ComboFix 07-11-19.4C - Thuan Nguyen 2007-11-28 18:20:41.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.794 [GMT -5:00] Running from: C:\Documents and Settings\Thuan Nguyen\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Thuan Nguyen\Application Data\MCROSO~1 C:\Documents and Settings\Thuan Nguyen\Start Menu\Programs\Internet Speed Monitor C:\Documents and Settings\Thuan Nguyen\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk C:\Documents and Settings\Thuan Nguyen\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk C:\Documents and Settings\Thuan Nguyen\Start Menu\Programs\Outerinfo C:\Documents and Settings\Thuan Nguyen\Start Menu\Programs\Outerinfo\Terms.lnk C:\Documents and Settings\Thuan Nguyen\Start Menu\Programs\Outerinfo\Uninstall.lnk C:\Program Files\Common Files\pppatc~1 C:\Program Files\Common Files\pppatc~1\?ppPatch\ C:\Program Files\Common Files\pppatc~1\scanregw.exe C:\Program Files\Common Files\smante~1 C:\Program Files\Common Files\smante~1\d?dplay.exe C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\FF.dll C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\Program Files\outerinfo\OiUninstaller.exe C:\Program Files\outerinfo\outerinfo.ico C:\Program Files\outerinfo\Terms.rtf C:\Program Files\Temporary C:\WINDOWS\b111.exe C:\WINDOWS\b128.exe C:\WINDOWS\b147.exe C:\WINDOWS\dobe~1 C:\WINDOWS\system32\ifcm.dll C:\WINDOWS\system32\winnb58.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CMDSERVICE -------\LEGACY_NETWORK_MONITOR ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-19 20:31 d-------- C:\Program Files\themexp 2007-11-19 20:31 d-------- C:\Program Files\OneStepSearch 2007-11-19 20:25 d-------- C:\Program Files\TGTSoft 2007-11-19 20:12 d-------- C:\Program Files\Trend Micro 2007-11-19 20:03 1,552 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-19 20:02 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-19 20:02 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-19 20:02 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-19 20:02 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-19 20:02 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-16 18:02 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-15 19:20 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-04 20:41 d-------- C:\WINDOWS\system32\Plugins . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-20 00:51 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-19 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-19 01:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-19 01:58 --------- d-----w C:\Program Files\Vpskeys 2007-10-28 01:21 --------- d-----w C:\Program Files\BitPim 2007-10-25 00:35 --------- d-----w C:\Program Files\Xilisoft 2007-10-11 22:50 --------- d-----w C:\Documents and Settings\Thuan Nguyen\Application Data\Winamp 2007-10-11 22:49 --------- d-----w C:\Program Files\Winamp 2007-10-08 00:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo 2007-10-08 00:52 --------- d-----w C:\Documents and Settings\Thuan Nguyen\Application Data\iolo 2007-10-06 21:38 --------- d-----w C:\Program Files\Movie Splitter 2007-10-06 21:34 --------- d-----w C:\Program Files\OpenSource AVI Splitter 2007-10-06 21:29 --------- d-----w C:\Program Files\WMATool 2007-10-06 10:52 --------- d-----w C:\Documents and Settings\Thuan Nguyen\Application Data\dvdcss 2007-10-01 03:37 --------- d-----w C:\Program Files\FlashGet . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23B760D6-C98B-450B-9B32-26C7775CDF83}] C:\Program Files\Video Add-on\isfmdl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}] C:\Program Files\QdrDrive\QdrDrive8.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{70CC76D5-A4EE-4F25-9931-B109A63E298E}"= C:\Program Files\Video Add-on\ictmdl.dll [ ] [HKEY_CLASSES_ROOT\clsid\{70cc76d5-a4ee-4f25-9931-b109a63e298e}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{70CC76D5-A4EE-4F25-9931-B109A63E298E}"= C:\Program Files\Video Add-on\ictmdl.dll [ ] [HKEY_CLASSES_ROOT\clsid\{70cc76d5-a4ee-4f25-9931-b109a63e298e}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00] "BTCLiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [2004-03-08 12:50] "Sen"="C:\PROGRA~1\COMMON~1\PPPATC~1\scanregw.exe" [] "QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" [] "Ncgscjm"="C:\Program Files\Common Files\S?mantec\d?dplay.exe" [] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-06 17:41] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 20:22] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 20:19] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 20:23] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2006-09-18 15:25 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\system32\rundll32.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegedit"= 0 (0x0) "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2006-03-01 19:43 90112 --a------ C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTCLiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2004-12-13 16:30 58992 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] 2005-08-31 12:06 106496 --a------ C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 06:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] C:\Program Files\Dell Support\DSAgnt.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] 2005-09-08 06:20 122940 --a------ C:\WINDOWS\System32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-10-05 04:12 94208 --a------ C:\Program Files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-04-05 20:19 77824 --a------ C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-04-05 20:23 114688 --a------ C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-04-05 20:22 94208 --a------ C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 01] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe -l [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01] 2003-06-11 01:52 122880 --a------ C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe] C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 15:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0] 2005-12-07 17:05 1537696 --a------ C:\Program Files\Norton Ghost\Agent\GhostTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-14 20:42 1404928 --a------ C:\Program Files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser] 2003-07-11 14:51 57344 --a------ C:\Program Files\Yahoo!\browser\ybrwicon.exe R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys R2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-28 18:24:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-28 18:26:12 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-06 01:16 C:\ComboFix2.txt ... 2007-05-06 01:16 . --- E O F ---