ComboFix 08-06-01.6 - Missy 2008-06-02 18:11:59.1 - NTFSx86
Running from: C:\Documents and Settings\Missy\My Documents\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Missy\Application Data\FunWebProducts
C:\Documents and Settings\Missy\Application Data\FunWebProducts\Data\Missy\avatar.dat
C:\Documents and Settings\Missy\Application Data\FunWebProducts\Data\Missy\outfit.dat
C:\Documents and Settings\Missy\Application Data\FunWebProducts\Data\Missy\register.dat
C:\Documents and Settings\Missy\Application Data\FunWebProducts\Data\Missy\zbucks.dat
C:\WINDOWS\BMabba2016.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\ajjuyfxr.ini
C:\WINDOWS\system32\alnqaaaw.ini
C:\WINDOWS\system32\batvcmyo.ini
C:\WINDOWS\system32\beftrhau.ini
C:\WINDOWS\system32\BIhhknmp.ini
C:\WINDOWS\system32\bvdkiotl.ini
C:\WINDOWS\system32\cdktltwg.exe
C:\WINDOWS\system32\chcweigv.ini
C:\WINDOWS\system32\cioinmds.ini
C:\WINDOWS\system32\cokddocc.ini
C:\WINDOWS\system32\ddwghrda.ini
C:\WINDOWS\system32\dsclywjl.ini
C:\WINDOWS\system32\efcpvbub.ini
C:\WINDOWS\system32\egplhdvx.ini
C:\WINDOWS\system32\ejoqhahu.ini
C:\WINDOWS\system32\ekhfndas.ini
C:\WINDOWS\system32\eokbqufm.ini
C:\WINDOWS\system32\fhwgnrhb.ini
C:\WINDOWS\system32\flnncwtl.ini
C:\WINDOWS\system32\gghldaec.exe
C:\WINDOWS\system32\hqtohegp.ini
C:\WINDOWS\system32\ibyvtake.ini
C:\WINDOWS\system32\iebxcjxp.ini
C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak2
C:\WINDOWS\system32\ijkkj.tmp
C:\WINDOWS\system32\iqynoitu.ini
C:\WINDOWS\system32\ivtogssh.ini
C:\WINDOWS\system32\iwwlnogl.ini
C:\WINDOWS\system32\jcrqrytt.ini
C:\WINDOWS\system32\jtkxjaey.ini
C:\WINDOWS\system32\jwfuyagj.exe
C:\WINDOWS\system32\kskutylf.dll
C:\WINDOWS\system32\kxrdftvi.ini
C:\WINDOWS\system32\kydfhonn.ini
C:\WINDOWS\system32\lneyqswq.exe
C:\WINDOWS\system32\lpamnnwp.ini
C:\WINDOWS\system32\lwvvpldv.ini
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mbffhaxy.ini
C:\WINDOWS\system32\mxmaifwe.ini
C:\WINDOWS\system32\mxmmxnnr.ini
C:\WINDOWS\system32\olyhhyjp.ini
C:\WINDOWS\system32\oojchfph.ini
C:\WINDOWS\system32\oriuvedw.ini
C:\WINDOWS\system32\orpyaorr.ini
C:\WINDOWS\system32\peyhpjup.ini
C:\WINDOWS\system32\phroydbu.ini
C:\WINDOWS\system32\pmnkhhIB.dll
C:\WINDOWS\system32\pnxspsqa.ini
C:\WINDOWS\system32\ppxfksxf.dll
C:\WINDOWS\system32\psmrpvxu.ini
C:\WINDOWS\system32\puounlol.ini
C:\WINDOWS\system32\qecbtoni.ini
C:\WINDOWS\system32\qvucqhql.ini
C:\WINDOWS\system32\rfnevksl.ini
C:\WINDOWS\system32\riwkticb.ini
C:\WINDOWS\system32\rmfsheuh.ini
C:\WINDOWS\system32\rtmipr.dll
C:\WINDOWS\system32\sapjrvhe.exe
C:\WINDOWS\system32\sfggqmol.ini
C:\WINDOWS\system32\snqacxjn.ini
C:\WINDOWS\system32\tlpsgnpx.ini
C:\WINDOWS\system32\txnjgtfy.ini
C:\WINDOWS\system32\uaxmiier.ini
C:\WINDOWS\system32\udjnckxv.ini
C:\WINDOWS\system32\ujfvuiri.ini
C:\WINDOWS\system32\utlcrpil.ini
C:\WINDOWS\system32\vhjpheth.ini
C:\WINDOWS\system32\vkdsbmtu.ini
C:\WINDOWS\system32\vuxfajok.ini
C:\WINDOWS\system32\whgxkbey.ini
C:\WINDOWS\system32\wihdjodt.ini
C:\WINDOWS\system32\wjkaoxfn.ini
C:\WINDOWS\system32\xchjjvov.ini
C:\WINDOWS\system32\xkonvrgu.ini
C:\WINDOWS\system32\ymubgpwc.ini
C:\WINDOWS\system32\yxobnxqh.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.
2008-05-31 19:25 . 2008-05-31 19:26 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-30 15:49 . 2008-05-31 20:52 <DIR> d-------- C:\SDFix
2008-05-30 14:56 . 2008-05-31 21:06 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-24 23:09 . 2008-05-25 00:17 <DIR> d-------- C:\Documents and Settings\Missy\dvd
2008-05-24 22:30 . 2008-05-24 22:30 <DIR> d-------- C:\Program Files\DVDStyler
2008-05-24 22:30 . 2008-05-24 22:30 <DIR> d-------- C:\Documents and Settings\Missy\.thumb
2008-05-24 16:30 . 2008-05-24 16:30 <DIR> d-------- C:\Program Files\Panda Security
2008-05-24 15:26 . 2008-05-24 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-24 15:25 . 2008-05-28 07:12 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-24 15:25 . 2008-05-24 15:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-24 15:25 . 2008-05-24 15:25 <DIR> d-------- C:\Documents and Settings\Missy\Application Data\SUPERAntiSpyware.com
2008-05-24 15:07 . 2008-05-24 15:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-24 15:07 . 2008-05-24 15:07 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-24 15:07 . 2008-05-24 15:07 <DIR> d-------- C:\Documents and Settings\Missy\Application Data\Malwarebytes
2008-05-24 15:07 . 2008-05-24 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-24 15:07 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-24 15:07 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-16 17:11 . 2008-05-16 17:11 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Symantec
2008-05-15 19:31 . 2008-05-24 23:25 <DIR> d-------- C:\Documents and Settings\Missy\Application Data\ImgBurn
2008-05-15 18:16 . 2008-05-15 18:16 <DIR> d-------- C:\Documents and Settings\Missy\Application Data\Symantec
2008-05-15 16:05 . 2008-05-15 16:05 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-05-15 15:59 . 2008-05-15 15:59 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-05-15 15:56 . 2008-05-15 16:03 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-05-15 15:50 . 2008-05-15 16:02 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-15 15:50 . 2008-05-15 16:02 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-15 15:50 . 2008-05-15 16:02 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-15 15:50 . 2008-05-15 16:02 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-15 13:29 . 2008-05-15 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-05-05 06:58 . 2008-05-05 06:58 <DIR> d-------- C:\Program Files\OpenAL
2008-05-05 06:58 . 2008-05-05 06:58 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-05-05 06:58 . 2008-05-05 06:58 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-05-04 18:15 . 2008-05-04 18:15 <DIR> d-------- C:\Documents and Settings\Missy\Application Data\Dealio
2008-05-04 18:15 . 2008-04-09 13:08 608,448 --a------ C:\WINDOWS\system32\ComCtl32.ocx
2008-05-04 18:15 . 2008-04-09 13:08 124,688 --a------ C:\WINDOWS\system32\MSWinSck.ocx
2008-05-04 17:17 . 2008-05-07 19:29 <DIR> d-------- C:\Documents and Settings\Missy\.smplayer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 21:56 --------- d-----w C:\Program Files\PopCap Games
2008-05-28 02:16 --------- d-----w C:\Documents and Settings\Missy\Application Data\gtk-2.0
2008-05-24 20:18 --------- d-----w C:\Program Files\Gamevance
2008-05-24 20:02 --------- d-----w C:\Program Files\Trend Micro
2008-05-23 13:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-22 20:46 --------- d-----w C:\Program Files\Blubster
2008-05-22 03:00 --------- d-----w C:\Program Files\Microsoft Works
2008-05-22 00:27 --------- d-----w C:\Program Files\Dl_cats
2008-05-15 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-15 21:02 --------- d-----w C:\Program Files\Symantec
2008-05-15 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-05-15 20:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-15 19:36 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-05 20:49 --------- d-----w C:\Documents and Settings\Missy\Application Data\AdobeUM
2008-04-21 20:51 --------- d-----w C:\Documents and Settings\Missy\Application Data\gears
2008-04-16 01:53 25,600 ----a-w C:\Documents and Settings\Missy\usbsermptxp.sys
2008-04-16 01:53 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-04-16 01:53 22,768 ----a-w C:\Documents and Settings\Missy\usbsermpt.sys
2008-04-16 01:13 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-04-16 01:13 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-04-16 00:46 92,064 ----a-w C:\Documents and Settings\Missy\mqdmmdm.sys
2008-04-16 00:46 9,232 ----a-w C:\Documents and Settings\Missy\mqdmmdfl.sys
2008-04-16 00:46 79,328 ----a-w C:\Documents and Settings\Missy\mqdmserd.sys
2008-04-16 00:46 66,656 ----a-w C:\Documents and Settings\Missy\mqdmbus.sys
2008-04-16 00:46 6,208 ----a-w C:\Documents and Settings\Missy\mqdmcmnt.sys
2008-04-16 00:46 5,936 ----a-w C:\Documents and Settings\Missy\mqdmwhnt.sys
2008-04-16 00:46 4,048 ----a-w C:\Documents and Settings\Missy\mqdmcr.sys
2008-04-14 22:30 --------- d-----w C:\Program Files\WIBU-SYSTEMS
2008-04-14 20:45 --------- d-----w C:\Program Files\EA GAMES
2008-04-12 13:30 --------- d-----w C:\Program Files\Disney
2008-04-12 12:31 --------- d-----w C:\Program Files\Windows Live
2008-04-12 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-12 01:58 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-12 01:58 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-04-12 01:54 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-04-10 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameTap
2008-04-10 00:09 --------- d-----w C:\Program Files\GameTap
2008-04-10 00:08 --------- d-----w C:\Documents and Settings\Missy\Application Data\InstallShield
2008-04-08 22:58 --------- d-----w C:\Program Files\Alice
2008-04-07 12:36 --------- d-----w C:\Documents and Settings\Missy\Application Data\DeepBurner
2008-04-03 21:41 --------- d-----w C:\Program Files\Google Video
2008-04-02 02:33 --------- d-----w C:\Documents and Settings\Missy\Application Data\Creative
2008-03-31 23:24 18,336 ----a-w C:\Documents and Settings\Missy\Application Data\wklnhst.dat
2007-05-23 23:22 62,312 ----a-w C:\Documents and Settings\Missy\Application Data\GDIPFONTCACHEV1.DAT
2007-02-05 00:09 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-09-29 21:06 56 -csh--r C:\WINDOWS\system32\E4BB54CD39.sys
2006-09-29 21:06 3,558 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-06 23:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-15 15:58 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-06 23:05 349552]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-06 23:05 349552]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 21:09 700416]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 07:12 1510640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 00:09 94208]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 05:04 57344]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 07:38 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-05 19:39 98304]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 20:47 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 01:49 718704]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-28 07:12 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-28 07:12 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.YV12"= stvcodec.dll
"vidc.MJPG"= stvcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^U.S. Robotics 802.11g Wireless Network Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\U.S. Robotics 802.11g Wireless Network Utility.lnk
backup=C:\WINDOWS\pss\U.S. Robotics 802.11g Wireless Network Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blubster]
--a------ 2008-03-05 16:30 5980160 C:\Program Files\Blubster\Blubster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a--c--- 2005-08-31 12:06 106496 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 06:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
--a------ 2005-07-22 08:03 425984 C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
--a------ 2004-01-22 11:59 151552 C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-07-20 00:06 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-07-20 00:10 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
--a------ 2005-08-15 20:38 20553 C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
--a------ 2004-07-06 18:46 159744 C:\Program Files\Saitek\Software\Profiler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-01-05 19:39 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
--a------ 2004-07-06 18:46 98304 C:\Program Files\Saitek\Software\SaiSmart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
C:\WINDOWS\system32\inotbceq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a--c--- 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-03-11 21:16]
S2 EraserSvc10732;Symantec Eraser Service;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 cusbohcn;cusbohcn;C:\DOCUME~1\Missy\LOCALS~1\Temp\cusbohcn.sys []
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 10:27]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-11-02 16:12]
S3 SaiHFF0C;SaiHFF0C;C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys [2004-06-11 04:59]
S3 SaiUFF0C;SaiUFF0C;C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys [2004-06-11 04:59]
S3 STV674;STV0674 Camera;C:\WINDOWS\system32\drivers\STV674.sys [2003-12-18 13:33]
S3 STV674m;STV0674 Cameram;C:\WINDOWS\system32\drivers\STV674m.sys [2003-12-18 13:33]
S3 STVles;l'espion S (Webcam);C:\WINDOWS\system32\drivers\STVles.sys [2004-02-27 17:40]
S3 STVlesm;l'espion S (Webcam)m;C:\WINDOWS\system32\drivers\STVlesm.sys [2004-02-27 17:40]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44df7290-2c2f-11dd-b296-00c04960c7f3}]
\Shell\AutoRun\command - F:\StartPortableApps.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c063dd6-b263-11dc-8b76-00c04960c7f3}]
\Shell\AutoRun\command - F:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - F:\system\viewer\FlipVideoforPC.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7424e1e-632b-11dc-8b59-00c04960c7f3}]
\Shell\AutoRun\command - G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b353d6d3-5021-11dc-8b46-00c04960c7f3}]
\Shell\AutoRun\command - G:\StartPortableApps.exe
*Newly Created Service* - COMHOST
*Newly Created Service* - EHRECVR
*Newly Created Service* - EHSCHED
.
Contents of the 'Scheduled Tasks' folder
"2008-05-27 01:04:53 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Missy.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-04-01 21:51:58 C:\WINDOWS\Tasks\Windows Dancer.job"
- C:\PROGRA~1\WINDOW~2\Dancer\Dancer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-02 18:49:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-02 18:59:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 23:59:26
Pre-Run: 39,935,541,248 bytes free
Post-Run: 39,734,558,720 bytes free
359 --- E O F --- 2008-05-14 08:02:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:54 PM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://internetsearchservice.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://internetsearchservice.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://portal.chibardun.netR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://internetsearchservice.comR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) -
http://a516.g.akamai...cat-no-eula.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) -
http://www.worldwinn...d/bejeweled.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinn...ed/wwlaunch.cabO16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -
http://www.trendmicr...scan/as4web.cabO16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) -
http://mvnet.xlontec...2ie06101001.cabO16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abac...abasetup162.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{194B24F3-B5C6-4284-8CC2-5E094CEA152B}: NameServer = 85.255.113.206,85.255.112.153
O17 - HKLM\System\CCS\Services\Tcpip\..\{D48CEE56-AC81-47C6-8AC4-BE83BDFE5191}: NameServer = 85.255.113.206,85.255.112.153
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE02F42F-8CD0-4226-8156-10E91B9124D1}: NameServer = 85.255.113.206,85.255.112.153
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.206 85.255.112.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{194B24F3-B5C6-4284-8CC2-5E094CEA152B}: NameServer = 85.255.113.206,85.255.112.153
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.206 85.255.112.153
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: bestreak - - (no file)
O22 - SharedTaskScheduler: - bestreak - (no file)
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Symantec Eraser Service (EraserSvc10732) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) -
http://music.downloa.../100930874.jpeg--
End of file - 10530 bytes