ComboFix 08-04-20.2 - KC1 2008-04-20 17:21:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.179 [GMT -4:00]
Running from: C:\Documents and Settings\KC1\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\KC1\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\d3dxofo.dll . . . . failed to delete
.
---- Previous Run -------
.
C:\WINDOWS\system32\d3dxofo.dll . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_xjsjcevf
-------\Legacy_xjsjcevf
-------\xjsjcevf
-------\Legacy_XJSJCEVF
-------\Service_xjsjcevf
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.
2100-02-23 14:35 . 2001-02-22 09:54 768 --a--c--- C:\Program Files\x73_lut.dat
2100-02-08 16:03 . 2001-05-11 11:39 53,248 --a--c--- C:\Program Files\ACMonitor_X73.exe
2008-04-20 16:36 . 2008-04-20 16:27 401,720 --a------ C:\Program Files\HiJackThis[1].exe
2008-04-20 09:24 . 2008-04-20 09:24 84 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-04-20 08:18 . 2008-04-20 08:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 08:18 . 2008-04-20 08:18 <DIR> d-------- C:\Documents and Settings\KC1\Application Data\Malwarebytes
2008-04-20 08:18 . 2008-04-20 08:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 15:52 . 2008-04-19 15:52 <DIR> d-------- C:\csscod
2008-04-13 08:42 . 2008-04-13 08:42 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-04-13 08:41 . 2008-04-13 08:41 <DIR> d-------- C:\Program Files\MSECACHE
2008-04-06 17:55 . 2008-04-06 17:55 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-04-06 17:55 . 2007-12-06 16:51 28,568 --a------ C:\WINDOWS\system32\drivers\AVHook.sys
2008-04-06 17:55 . 2007-12-06 16:51 21,912 --a------ C:\WINDOWS\system32\drivers\AVRec.sys
2008-04-06 17:55 . 2008-02-12 11:44 21,904 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys
2008-04-06 17:08 . 2008-04-20 17:38 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-04-05 20:53 . 2008-04-20 16:19 <DIR> d-------- C:\Documents and Settings\KC1\Application Data\Desktopicon
2008-04-05 20:52 . 2008-04-05 21:22 <DIR> d-------- C:\Program Files\Unlocker
2008-04-05 19:48 . 2008-04-13 08:53 <DIR> d-------- C:\Program Files\Panda Security
2008-04-03 00:18 . 2008-04-03 00:18 <DIR> d-------- C:\Program Files\Common Files\Mozilla Shared
2008-04-03 00:17 . 2008-04-11 21:05 6,490,880 --a------ C:\WINDOWS\system32\wtzpelos.dat
2008-03-31 21:35 . 2008-03-31 21:35 <DIR> d-------- C:\Program Files\Enigma Software Group
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 21:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-20 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-20 13:22 --------- d-----w C:\Program Files\LogMeIn
2008-04-20 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 12:07 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-17 11:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-13 13:01 --------- d-----w C:\Program Files\Windows Defender
2008-04-13 12:58 --------- d-----w C:\Program Files\AceMoney
2008-04-13 12:55 --------- d-----w C:\Program Files\No Trace
2008-04-06 21:58 --------- d-----w C:\Documents and Settings\KC1\Application Data\PC Tools
2008-04-06 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-06 21:06 --------- d-----w C:\Program Files\METAFILE
2008-04-06 21:04 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-06 21:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-03 23:28 --------- d-----w C:\Program Files\Picasa2
2008-04-03 04:17 20,224 ----a-w C:\WINDOWS\system32\drivers\noaqtndc.dat
2008-04-03 03:18 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-31 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-30 23:50 --------- d-----w C:\Program Files\RegistryFix
2008-03-29 23:50 --------- d-----w C:\Program Files\SpiralFrog
2008-03-25 02:37 --------- d-----w C:\Documents and Settings\KC1\Application Data\IObit
2008-03-25 02:36 --------- d-----w C:\Program Files\IObit
2008-03-13 05:17 --------- d-----w C:\Program Files\PC Check-up
2008-03-12 01:38 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-05 16:02 --------- d-----w C:\Program Files\Google
2008-02-23 02:47 --------- d-----w C:\Program Files\iolo
2008-02-23 02:47 --------- d-----w C:\Documents and Settings\KC1\Application Data\iolo
2008-02-23 02:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-02-23 02:45 --------- d--h--w C:\Documents and Settings\KC1\Application Data\GTek
2008-02-23 02:45 --------- d--h--w C:\Documents and Settings\All Users\Application Data\GTek
2008-02-23 02:38 43,872 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-02-17 16:46 5,632 -csha-w C:\Program Files\Thumbs.db
2007-11-30 00:05 78,896 -c--a-w C:\Documents and Settings\KC3\Application Data\GDIPFONTCACHEV1.DAT
2007-09-11 03:09 78,896 -c--a-w C:\Documents and Settings\KC2\Application Data\GDIPFONTCACHEV1.DAT
2007-08-30 18:06 842,726 -c--a-w C:\Documents and Settings\KC1\JNativeCpp.dll
2007-08-30 18:06 417,792 -c--a-w C:\Documents and Settings\KC1\UDLL.dll
2007-08-07 02:51 178,122 -c--a-w C:\Program Files\esshopdg.exe
2007-08-07 02:51 150,198 -c--a-w C:\Program Files\shopdesg.hlp
2007-07-06 00:47 27,353 -c--a-w C:\Program Files\DeIsL2.isu
2007-06-15 11:31 78,896 -c--a-w C:\Documents and Settings\KC1\Application Data\GDIPFONTCACHEV1.DAT
2006-01-14 00:24 563,712 -c--a-w C:\Documents and Settings\KC1\370_gotomypc.exe
2004-12-16 01:07 27,624 -c--a-w C:\Program Files\DeIsL1.isu
2003-06-07 01:25 2,448,567 -c--a-w C:\Program Files\4th.zip
2002-09-11 14:26 63,730 -c--a-w C:\Program Files\viewsonicinstruct_xp.pdf
2001-07-26 20:58 47 -c--a-w C:\Program Files\ACMonitor_X73.ini
2001-07-05 16:46 8,116 -c--a-w C:\Program Files\OSLO3071b2.USB
2001-05-08 20:36 114,688 -c--a-w C:\Program Files\lxarscan.dll
2001-04-23 18:22 1,437 -c--a-w C:\Program Files\gtx73.ini
1997-03-14 20:03 3,539,968 -c--a-w C:\Program Files\3dhadl32.exe
1997-03-11 16:52 138,016 -c--a-w C:\Program Files\furnlib.lbf
1997-02-06 13:55 20,224 -c--a-w C:\Program Files\README.WRI
1997-01-29 18:25 9,545 -c--a-w C:\Program Files\SYMBLIB.LBS
1997-01-22 15:49 5,590 -c--a-w C:\Program Files\Profilem.pl1
1997-01-22 15:36 31,937 -c--a-w C:\Program Files\FIXTLIB.LBA
1997-01-20 20:49 59,264 -c--a-w C:\Program Files\ERROR.INT
1997-01-20 20:39 8,131 -c--a-w C:\Program Files\MATERIAL.DAT
1997-01-10 21:05 224,037 -c--a-w C:\Program Files\3DHOME.HLP
1996-11-08 20:14 42,496 -c--a-w C:\Program Files\SPAWNIT.EXE
1996-07-22 05:58 5,775,692 -c--a-w C:\Program Files\VOLUME1.L3F
1996-07-22 03:53 73,935 -c--a-w C:\Program Files\VOLUME1.LBF
1996-05-20 15:01 59,976 -c--a-w C:\Program Files\SAMPLE.PL1
1996-05-20 15:01 50,396 -c--a-w C:\Program Files\SAMPLE.PL2
1996-05-20 15:01 2,224 -c--a-w C:\Program Files\SAMPLE.PL3
1996-05-20 15:01 12,518 -c--a-w C:\Program Files\SAMPLE.PL0
1996-05-14 22:34 30 -c--a-w C:\Program Files\SPAWNIT.INI
1996-05-10 22:11 563,200 -c--a-w C:\Program Files\SS32D25.DLL
1996-05-09 20:47 328 -c--a-w C:\Program Files\3DHOME.CNT
1996-04-12 20:20 39,133 -c--a-w C:\Program Files\TUTORIAL.PL1
1996-04-12 20:20 3,108 -c--a-w C:\Program Files\TUTORIAL.PL3
1996-04-12 20:20 13,774 -c--a-w C:\Program Files\TUTORIAL.PL2
1996-04-12 20:19 5,132 -c--a-w C:\Program Files\PROFILE.PL1
1996-04-10 16:04 5,668 -c--a-w C:\Program Files\TUTORIAL.PL0
1995-11-10 09:10 7,616 -c--a-w C:\Program Files\SUPERPRO.DLL
1994-10-13 16:04 3,575,476 -c--a-w C:\Program Files\FURNLIB.L3F
1994-10-12 06:21 766 -c--a-w C:\Program Files\TIPS.ICO
1994-10-12 00:38 1,002,840 -c--a-w C:\Program Files\FIXTLIB.L3A
1993-08-28 18:19 23,080 -c--a-w C:\Program Files\FIXTOLD.PLB
1993-08-28 18:18 26,742 -c--a-w C:\Program Files\FURNOLD.PLB
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 49,152 2004-05-25 13:16:56 C:\Program Files\Brother\Brmfl04a\bak\BrStDvPt.exe
------w 49,152 2004-05-25 14:16:56 C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
-c--a-w 185,632 2007-08-17 23:41:00 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
-c--a-r 155,648 2003-10-14 14:22:30 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
-c--a-w 68,856 2007-05-16 02:03:58 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
-c--a-w 132,496 2007-09-25 05:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
-c--a-w 63,048 2007-04-17 18:03:50 C:\Program Files\LogMeIn\x86\bak\LogMeInSystray.exe
-c--a-w 40,960 2004-04-14 19:04:12 C:\Program Files\ScanSoft\PaperPort\bak\IndexSearch.exe
-c--a-w 57,393 2004-04-14 18:46:50 C:\Program Files\ScanSoft\PaperPort\bak\pptd40nt.exe
-c--a-w 163,128 2007-10-15 18:38:38 C:\Program Files\SpiralFrog\bak\Spiralfrog.exe
-c--a-w 1,460,560 2007-08-31 21:46:28 C:\Program Files\Spybot - Search & Destroy\bak\TeaTimer.exe
--sha-r 2,097,488 2008-01-28 16:43:40 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-c--a-w 1,458,176 2008-01-16 14:43:16 C:\Program Files\SUPERAntiSpyware\bak\SUPERAntiSpyware.exe
-c--a-w 866,584 2006-11-03 23:20:12 C:\Program Files\Windows Defender\bak\MSASCui.exe
----a-w 866,584 2006-11-03 23:20:12 C:\Program Files\Windows Defender\MSASCui.exe
-c--a-w 204,288 2006-10-19 01:05:26 C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe
-c--a-w 15,360 2006-02-28 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2006-02-28 12:00:00 C:\WINDOWS\system32\ctfmon.exe
-c--a-w 143,360 2002-07-17 11:59:48 C:\WINDOWS\system32\bak\igfxtray.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00A67FF0-C935-411F-AF76-2D17DE41F24A}]
2008-04-20 09:30 88064 --a------ C:\WINDOWS\system32\cnxtsdki.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8D8879-2A87-4236-9B8B-81AEE76C4DAF}]
2008-04-20 17:28 82944 --a------ c:\windows\system32\d3dxofo.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"AccountLogon"="C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe" [2003-06-24 22:32 470016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2008-03-05 09:37 1238928]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-21 18:23 87352 C:\WINDOWS\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccountLogon]
--a--c--- 2003-06-24 22:32 470016 C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"awhost32"=2 (0x2)
"iPod Service"=3 (0x3)
"ewido anti-spyware 4.0 guard"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"KodakCCS"=3 (0x3)
"gusvc"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\wjview.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\Blubster.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 $sys$cor;$sys$cor;C:\WINDOWS\system32\Drivers\$sys$cor.sys [2005-07-04 08:52]
R0 ytlquzfk;ytlquzfk;C:\WINDOWS\system32\drivers\noaqtndc.dat []
R2 AwcService;Advanced WindowsCare Boost Service;C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe [2008-02-18 22:01]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 18:09]
R2 CD_Proxy;XCP CD Proxy;C:\WINDOWS\CDProxyServ.exe [2004-10-07 10:42]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 18:09]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 22:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 06:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28]
S1 $sys$crater;$sys$crater;C:\WINDOWS\system32\$sys$filesystem\crater.sys [2005-07-04 06:51]
S3 $sys$lim;$sys$lim;C:\WINDOWS\system32\$sys$filesystem\lim.sys [2005-07-14 05:51]
S3 iAimFP8;iAimFP8;C:\WINDOWS\system32\DRIVERS\wADV11nt.sys [2002-07-23 09:01]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 17:04]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-20 21:07:28 C:\WINDOWS\Tasks\AWC AutoCare.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AutoCare.ex
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\
"2008-04-20 21:36:11 C:\WINDOWS\Tasks\AWC AutoSweep.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AutoSweep.exe
"2008-04-20 00:29:26 C:\WINDOWS\Tasks\AWC Update.job"
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\IObitUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\
"2008-04-14 03:41:00 C:\WINDOWS\Tasks\dfrg.job"
- C:\WINDOWS\system32\dfrg.msc
"2008-04-20 21:37:28 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-18 19:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 17:37:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ytlquzfk]
"ImagePath"="system32\drivers\noaqtndc.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
**************************************************************************
.
Completion time: 2008-04-20 17:48:41 - machine was rebooted [KC1]
ComboFix-quarantined-files.txt 2008-04-20 21:48:15
ComboFix2.txt 2008-04-06 15:55:33
Pre-Run: 22,493,925,376 bytes free
Post-Run: 22,492,196,864 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
287 --- E O F --- 2008-04-20 14:39:25
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:41 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\KC1\My Documents\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/fl...x.cfm?rev=10315
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {00A67FF0-C935-411F-AF76-2D17DE41F24A} - C:\WINDOWS\system32\cnxtsdki.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9B8D8879-2A87-4236-9B8B-81AEE76C4DAF} - c:\windows\system32\d3dxofo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AccountLogon] C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe /regserver
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-kc1.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-kc1.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-kc1.html (HKCU)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} -
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} - http://support.f-sec.../fshc/fscax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} -
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
O20 - Winlogon Notify: vckxxvij - C:\WINDOWS\SYSTEM32\d3dxofo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Advanced WindowsCare Boost Service (AwcService) - IObit - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 9276 bytes
3D Home Architect Deluxe
3D Pool Shark
A Sunday Snow Demo
AccountLogon
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Advanced WindowsCare 3 Beta
Apple Software Update
ArcSoft Funhouse
AVG Anti-Spyware 7.5
Bookworm Deluxe 1.03
Broderbund Home Design 5.1
Brother MFL-Pro Suite
CardRd81
Carleton Sheets Property Analyzer
Carleton Sheets Property Manager
CCleaner (remove only)
CCScore
CheckIt Diagnostics
Clear Estimates v2
Command On Demand for Command Software
Conexant SoftK56 Modem(M)
CR2
DebtFree for Windows Personal 5.0h
EasyCleaner
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
E-Z Contact Book version 1.0.7.0
FinePixViewer Ver.3.2
Fireworks Desktop Theme
FUJIFILM USB Driver
Fujifilm USB MemoryCard ReaderWriter
GalleryPlayer Images
Google Earth
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HLPIndex
HLPPDOCK
HLPRFO
Home Plan Pro for Windows 95/98/00/ME/NT/XP
HomeGauge
HomeGauge3
HomeTech ADVANTAGE Cost Estimator 4.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows XP (KB915865)
iDEN Packet Data Applet
ImageMixer VCD for FinePix
Intel Application Accelerator
Intel® 810/810E/815/815E/815EM Chipset Graphics Driver Software
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 6 Update 2
Java 6 Update 3
Kodak EasyShare software
KSU
LiveReg (Symantec Corporation)
Logitech SetPoint
LogMeIn
Malwarebytes' Anti-Malware
Media Downloader
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
Motorola Driver Installation
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
My Budget Planner - Version 1.7
MyBudgetPlanner
NASA World Wind 1.4
Norton Security Scan
Notifier
Office Manager Plus
OTtBP
OTtBPSDK
PaperPort
PC Tools AntiVirus4.0
PC-Checkup
Picasa 2
QuickBooks Customer Manager Version 2
QuickBooks Premier: Contractor Edition 2008
QuickTime
RealPlayer
Road Runner Medic
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
SFR
SHASTA
SKIN0001
SKINXSDK
SoundMAX
Spanish Year 1 v1.50
Spelling Dictionaries Support For Adobe Reader 8
SpiralFrog Download Manager 0.8.23
Spybot - Search & Destroy
Spyware Doctor 5.5
Unlocker 1.8.6
Update for Windows XP (KB904942)
update to ONE
ViewSonic Monitor Drivers
Visual FoxPro ODBC Driver
Visual MP3 CD Burner 1.3
VPRINTOL
Windows Communication Foundation
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Support Tools
Windows Workflow Foundation
WIRELESS
Malwarebytes' Anti-Malware 1.11
Database version: 661
Scan type: Quick Scan
Objects scanned: 36636
Time elapsed: 47 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)