Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05, on 2008-03-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\fxssvc.exe
C:\WINDOWS1\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\antiviirus.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\DOCUME~1\Teri\LOCALS~1\Temp\FhVqhzAh.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1167442701283
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://games.bellsou...bugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: VolumeRunOnce - {a56e2296-ed7d-4325-8d34-2f46bc29edf2} - C:\WINDOWS1\Installer\{a56e2296-ed7d-4325-8d34-2f46bc29edf2}\VolumeRunOnce.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\system32\HPZipm12.exe
--
End of file - 7314 bytes
here is the combo fix log
ComboFix 08-03-04.1 - Teri 2008-03-04 4:03:45.1 - FAT32x86
Running from: C:\Documents and Settings\Teri\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\77775482.exe
C:\Program Files\Common Files\download
.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.
2008-03-04 01:00 . 2008-03-04 01:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-04 01:00 . 2008-03-04 01:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2008-03-04 00:34 . 2008-03-04 00:34 16,588 --a------ C:\Program Files\tmp161081.exe
2008-03-04 00:17 . 2008-03-04 00:17 16,456 --a------ C:\Program Files\tmp156895.exe
2008-03-04 00:05 . 2008-03-04 04:23 54,156 --ah----- C:\WINDOWS1\QTFont.qfn
2008-03-04 00:05 . 2008-03-04 00:06 1,409 --a------ C:\WINDOWS1\QTFont.for
2008-03-03 22:00 . 2008-03-03 22:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SUPERAntiSpyware.com
2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d-------- C:\Documents and Settings\Teri\Application Data\SUPERAntiSpyware.com
2008-03-03 21:57 . 2008-03-03 21:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-03 21:55 . 2008-03-03 21:55 1,238,736 --a------ C:\MGtools.exe
2008-03-03 21:18 . 2008-03-03 21:18 16,496 --a------ C:\Program Files\tmp134022.exe
2008-03-03 19:42 . 2008-03-03 16:26 299,008 --a------ C:\WINDOWS1\apdqnxp.dll
2008-03-03 19:42 . 2008-03-03 19:42 35,604 --a------ C:\Program Files\instaler.exe
2008-03-03 19:42 . 2008-03-03 19:43 16,468 --a------ C:\Program Files\tmp2311413.exe
2008-03-03 19:42 . 2008-03-03 19:42 11,960 --a------ C:\Program Files\antiviirus.exe
2008-03-03 19:22 . 2008-03-03 19:22 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
2008-03-03 19:22 . 2008-03-03 19:22 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-03-03 19:22 . 2008-03-03 19:22 <DIR> d-------- C:\Program Files\ContextProgram
2008-03-03 19:22 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-02-23 16:12 . 2008-02-23 16:12 193,880 -rah----- C:\WINDOWS1\system32\cpnprt2.cid
2008-02-23 16:11 . 2008-02-23 16:11 <DIR> d-------- C:\WINDOWS1\Cache
2008-02-23 16:11 . 2008-02-23 16:11 <DIR> d-------- C:\Program Files\Coupons
2008-02-22 12:48 . 2008-02-22 12:48 <DIR> d-------- C:\Program Files\iPod
2008-02-22 12:46 . 2008-02-22 12:47 <DIR> d-------- C:\Program Files\iTunes
2008-02-22 12:41 . 2008-02-22 12:41 <DIR> d-------- C:\Program Files\QuickTime
2008-02-15 16:16 . 2008-02-15 16:16 1,071 --a------ C:\WINDOWS1\AWMODEM.INF
2008-02-15 16:11 . 2008-02-15 16:11 <DIR> d-------- C:\WINDOWS1\system32\FxsTmp
2008-02-06 19:11 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS1\system32\lfgif13n.dll
2008-02-06 19:10 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS1\system32\ltkrn13n.dll
2008-02-06 19:10 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS1\system32\ltimg13n.dll
2008-02-06 19:10 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS1\system32\lfcmp13n.dll
2008-02-06 19:10 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS1\system32\ltdis13n.dll
2008-02-06 19:10 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS1\system32\ltefx13n.dll
2008-02-06 19:10 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS1\system32\ltfil13n.dll
2008-02-06 19:10 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS1\system32\lfbmp13n.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 09:24 16,540 ----a-w C:\Program Files\tmp579272.exe
2008-01-26 22:05 --------- d-----w C:\Program Files\Bonjour
2008-01-11 05:53 44,544 ------w C:\WINDOWS1\system32\dllcache\pngfilt.dll
2008-01-10 22:00 --------- d-----w C:\Documents and Settings\Teri\Application Data\CamTrack
2007-12-19 23:01 347,136 ------w C:\WINDOWS1\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS1\system32\dllcache\mrxdav.sys
2007-12-08 05:21 3,592,192 ------w C:\WINDOWS1\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS1\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS1\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS1\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS1\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS1\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS1\system32\dllcache\oleaut32.dll
2005-01-18 05:08 266 --sh--w C:\Program Files\desktop.ini
2005-01-18 05:08 11,079 ---h--w C:\Program Files\folder.htt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4D1D56C-3EC9-2F5D-FAA3-4112CCDD61DC}]
2007-12-30 15:48 1019904 --a------ C:\Program Files\ContextProgram\ContextProgram-2.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS1\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-08 18:50 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 05:08 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"antiviirus"="C:\Program Files\antiviirus.exe" [2008-03-03 19:42 11960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 05:09 219136]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"VolumeRunOnce"= {a56e2296-ed7d-4325-8d34-2f46bc29edf2} - C:\WINDOWS1\Installer\{a56e2296-ed7d-4325-8d34-2f46bc29edf2}\VolumeRunOnce.dll [2008-03-03 19:42 18690]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Startup\ WinCinema Manager.lnk
backup=C:\WINDOWS1\pss\ WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS1\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS1\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS1\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS1\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS1\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS1\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^PalStart.lnk]
path=C:\Documents and Settings\All Users.WINDOWS1\Start Menu\Programs\Startup\PalStart.lnk
backup=C:\WINDOWS1\pss\PalStart.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-06-08 18:50 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-10-28 16:25 94208 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner Free]
C:\Program Files\DriveCleaner Free\UDC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 14:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS1\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 15:22 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS1\\System32\\FXSCLNT.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 ASPIXNT;ASPIXNT;C:\WINDOWS1\system32\drivers\ASPIXNT.sys [1999-02-15 18:06]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS1\system32\DRIVERS\AN983.sys [2004-08-04 00:31]
R3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS1\system32\Drivers\Icam3.sys [2001-08-17 14:05]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 04:23:09
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS1\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\Teri\LOCALS~1\Temp\Ty7PkhKo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2008-03-04 4:37:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-04 09:37:26
.
2008-02-13 00:17:44 --- E O F ---
superAntiSpyware log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/04/2008 at 10:39 PM
Application Version : 4.0.1154
Core Rules Database Version : 3414
Trace Rules Database Version: 1406
Scan type : Complete Scan
Total Scan Time : 03:01:20
Memory items scanned : 353
Memory threats detected : 1
Registry items scanned : 5613
Registry threats detected : 2
File items scanned : 74298
File threats detected : 14
Trojan.Downloader-AntiViirus
C:\PROGRAM FILES\ANTIVIIRUS.EXE
C:\PROGRAM FILES\ANTIVIIRUS.EXE
[antiviirus] C:\PROGRAM FILES\ANTIVIIRUS.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#antiviirus [ C:\Program Files\antiviirus.exe ]
C:\WINDOWS1\Prefetch\ANTIVIIRUS.EXE-10A2E3A4.pf
Adware.Tracking Cookie
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\teri@tribalfusion[2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][3].txt
C:\Documents and Settings\Teri\Cookies\teri@findwhat[1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][4].txt
C:\Documents and Settings\Teri\Cookies\[email protected][2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\teri@shopica[1].txt
Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E54D4BA-E6E1-4BB3-85DE-30D35D571DBF}\RP462\A0062586.EXE
Adware.SurfSideKick
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3E54D4BA-E6E1-4BB3-85DE-30D35D571DBF}\RP461\A0060458.EXE
Another SuperAntispyware log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/03/2008 at 11:57 PM
Application Version : 4.0.1154
Core Rules Database Version : 3413
Trace Rules Database Version: 1405
Scan type : Complete Scan
Total Scan Time : 01:28:53
Memory items scanned : 406
Memory threats detected : 0
Registry items scanned : 5569
Registry threats detected : 1
File items scanned : 43486
File threats detected : 93
Adware.Tracking Cookie
C:\Documents and Settings\Teri\Cookies\teri@overture[1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\teri@media6degrees[2].txt
C:\Documents and Settings\Teri\Cookies\teri@adrevolver[2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\teri@tribalfusion[2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][4].txt
C:\Documents and Settings\Teri\Cookies\teri@fastclick[2].txt
C:\Documents and Settings\Teri\Cookies\teri@collective-media[2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\teri@azjmp[1].txt
C:\Documents and Settings\Teri\Cookies\teri@apmebf[1].txt
C:\Documents and Settings\Teri\Cookies\teri@tacoda[2].txt
C:\Documents and Settings\Teri\Cookies\teri@partner2profit[2].txt
C:\Documents and Settings\Teri\Cookies\teri@atdmt[1].txt
C:\Documents and Settings\Teri\Cookies\teri@interclick[1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][2].txt
C:\Documents and Settings\Teri\Cookies\teri@apartmentfinder[2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\teri@clckm[1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\teri@advertising[1].txt
C:\Documents and Settings\Teri\Cookies\teri@doubleclick[2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\teri@pro-market[2].txt
C:\Documents and Settings\Teri\Cookies\teri@zedo[2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\teri@mediaplex[1].txt
C:\Documents and Settings\Teri\Cookies\teri@atwola[2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\teri@adecn[2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\teri@toseeka[1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\teri@precisionclick[1].txt
C:\Documents and Settings\Teri\Cookies\teri@shopica[1].txt
C:\Documents and Settings\Teri\Cookies\teri@linksynergy[1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][2].txt
C:\Documents and Settings\Teri\Cookies\[email protected][3].txt
C:\Documents and Settings\Teri\Cookies\[email protected][3].txt
C:\Documents and Settings\Teri\Cookies\[email protected][1].txt
C:\Documents and Settings\Teri\Cookies\[email protected][2].txt
C:\WINDOWS\Cookies\unknown@adserver[1].txt
C:\WINDOWS\Cookies\unknown@indexstats[2].txt
C:\WINDOWS\Cookies\[email protected][1].txt
C:\WINDOWS\Cookies\unknown@realmedia[2].txt
C:\WINDOWS\Cookies\[email protected][2].txt
C:\WINDOWS\Cookies\unknown@interclick[2].txt
C:\WINDOWS\Cookies\unknown@revsci[2].txt
C:\WINDOWS\Cookies\unknown@nextag[1].txt
C:\WINDOWS\Cookies\unknown@findnews[2].txt
C:\WINDOWS\Cookies\unknown@tacoda[1].txt
C:\WINDOWS\Cookies\[email protected][1].txt
C:\WINDOWS\Cookies\[email protected][2].txt
C:\WINDOWS\Cookies\[email protected][1].txt
C:\WINDOWS\Cookies\[email protected][1].txt
C:\WINDOWS\Cookies\[email protected][2].txt
C:\WINDOWS\Cookies\[email protected][2].txt
C:\WINDOWS\Cookies\unknown@tripod[1].txt
C:\WINDOWS\Cookies\unknown@atwola[1].txt
C:\WINDOWS\Cookies\unknown@partner2profit[1].txt
Adware.SurfSideKick
C:\Program Files\Common Files\VCClient\ClientUpdater.bat
C:\Program Files\Common Files\VCClient\ICSharpCode.SharpZipLib.dll
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCClient.exe.config
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\Program Files\Common Files\VCClient\VCUpdate.exe
C:\Program Files\Common Files\VCClient\VCUpdate.exe.config
C:\Program Files\Common Files\VCClient\Version.txt
C:\Program Files\Common Files\VCClient\temp.txt
C:\Program Files\Common Files\VCClient
Adware.ClickSpring/Yazzle
C:\Program Files\Cowabanga\License.txt
C:\Program Files\Cowabanga
Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#zip [ {79702dfb-cde5-434a-96aa-9b2e975e6e3e} ]
Edited by bunny298, 07 March 2008 - 06:30 PM.