Found th quarantined files txt:
2008-06-05 15:02 162 --a------ C:\Qoobox\Quarantine\catchme.log
This refersthis log file (this is the one that was on the desktop for a while and dissapeared):
-------- 2008-06-04 - 16:17:31.01 -------------
-------- 2008-06-05 - 13:51:55.36 -------------
-------- 2008-06-05 - 15:02:47.92 -------------
Then there's the ComboFix logs. No. 3 is dated before No. 2 but here they both are:
No. 3 Dated: 04/06/2008 16:19
ComboFix 08-06-03.1 - Garry 2008-06-04 16:14:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1282 [GMT 1:00]
Running from: C:\Users\Garry\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 15:10 13,025 ----a-w C:\Users\Garry\AppData\Roaming\nvModes.dat
2008-06-04 15:10 --------- d-----w C:\Users\Garry\AppData\Roaming\Skype
2008-06-04 15:10 --------- d-----w C:\Users\Garry\AppData\Roaming\OpenOffice.org2
2008-06-04 12:29 --------- d-----w C:\Users\Garry\AppData\Roaming\AVG7
2008-06-04 00:00 --------- d-----w C:\Users\Garry\AppData\Roaming\skypePM
2008-06-03 22:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-03 22:27 --------- d-----w C:\ProgramData\Symantec
2008-06-03 11:35 --------- d-----w C:\Program Files\Trend Micro
2008-05-26 11:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-26 11:54 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-20 10:13 58,368 ----a-w C:\Windows\System32\fcccbaWp.dll
2008-05-20 09:48 58,368 ----a-w C:\Windows\System32\xxyabyaB.dll
2008-05-20 09:47 58,368 ----a-w C:\Windows\System32\hgGxYSIB.dll
2008-05-20 09:25 58,368 ----a-w C:\Windows\System32\ssqNHyax.dll
2008-05-19 10:29 5,642 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-05-18 20:36 --------- d-----w C:\Program Files\THQ
2008-05-18 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 14:52 --------- d-----w C:\Users\Garry\AppData\Roaming\Corel
2008-05-14 14:43 --------- d-----w C:\Program Files\Common Files\Corel
2008-05-14 14:41 --------- d-----w C:\Program Files\Corel
2008-05-14 10:43 --------- d-----w C:\Program Files\Windows Mail
2008-05-13 13:52 --------- d-----w C:\Program Files\Yamp 2.3
2008-04-29 22:46 691,545 ----a-w C:\Windows\unins000.exe
2008-04-15 12:07 --------- d-----w C:\ProgramData\EPSON
2008-04-15 11:43 --------- d-----w C:\Program Files\epson
2008-04-04 13:26 32 ----a-w C:\Users\All Users\ezsid.dat
2008-04-04 13:26 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-13 18:53 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 04:30 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-08 00:37 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2007-10-13 17:54 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81AA6A16-B8CA-43C4-A347-A487764FF528}]
2008-05-20 10:25 58368 --a------ C:\Windows\system32\ssqNHyax.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:01 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-14 20:31 1637312]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 18:37 21898024]
"EPSON Stylus DX4400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-01-25 07:00 179200]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"cmds"="C:\Users\Garry\AppData\Local\Temp\rQhEwUNg.dll" [2008-06-03 11:19 373248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 19:57 3784704 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-20 21:50 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-20 21:50 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-20 21:50 81920]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-03 02:58 464168]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-21 01:02 659456]
"eRecoveryService"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-14 19:38 151552]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 03:31 36352]
"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [1999-04-12 01:00 203264]
"Creative Launcher"="C:\Program Files\Creative\Launcher\CTLauncher.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"pdfSaver3"="" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-19 08:53 579584]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]
"MSServer"="C:\Windows\system32\ssqNHyax.dll" [2008-05-20 10:25 58368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-24 18:04 219136]
C:\Users\Garry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81AA6A16-B8CA-43C4-A347-A487764FF528}"= C:\Windows\system32\ssqNHyax.dll [2008-05-20 10:25 58368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-24 18:00 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM
"wave1"= ctmm32.dll
"midi1"= ctmm32.dll
"mixer1"= ctmm32.dll
"midi2"= ctsyn32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C1990356-814B-4F86-B2DC-14464FAD9AE5}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{2B755953-EFE3-41CF-9C65-416CBCFDC842}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{DF10B9AE-A742-4E36-AD58-DC079F98D0C9}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-01-03 02:59]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-01-03 02:59]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-01-03 02:59]
R1 CTSYN;Creative S/W Synth;C:\Windows\system32\drivers\CTSYN.SYS [1999-06-16 02:00]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-01-03 02:58]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-29 04:07]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-03 00:46]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 20:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 17:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 18:39]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 10:06]
R3 Cam5607;Acer OrbiCam;C:\Windows\system32\Drivers\BisonC07.sys [2005-11-29 23:20]
R3 moufiltr;Mouse Filter;C:\Windows\system32\DRIVERS\moufiltr.sys [2007-01-09 09:22]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 17:44]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 20:18]
S3 KMWDFilter;KMWDFilter;C:\Windows\System32\Drivers\KMWDFilter.SYS [2007-02-13 07:42]
S3 n558;N558 Bluetooth USB Filter Driver;C:\Windows\system32\Drivers\n558.sys [2007-08-15 07:27]
S3 USB_NDIS_51;USB Ndis Cable Modem Network Device Driver;C:\Windows\system32\DRIVERS\bcmndis.sys [2007-07-09 06:48]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74eb9dd2-e5f6-11dc-9a85-0016d354dfda}]
\shell\AutoRun\command - F:\setupSNK.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 21:47:50 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Garry.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-04 16:17:44
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-04 16:18:57
ComboFix-quarantined-files.txt 2008-06-04 15:18:37
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
167 --- E O F --- 2008-05-30 02:02:47
Then No 2. Dated 05/06/2008 13:53
ComboFix 08-06-03.1 - Garry 2008-06-05 13:49:31.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1304 [GMT 1:00]
Running from: C:\Users\Garry\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 12:44 --------- d-----w C:\Users\Garry\AppData\Roaming\Skype
2008-06-05 12:40 --------- d-----w C:\Users\Garry\AppData\Roaming\skypePM
2008-06-05 12:40 --------- d-----w C:\Users\Garry\AppData\Roaming\OpenOffice.org2
2008-06-05 12:05 --------- d-----w C:\Users\Garry\AppData\Roaming\AVG7
2008-06-05 12:00 13,025 ----a-w C:\Users\Garry\AppData\Roaming\nvModes.dat
2008-06-03 22:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-03 22:27 --------- d-----w C:\ProgramData\Symantec
2008-06-03 11:35 --------- d-----w C:\Program Files\Trend Micro
2008-05-26 11:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-26 11:54 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-19 10:29 5,642 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-05-18 20:36 --------- d-----w C:\Program Files\THQ
2008-05-18 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 14:52 --------- d-----w C:\Users\Garry\AppData\Roaming\Corel
2008-05-14 14:43 --------- d-----w C:\Program Files\Common Files\Corel
2008-05-14 14:41 --------- d-----w C:\Program Files\Corel
2008-05-14 10:43 --------- d-----w C:\Program Files\Windows Mail
2008-05-13 13:52 --------- d-----w C:\Program Files\Yamp 2.3
2008-04-29 22:46 691,545 ----a-w C:\Windows\unins000.exe
2008-04-15 12:07 --------- d-----w C:\ProgramData\EPSON
2008-04-15 11:43 --------- d-----w C:\Program Files\epson
2008-04-04 13:26 32 ----a-w C:\Users\All Users\ezsid.dat
2008-04-04 13:26 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-13 18:53 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 04:30 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-08 00:37 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2007-10-13 17:54 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-06-04_16.18.20.74 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 15:07:27 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-05 12:38:05 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-04 15:07:27 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-05 12:38:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-04 15:07:27 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-05 12:38:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-04 15:09:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-05 12:39:56 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-05 12:39:56 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-04 15:17:29 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-05 12:51:51 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-05 12:51:51 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-04 10:41:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-05 12:42:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-04 10:41:11 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-05 12:42:55 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-04 10:41:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-05 12:42:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-04 15:14:01 108,526 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-05 12:44:38 108,526 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-04 15:14:01 623,342 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-05 12:44:38 623,342 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-04 15:09:59 14,108 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3213793974-2534403334-2120894616-1000_UserData.bin
+ 2008-06-05 12:41:17 14,188 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3213793974-2534403334-2120894616-1000_UserData.bin
- 2008-06-04 15:09:59 66,976 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-05 12:41:14 67,142 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-04 15:09:59 60,752 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-05 12:00:46 60,932 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81AA6A16-B8CA-43C4-A347-A487764FF528}]
C:\Windows\system32\ssqNHyax.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:01 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-14 20:31 1637312]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 18:37 21898024]
"EPSON Stylus DX4400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-01-25 07:00 179200]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"cmds"="C:\Users\Garry\AppData\Local\Temp\rQhEwUNg.dll" [2008-06-03 11:19 373248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 19:57 3784704 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-20 21:50 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-20 21:50 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-20 21:50 81920]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-03 02:58 464168]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-21 01:02 659456]
"eRecoveryService"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-14 19:38 151552]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 03:31 36352]
"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [1999-04-12 01:00 203264]
"Creative Launcher"="C:\Program Files\Creative\Launcher\CTLauncher.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"pdfSaver3"="" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-19 08:53 579584]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-24 18:04 219136]
C:\Users\Garry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81AA6A16-B8CA-43C4-A347-A487764FF528}"= C:\Windows\system32\ssqNHyax.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-24 18:00 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM
"wave1"= ctmm32.dll
"midi1"= ctmm32.dll
"mixer1"= ctmm32.dll
"midi2"= ctsyn32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C1990356-814B-4F86-B2DC-14464FAD9AE5}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{2B755953-EFE3-41CF-9C65-416CBCFDC842}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{DF10B9AE-A742-4E36-AD58-DC079F98D0C9}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-01-03 02:59]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-01-03 02:59]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-01-03 02:59]
R1 CTSYN;Creative S/W Synth;C:\Windows\system32\drivers\CTSYN.SYS [1999-06-16 02:00]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-01-03 02:58]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-29 04:07]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-03 00:46]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 20:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 17:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 18:39]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 10:06]
R3 Cam5607;Acer OrbiCam;C:\Windows\system32\Drivers\BisonC07.sys [2005-11-29 23:20]
R3 moufiltr;Mouse Filter;C:\Windows\system32\DRIVERS\moufiltr.sys [2007-01-09 09:22]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 17:44]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 20:18]
S3 KMWDFilter;KMWDFilter;C:\Windows\System32\Drivers\KMWDFilter.SYS [2007-02-13 07:42]
S3 n558;N558 Bluetooth USB Filter Driver;C:\Windows\system32\Drivers\n558.sys [2007-08-15 07:27]
S3 USB_NDIS_51;USB Ndis Cable Modem Network Device Driver;C:\Windows\system32\DRIVERS\bcmndis.sys [2007-07-09 06:48]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74eb9dd2-e5f6-11dc-9a85-0016d354dfda}]
\shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 21:47:50 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Garry.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-05 13:52:08
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Users\Garry\AppData\Local\Temp\rQhEwUNg.dll
.
Completion time: 2008-06-05 13:53:41
ComboFix-quarantined-files.txt 2008-06-05 12:53:14
ComboFix2.txt 2008-06-04 15:18:58
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
196 --- E O F --- 2008-05-30 02:02:47
I'll do the drag and drop onto ComboFix again and post that log in my next post with another Hijack this log too.
Garry.