Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.758 [GMT -6:00]
Running from: C:\Documents and Settings\Bill Ridgway\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.
2008-02-19 17:13 . 2008-02-19 17:13 <DIR> d-------- C:\Documents and Settings\Bill Ridgway\Application Data\Grisoft
2008-02-19 17:13 . 2008-02-19 17:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-02-19 17:13 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-19 16:19 . 2008-02-19 16:19 <DIR> d-------- C:\Program Files\Security Task Manager
2008-02-19 16:19 . 2008-02-19 16:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
2008-02-19 01:18 . 2008-02-19 01:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-18 23:33 . 2008-02-18 23:33 <DIR> d-------- C:\Documents and Settings\Bill Ridgway\Application Data\GlarySoft
2008-02-18 22:38 . 2008-02-19 17:11 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-18 22:38 . 2008-02-19 17:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-18 22:17 . 2008-02-19 17:07 <DIR> d-------- C:\Program Files\ThreatFire
2008-02-18 22:17 . 2008-02-18 22:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2008-02-18 19:54 . 2008-02-18 19:54 227,328 --a------ C:\WINDOWS\msvidc32.dll
2008-02-18 19:54 . 2008-02-18 19:54 50 --a------ C:\tmp.bat
2008-02-18 15:06 . 2008-02-18 22:04 <DIR> d-------- C:\Documents and Settings\Bill Ridgway\Application Data\Yahoo!
2008-02-18 15:06 . 2008-02-18 15:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-02-18 14:58 . 2008-02-18 14:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-02-11 22:25 . 2004-08-03 22:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-02-11 19:31 . 2001-08-17 22:36 45,568 --a------ C:\WINDOWS\system32\esunib.dll
2008-02-11 19:31 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\esunib.dll
2008-02-11 19:31 . 2001-08-17 22:36 43,008 --a------ C:\WINDOWS\system32\esucm.dll
2008-02-11 19:31 . 2001-08-17 22:36 43,008 --a--c--- C:\WINDOWS\system32\dllcache\esucm.dll
2008-02-11 19:31 . 2001-08-17 22:36 34,816 --a------ C:\WINDOWS\system32\esuimg.dll
2008-02-11 19:31 . 2001-08-17 22:36 34,816 --a--c--- C:\WINDOWS\system32\dllcache\esuimg.dll
2008-02-11 19:31 . 2004-08-03 21:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-11 19:31 . 2004-08-03 21:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-06 20:38 . 2008-02-06 20:38 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-06 20:38 . 2008-02-06 20:43 <DIR> d-------- C:\Documents and Settings\Bill Ridgway\Application Data\Intuit
2008-02-06 20:35 . 2008-02-06 20:35 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-02-06 20:35 . 2008-02-06 20:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit
2008-02-06 20:35 . 2007-10-22 18:58 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll
2008-02-06 20:26 . 2008-02-06 20:26 <DIR> d-------- C:\Program Files\TurboTax
2008-02-06 19:33 . 2008-02-06 19:33 <DIR> d-------- C:\Program Files\2nd Story Software
2008-02-06 19:33 . 2008-02-09 18:33 74 --a------ C:\WINDOWS\TaxACT07.ini
2008-02-05 11:59 . 2008-02-05 11:59 <DIR> d-------- C:\Documents and Settings\Bill Ridgway\Application Data\eFax Messenger
2008-02-05 11:59 . 2008-02-05 11:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\eFax Messenger 4.3 Setup
2008-02-05 11:59 . 2008-02-05 11:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\eFax Messenger 4.3 Output
2008-02-05 11:59 . 2008-02-05 11:59 0 --a------ C:\WINDOWS\system32\eFax_4_3_Port
2008-02-05 11:58 . 2008-02-05 11:59 <DIR> d-------- C:\Program Files\eFax Messenger 4.3
2008-01-30 22:38 . 2008-02-19 17:05 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-01-30 22:37 . 2008-02-03 01:27 <DIR> d-------- C:\Program Files\CMUD
2008-01-29 18:33 . 2007-12-06 20:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-29 18:33 . 2007-06-30 21:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-29 18:33 . 2007-06-30 21:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-29 18:33 . 2007-12-06 20:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-29 18:33 . 2007-12-06 20:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-29 18:33 . 2007-12-06 20:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-29 18:33 . 2007-12-06 20:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-29 18:33 . 2007-12-06 20:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-29 18:33 . 2007-12-06 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-29 18:28 . 2007-08-13 20:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-28 23:26 . 2008-01-28 23:26 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-27 05:05 . 2006-08-21 03:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-27 05:05 . 2006-08-21 03:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-27 05:05 . 2006-08-21 06:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-26 14:13 . 2007-07-09 07:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-25 23:45 . 2008-02-13 16:48 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 00:16 . 2008-01-25 00:16 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-25 00:16 . 2003-03-18 14:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-25 00:16 . 2003-03-18 13:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-01-25 00:16 . 2003-02-20 21:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-01-25 00:02 . 2008-01-25 00:02 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-01-24 22:25 . 2008-01-25 00:04 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-01-24 22:23 . 2008-01-24 22:23 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-24 22:23 . 2008-01-24 22:23 <DIR> d-------- C:\WINDOWS\peernet
2008-01-24 22:19 . 2008-01-24 22:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-24 22:12 . 2006-09-06 19:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-24 22:09 . 2008-01-24 22:09 <DIR> d-------- C:\WINDOWS\EHome
2008-01-24 21:41 . 2004-08-04 02:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-01-24 21:41 . 2004-08-02 16:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-01-24 21:41 . 2004-08-02 16:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-01-23 22:17 . 2004-08-04 01:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-01-23 22:17 . 2004-08-04 01:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-01-23 22:17 . 2004-08-04 01:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-01-23 22:17 . 2004-08-04 01:56 77,312 --a------ C:\WINDOWS\system32\browser.dll
2008-01-23 22:17 . 2007-03-08 09:36 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2008-01-23 22:17 . 2004-03-29 19:25 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2008-01-23 22:11 . 2004-08-04 01:56 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2008-01-23 22:09 . 2008-01-23 22:17 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2008-01-23 22:09 . 2004-01-09 23:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 04:52 --------- d-sh--w C:\Documents and Settings\All Users.WINDOWS\Application Data\MPK
2008-02-18 20:58 --------- d-----w C:\Program Files\Yahoo!
2008-02-10 07:09 --------- d-sh--w C:\Program Files\KGB
2008-02-07 02:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-29 06:47 --------- d-----w C:\Documents and Settings\Bill Ridgway\Application Data\.mudmagic
2008-01-21 11:30 --------- d-----w C:\Program Files\PokerAcademy2
2008-01-20 21:21 --------- d-----w C:\Program Files\BuiltByRustry
2008-01-20 20:32 --------- d-----w C:\Program Files\Snapshot Viewer
2008-01-20 20:31 --------- d-----w C:\Documents and Settings\Bill Ridgway\Application Data\Microsoft Web Folders
2008-01-20 02:42 --------- d-----w C:\Program Files\Common Files\KGB
2008-01-19 10:13 --------- d-----w C:\Documents and Settings\Bill Ridgway\Application Data\PokerAcademy2
2008-01-19 05:52 --------- d-----w C:\Program Files\MudMagic
2008-01-19 00:39 --------- d-----w C:\Program Files\D-Link AirPlus
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-08-16 17:52 471,216 ----a-w C:\Program Files\msgr8us.exe
2007-01-18 19:20 1,876,384 -c--a-w C:\Program Files\ezip35.exe
2007-01-17 23:24 271 --sh--w C:\Program Files\desktop.ini
2007-01-17 23:24 21,952 -c-ha-w C:\Program Files\folder.htt
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A4601BC-8376-422D-A2FC-DDF0A40570BD}]
2008-02-18 19:54 227328 --a------ C:\WINDOWS\msvidc32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 11:21 116224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
D-Link AirPlus Utility.lnk - C:\Program Files\D-Link AirPlus\AIRPLUS.EXE [2007-02-04 20:59:16 245760]
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2008-02-05 11:59:03 629248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 02:15:54 65588]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 15:51:52 45568]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft Office\\Office\\1033\\WFXMSRVR.EXE"=
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 18:17:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-22 18:19:04
.
2008-02-14 09:03:12 --- E O F ---
Hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:49 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MS Video Control 1.0 - {2A4601BC-8376-422D-A2FC-DDF0A40570BD} - C:\WINDOWS\msvidc32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: D-Link AirPlus Utility.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
--
End of file - 4616 bytes
System Error!
Your computer was infected by unknown trojan.
It's dangerous for your system (critical files can be lost)!
Click OK to download the antispyware program to clean your system! (Recommended)
OK Cancel