows\System32\wersvc.dll
2009-02-18 23:48 . 2008-10-31 21:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-02-18 23:48 . 2008-09-17 22:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2009-02-18 23:48 . 2008-03-08 00:21 1,695,744 --a------ c:\windows\System32\gameux.dll
2009-02-18 23:48 . 2008-09-05 01:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2009-02-18 23:48 . 2008-04-26 04:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-18 23:48 . 2008-04-11 23:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-02-18 23:48 . 2008-04-18 01:48 269,312 --a------ c:\windows\System32\es.dll
2009-02-18 23:48 . 2008-04-04 21:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-02-18 23:48 . 2008-10-31 23:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-02-18 23:48 . 2008-04-04 23:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-02-18 23:47 . 2008-10-29 02:29 2,927,104 --a------ c:\windows\explorer.exe
2009-02-18 23:47 . 2008-08-01 21:01 625,152 --a------ c:\windows\System32\drivers\dxgkrnl.sys
2009-02-18 23:47 . 2008-06-25 23:29 565,248 --a------ c:\windows\System32\emdmgmt.dll
2009-02-18 23:47 . 2008-08-11 23:39 443,392 --a------ c:\windows\System32\win32spl.dll
2009-02-18 23:47 . 2008-06-18 23:31 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-02-18 23:47 . 2008-06-25 23:29 303,616 --a------ c:\windows\System32\wmpeffects.dll
2009-02-18 23:47 . 2008-05-19 22:07 148,480 --a------ c:\windows\System32\drivers\nwifi.sys
2009-02-18 23:47 . 2008-05-09 21:33 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2009-02-18 23:47 . 2008-06-25 23:29 45,056 --a------ c:\windows\System32\dataclen.dll
2009-02-18 23:47 . 2008-08-01 23:26 36,864 --a------ c:\windows\System32\cdd.dll
2009-02-18 23:46 . 2008-06-22 21:59 2,868,736 --a------ c:\windows\System32\mf.dll
2009-02-18 23:46 . 2008-04-26 04:08 1,314,816 --a------ c:\windows\System32\quartz.dll
2009-02-18 23:46 . 2008-06-22 21:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2009-02-18 23:46 . 2008-06-22 21:58 94,720 --a------ c:\windows\System32\logagent.exe
2009-02-18 23:43 . 2008-09-18 01:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2009-02-18 23:43 . 2008-09-18 01:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2009-02-18 23:43 . 2008-09-09 23:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2009-02-18 23:43 . 2008-04-10 01:12 738,304 --a------ c:\windows\System32\inetcomm.dll
2009-02-18 23:43 . 2008-05-08 17:59 430,080 --a------ c:\windows\System32\vbscript.dll
2009-02-18 23:43 . 2008-05-08 17:59 180,224 --a------ c:\windows\System32\scrobj.dll
2009-02-18 23:43 . 2008-05-08 17:59 172,032 --a------ c:\windows\System32\scrrun.dll
2009-02-18 23:43 . 2008-05-08 17:59 155,648 --a------ c:\windows\System32\wscript.exe
2009-02-18 23:43 . 2008-05-08 17:58 135,168 --a------ c:\windows\System32\wshom.ocx
2009-02-18 23:43 . 2008-05-08 17:58 135,168 --a------ c:\windows\System32\cscript.exe
2009-02-18 23:43 . 2008-05-08 17:59 90,112 --a------ c:\windows\System32\wshext.dll
2009-02-18 23:36 . 2009-02-18 23:36 <DIR> d-------- c:\users\All Users\FLEXnet
2009-02-18 23:36 . 2009-02-18 23:36 <DIR> d-------- c:\programdata\FLEXnet
2009-02-18 23:32 . 2009-02-18 23:32 <DIR> d-------- c:\users\All Users\Adobe
2009-02-18 23:31 . 2009-02-18 23:31 <DIR> d-------- c:\program files\Bonjour
2009-02-18 23:27 . 2009-02-18 23:27 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-02-18 23:26 . 2009-02-18 23:31 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-18 23:16 . 2009-02-18 23:16 <DIR> d-------- c:\program files\PowerISO
2009-02-18 23:11 . 2009-02-18 23:12 <DIR> d-------- c:\program files\MagicDisc
2009-02-18 23:11 . 2008-07-28 17:19 116,736 --a------ c:\windows\System32\drivers\mcdbus.sys
2009-02-18 23:10 . 2009-02-18 23:10 182,784 --a------ c:\program files\KB38098.exe
2009-02-18 23:10 . 2009-02-18 23:10 182,784 --a------ c:\program files\KB38081.exe
2009-02-18 23:10 . 2009-02-18 23:10 176,128 --a------ c:\windows\System32\hq71240.dll
2009-02-18 22:43 . 2009-02-18 19:50 <DIR> d-------- c:\windows\Panther
2009-02-18 22:43 . 2009-02-18 21:17 <DIR> d--hs---- C:\Boot
2009-02-18 22:43 . 2008-01-18 23:45 333,203 -rahs---- C:\bootmgr
2009-02-18 22:43 . 2009-02-18 22:43 8,192 -ra-s---- C:\BOOTSECT.BAK
2009-02-18 22:42 . 2009-02-18 22:42 <DIR> d-------- c:\windows\System32\OEM
2009-02-18 22:42 . 2007-02-21 15:56 36 -rah----- c:\windows\DELL_VERSION
2009-02-18 22:31 . 2004-03-29 17:23 90,112 --a------ c:\windows\unvise32.exe
2009-02-18 22:29 . 2009-02-18 22:55 <DIR> d-------- c:\program files\DAZ
2009-02-18 22:29 . 2009-02-18 22:29 <DIR> d-------- c:\program files\Common Files\DAZ
2009-02-18 22:28 . 2009-02-18 22:28 <DIR> d-------- c:\program files\DynamicPhotoHDR
2009-02-18 22:28 . 2009-02-18 22:28 10,272,041 --a------ c:\windows\System32\xa4509084.exe
2009-02-18 22:28 . 2009-02-18 22:28 10,272,041 --a------ c:\windows\System32\xa4508132.exe
2009-02-18 22:28 . 2009-02-18 22:28 172,032 --a------ c:\windows\System32\xwr95116.dll
2009-02-18 22:28 . 2009-02-18 22:28 172,032 --a------ c:\windows\System32\wr95116.dll
2009-02-18 22:23 . 2009-02-18 22:23 <DIR> d-------- c:\users\All Users\SRS Labs
2009-02-18 22:23 . 2009-02-18 22:23 <DIR> d-------- c:\programdata\SRS Labs
2009-02-18 22:21 . 2009-02-18 22:21 <DIR> d-------- c:\program files\SRS Labs
2009-02-18 22:21 . 2007-07-26 09:25 47,360 --a------ c:\windows\System32\drivers\Surroundhp_kern_i386.sys
2009-02-18 22:21 . 2007-07-26 09:25 47,104 --a------ c:\windows\System32\drivers\tshd4_kern_i386.sys
2009-02-18 22:21 . 2007-07-26 09:25 42,112 --a------ c:\windows\System32\drivers\csiidecoder_kern_i386.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 00:17 --------- d-----w c:\program files\Windows Mail
2009-02-19 01:24 --------- d-----w c:\program files\MSBuild
2009-02-19 01:17 174 --sha-w c:\program files\desktop.ini
2009-02-19 01:05 --------- d-----w c:\program files\Windows Sidebar
2009-02-19 01:05 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-19 01:05 --------- d-----w c:\program files\Windows Journal
2009-02-19 01:05 --------- d-----w c:\program files\Windows Defender
2009-02-19 01:05 --------- d-----w c:\program files\Windows Collaboration
2009-02-19 01:05 --------- d-----w c:\program files\Windows Calendar
2009-01-30 13:12 7,544,832 ----a-w c:\windows\system32\drivers\nvlddmkm.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C329AA7-69D8-366A-A697-B6E487E7D3A2}]
2009-02-19 00:43 176128 --a------ c:\windows\system32\hq46911.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 3.5"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2006-07-08 1101824]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2009-02-18 3215360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2009-02-18 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-01-30 96800]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]
c:\users\Jourdain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-02-18 575488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2ECC6FDF-745B-489E-B4B0-E903F112C14C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{89C0A935-3C72-4B74-AC3F-B5CB4F8C73DC}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{4C26B045-AC1B-4BC3-BCC3-B271879CBCCB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6BABFB83-15D0-4A58-A3FF-733D875D5145}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{798F7C34-CB9C-43E1-AB4D-D1AC62E88362}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{53B1F83C-4B04-468F-A2E2-6CAABE05C0C2}"= UDP:c:\windows\System32\PnkBstrA.exe
nkBstrA"{E4F53D79-552B-4B84-B5E7-E7615E38C2B5}"= TCP:c:\windows\System32\PnkBstrA.exe
nkBstrA"{A7616B5C-24CC-4B1C-8546-BB19F5B74B86}"= UDP:c:\windows\System32\PnkBstrB.exe
nkBstrB"{5B33A831-1163-4CF4-A467-32A3610BDD65}"= TCP:c:\windows\System32\PnkBstrB.exe
nkBstrB"{ACC7FBF0-F24A-437F-BB36-BFAF8377D80C}"= UDP:c:\games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{2F5FC71F-2CA4-4778-B6AD-48F17021D877}"= TCP:c:\games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{8344FB43-7161-4028-A28B-178800F1078C}"= UDP:c:\games\Combat Arms\NMService.exe:Nexon Messenger Core
"{3B0BF071-AD35-4DC5-8D7B-433D59708D66}"= TCP:c:\games\Combat Arms\NMService.exe:Nexon Messenger Core
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2009-02-18 7424]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jourdain\AppData\Roaming\Mozilla\Firefox\Profiles\3cr60usq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 21:29:32
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\conime.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\wermgr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\BCMWLTRY.EXE
c:\windows\System32\WerFault.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-02-22 21:35:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-23 01:35:17
Pre-Run: 114,692,222,976 bytes free
Post-Run: 113,840,721,920 bytes free
248 --- E O F --- 2009-02-20 00:22:55
HiJack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:39 PM, on 22/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\wsqmcons.exe
C:\Users\Jourdain\Desktop\JG\Programs\Virus Protection\hijackthis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: D - {8E0F2C96-506F-3863-B62D-AC91C290210A} - C:\Windows\system32\hq15337.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5182 bytes
