Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:24 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dldocoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {630C3131-33AF-4978-B88F-B5D60A5EC176} - C:\WINDOWS\system32\ljJDTNHW.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: gooochi browser optimizer - {f2fe6cc2-e461-548b-2c62-064956ebc700} - C:\WINDOWS\system32\{4f09176d-5e4a-14fd-bafb-9348a34aebd8}.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://care.alltel.comO16 - DPF: ActiveGS.cab -
http://www.virtualap...rg/activegs.cabO16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/...UI.cab55579.cabO16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) -
http://zone.msn.com/...nx.1.0.0.87.cabO16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} -
https://activation.a...aller_2-0-0.cabO16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) -
http://zone.msn.com/...dy.cab55579.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photos.walmar...martActivia.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....aceUploader.cabO16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) -
http://webeffective....torLauncher.cabO16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
http://zone.msn.com/...at.cab55579.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1208137568875O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -
http://zone.msn.com/...mjolauncher.cabO16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) -
http://vsp.closetmai..._downloader.cabO16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) -
http://zone.msn.com/...no.cab55579.cabO16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) -
http://zone.msn.com/...O1.cab55579.cabO16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn...ro.cab56649.cabO16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) -
http://imikimi.com/d...kimi_plugin.cabO16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) -
http://zone.msn.com/...xy.cab55579.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -
http://fdl.msn.com/z...s/heartbeat.cabO16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) -
http://sympatico.zon...PA.cab55579.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: rqRLdDWp - rqRLdDWp.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - C:\WINDOWS\system32\dldocoms.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 11768 bytes
----------------------------------------------------------------------------------------------------------------------
ComboFix 08-04-15.8 - Jay and April 2008-04-16 13:27:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.354 [GMT -4:00]
Running from: C:\Documents and Settings\Jay and April\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\drivers\fipss.sys
C:\WINDOWS\system32\dtyrxtvu.dll
C:\WINDOWS\system32\fooybrsy.dll
C:\WINDOWS\system32\GjRBKRqr.ini
C:\WINDOWS\system32\GjRBKRqr.ini2
C:\WINDOWS\system32\jggoxikt.ini
C:\WINDOWS\system32\lugdyein.dll
C:\WINDOWS\system32\MpoXHkkj.ini
C:\WINDOWS\system32\MpoXHkkj.ini2
C:\WINDOWS\system32\nhsfbjgc.dll
C:\WINDOWS\system32\ocubcjpw.ini
C:\WINDOWS\system32\onygvvhd.ini
C:\WINDOWS\system32\pmhqpxme.ini
C:\WINDOWS\system32\qjghbcqc.dll
C:\WINDOWS\system32\uFeLoUvw.ini
C:\WINDOWS\system32\uFeLoUvw.ini2
C:\WINDOWS\system32\vfwjersx.dll
C:\WINDOWS\system32\WGMSDJjl.ini
C:\WINDOWS\system32\WGMSDJjl.ini2
C:\WINDOWS\system32\WHNTDJjl.ini
C:\WINDOWS\system32\WHNTDJjl.ini2
C:\WINDOWS\system32\x64
C:\WINDOWS\system32\ydypdlmw.dll
C:\WINDOWS\system32\ylubekvx.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FIPSS
-------\Service_fipss
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.
2008-04-16 09:06 . 2008-04-16 09:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-16 09:06 . 2008-04-16 09:06 <DIR> d-------- C:\Documents and Settings\Jay and April\Application Data\Malwarebytes
2008-04-16 09:06 . 2008-04-16 09:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-16 08:34 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-16 08:34 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-16 08:34 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-16 08:34 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-16 08:34 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-16 08:34 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-14 20:41 . 2008-04-14 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-04-14 13:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-14 13:31 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-13 19:38 . 2008-04-13 19:38 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-13 19:38 . 2007-03-29 08:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-04-13 19:38 . 2007-03-29 08:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-04-13 19:38 . 2007-03-29 08:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-04-13 19:38 . 2007-03-29 08:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-04-13 19:38 . 2007-03-29 08:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-04-13 19:38 . 2007-03-29 08:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-04-13 18:30 . 2008-04-13 22:20 646 --ahs---- C:\WINDOWS\system32\gutoghbs.ini
2008-04-13 17:02 . 2008-04-13 17:02 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-13 16:42 . 2008-04-13 16:42 <DIR> dr-h----- C:\Documents and Settings\Admin\Application Data\yahoo!
2008-04-13 16:39 . 2008-04-13 19:09 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-13 16:24 . 2008-04-13 16:30 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\StumbleUpon
2008-04-13 16:22 . 2006-11-28 03:16 <DIR> d--h----- C:\Documents and Settings\Admin\Application Data\Gtek
2008-04-13 16:22 . 2008-04-14 20:42 <DIR> d-------- C:\Documents and Settings\Admin
2008-04-12 10:17 . 2008-04-12 10:17 167,545 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-04-11 09:27 . 2008-04-11 09:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-11 09:27 . 2008-04-11 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 02:43 . 2008-04-11 02:43 9,662 --a------ C:\WINDOWS\system32\vaio3-011.ico
2008-04-11 02:38 . 2008-04-15 10:20 101,168 --a------ C:\WINDOWS\BM570bc053.xml
2008-04-10 22:42 . 2008-04-10 22:42 9,662 --a------ C:\WINDOWS\system32\iphone-6y.ico
2008-04-10 18:41 . 2008-04-10 18:41 13,942 --a------ C:\WINDOWS\system32\iphone-011.ico
2008-04-10 14:43 . 2008-04-10 14:43 298,311 --a------ C:\WINDOWS\system32\gside.exe
2008-04-10 14:38 . 2008-04-10 16:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\StumbleUpon
2008-04-10 14:35 . 2008-04-10 14:35 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-04-10 14:32 . 2008-04-13 19:06 <DIR> d--hs---- C:\WINDOWS\SmF5IGFuZCBBcHJpbA
2008-04-10 14:32 . 2008-04-10 14:32 <DIR> d-------- C:\Temp\wdlw14
2008-04-10 14:32 . 2008-04-10 14:32 40,713 --a------ C:\WINDOWS\system32\cpmsky-uninst.exe
2008-04-10 14:32 . 2008-04-11 15:13 937 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-07 12:30 . 2008-04-07 12:30 330,240 --a------ C:\WINDOWS\system32\{4f09176d-5e4a-14fd-bafb-9348a34aebd8}.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 16:50 --------- d-----w C:\Program Files\Trend Micro
2008-04-16 14:03 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-16 13:05 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-04-11 19:33 --------- d-----w C:\Program Files\GemMaster
2008-04-11 19:33 --------- d-----w C:\Program Files\BenefitBarIE
2008-04-11 13:06 --------- d-----w C:\Program Files\Incomplete
2008-04-11 13:03 --------- d-----w C:\Program Files\LimeWire
2008-04-06 18:44 --------- d-----w C:\Documents and Settings\Jay and April\Application Data\Corel
2008-03-28 22:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-28 21:04 0 ----a-w C:\Program Files\temp01
2008-03-10 23:24 --------- d-----w C:\Documents and Settings\Jay and April\Application Data\StumbleUpon
2008-03-04 23:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 23:05 --------- d-----w C:\Program Files\3D Home Architect
2008-02-27 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-02-23 23:20 --------- d-----w C:\Program Files\Coupons
2008-02-17 20:47 251 ----a-w C:\Program Files\wt3d.ini
2008-01-31 18:27 1,377,872 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-09-16 13:49 110 ----a-w C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
2007-05-17 14:41 118,248 ----a-w C:\Documents and Settings\Jay and April\Application Data\GDIPFONTCACHEV1.DAT
2007-03-13 17:12 164 ----a-w C:\Documents and Settings\Jay and April\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B3CE736-8444-49CE-A98F-ECD9E2BE3DC2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24A364E7-2BDB-4801-BA7A-DDB550B24420}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ffcab8a-aa1f-4602-9ef8-362705b3a5f7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{630C3131-33AF-4978-B88F-B5D60A5EC176}]
C:\WINDOWS\system32\ljJDTNHW.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63AB48C9-01A8-495C-8194-A715DB8A37A2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D68E5CA-D46E-4755-91B8-301BA50A52D8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BAA03D82-454E-4561-88C0-3EA7D4324E92}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCA95E31-1FBF-4F84-8F23-1BA653007A1E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f2fe6cc2-e461-548b-2c62-064956ebc700}]
2008-04-07 12:30 330240 --a------ C:\WINDOWS\system32\{4f09176d-5e4a-14fd-bafb-9348a34aebd8}.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB9926"="command /c del C:\WINDOWS\Fonts\'\#1 DVD Audio Ripper 1.2.50.zip" [ ]
"SpybotDeletingD3836"="cmd /c del C:\WINDOWS\Fonts\'\#1 DVD Audio Ripper 1.2.50.zip" [ ]
"SpybotDeletingB1637"="command /c del C:\WINDOWS\Fonts\'\#1 DVD Ripper 7.2.1.zip" [ ]
"SpybotDeletingD4929"="cmd /c del C:\WINDOWS\Fonts\'\#1 DVD Ripper 7.2.1.zip" [ ]
"SpybotDeletingB5919"="command /c del C:\WINDOWS\system32\drivers\core.cache.dsk" [ ]
"SpybotDeletingD5519"="cmd /c del C:\WINDOWS\system32\drivers\core.cache.dsk" [ ]
"SpybotDeletingB431"="command /c del C:\WINDOWS\system32\emxpqhmp.dll_old" [ ]
"SpybotDeletingD3493"="cmd /c del C:\WINDOWS\system32\emxpqhmp.dll_old" [ ]
"SpybotDeletingB268"="command /c del C:\WINDOWS\system32\kalaaadu.dll_old" [ ]
"SpybotDeletingD3539"="cmd /c del C:\WINDOWS\system32\kalaaadu.dll_old" [ ]
"SpybotDeletingB6854"="command /c del C:\WINDOWS\system32\shwkhrth.dll_old" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 01:06 5181440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 06:00 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-28 03:10:03 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-04-06 15:25:24 1073152]
Windstream Broadband Check-up Center.lnk - C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe [2006-12-07 15:07:21 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-06-19 09:09 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRLdDWp]
rqRLdDWp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MostFun\\Bin\\MostFun.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dldocoms.exe"=
"C:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"C:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Dell 968 AIO Printer\\dldoafcn.exe"=
R2 dldo_device;dldo_device;C:\WINDOWS\system32\dldocoms.exe [2007-10-05 09:30]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 09:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe" [2007-12-18 14:40]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 04:39]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-05 11:35:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-10 13:57:15 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-16 14:03:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fipss]
"ImagePath"="System32\drivers\fipss.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\rtutils.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccUpdUI.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pcclient.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
.
**************************************************************************
.
Completion time: 2008-04-16 14:17:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 18:16:34
Pre-Run: 122,126,536,704 bytes free
Post-Run: 123,033,772,032 bytes free
.
2008-04-15 15:58:54 --- E O F ---