Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:51, on 18.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BMdb78f02c] Rundll32.exe "C:\WINDOWS\system32\hbcjlmmm.dll",s
O4 - HKLM\..\Run: [d84bc3b0] rundll32.exe "C:\WINDOWS\system32\rxtfeaaj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1210286982120
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 6788 bytes
EDIT: HERE IS ALSO COMBOFIX THAT I ADDED NOW AT 23:35.
ComboFix 08-08-17.05 - Tine a.k.a Pepc619 2008-08-18 22:40:20.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.396 [GMT 2:00]
Running from: C:\Documents and Settings\Tine a.k.a Pepc619\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Tine a.k.a Pepc619\UserData
C:\Documents and Settings\Tine a.k.a Pepc619\UserData\5UKHPN4S\oWindowsUpdate[1].xml
C:\Documents and Settings\Tine a.k.a Pepc619\UserData\DU8DD7DI\oWindowsUpdate[1].xml
C:\Documents and Settings\Tine a.k.a Pepc619\UserData\index.dat
C:\Documents and Settings\Tine a.k.a Pepc619\UserData\PJUGGMHH\oWindowsUpdate[1].xml
C:\install.exe
C:\WINDOWS\BMdb78f02c.txt
C:\WINDOWS\BMdb78f02c.xml
C:\WINDOWS\clofghls.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abgbkcwh.dll
C:\WINDOWS\system32\fccyaAQJ.dll
C:\WINDOWS\system32\hbcjlmmm.dll
C:\WINDOWS\system32\jaaeftxr.ini
C:\WINDOWS\system32\JQAayccf.ini
C:\WINDOWS\system32\JQAayccf.ini2
C:\WINDOWS\system32\khfFUOfC.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnoPFUl.dll
C:\WINDOWS\system32\rxtfeaaj.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.
2008-08-18 22:01 . 2008-08-18 22:01 <DIR> d-------- C:\Program Files\PrevxCSI
2008-08-18 22:01 . 2008-08-18 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-18 22:01 . 2008-08-18 22:01 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-08-18 21:41 . 2008-08-18 21:51 1,888 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-18 21:38 . 2008-08-18 21:55 <DIR> d-------- C:\Documents and Settings\Tine a.k.a Pepc619\SmitfraudFix
2008-08-18 21:38 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-18 21:38 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-18 21:38 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-18 21:38 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-18 21:38 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-18 21:38 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-18 21:38 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-18 21:38 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-18 21:38 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-18 21:37 . 2008-08-18 21:37 <DIR> d-------- C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\TrojanHunter
2008-08-18 21:31 . 2008-08-18 22:32 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-08-18 20:06 . 2008-08-18 20:06 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-18 17:40 . 2008-08-18 17:41 <DIR> d-------- C:\Program Files\Game Cam
2008-08-18 16:28 . 2008-08-18 16:34 <DIR> d-------- C:\Program Files\Game Cam V2
2008-08-18 14:05 . 2008-08-18 14:05 <DIR> d-------- C:\Program Files\coverXP
2008-08-17 23:04 . 2008-08-18 00:16 <DIR> d-------- C:\Program Files\mupen64 0.5
2008-08-17 12:10 . 2008-08-17 12:10 <DIR> d-------- C:\Program Files\Mario Forever
2008-08-17 02:04 . 2008-08-17 12:19 82 --a------ C:\WINDOWS\mafosav.INI
2008-08-17 00:46 . 2008-06-30 14:09 438 --a------ C:\MasterServers.vdf
2008-08-17 00:15 . 2008-08-17 00:15 <DIR> d-------- C:\Program Files\inKline Global
2008-08-16 23:06 . 2008-08-16 23:06 <DIR> d-------- C:\Fraps
2008-08-16 01:40 . 2008-08-16 01:40 <DIR> d-------- C:\Program Files\DFX
2008-08-16 01:40 . 2008-08-16 01:40 <DIR> d-------- C:\Program Files\Common Files\DFX
2008-08-16 01:40 . 2008-08-16 01:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DFX
2008-08-16 01:36 . 2008-08-16 01:37 <DIR> d-------- C:\Program Files\Winamp
2008-08-16 01:36 . 2008-08-16 01:37 <DIR> d-------- C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\Winamp
2008-08-15 17:32 . 2008-08-15 17:32 <DIR> d-------- C:\Program Files\NEXON
2008-08-14 17:34 . 2008-08-14 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-14 13:57 . 2008-04-14 02:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-14 13:41 . 2008-08-14 13:41 <DIR> d-------- C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\URSoft
2008-08-14 13:31 . 2008-08-15 15:26 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-08-14 13:29 . 2008-08-14 13:29 11 -ra------ C:\WINDOWS\amunres.lsl
2008-08-14 02:38 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 02:34 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-07 18:10 . 2008-08-07 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-07 17:57 . 2008-08-07 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-08-07 17:18 . 2008-08-07 17:18 <DIR> d-------- C:\Program Files\Bonjour
2008-08-07 16:43 . 2008-08-07 16:43 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-05 17:49 . 2008-08-05 17:49 <DIR> d-------- C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\Nexon
2008-08-05 14:38 . 2008-08-05 14:38 <DIR> d-------- C:\Nexon
2008-08-04 12:00 . 2008-08-04 12:00 268 --ah----- C:\sqmdata00.sqm
2008-08-04 12:00 . 2008-08-04 12:00 244 --ah----- C:\sqmnoopt00.sqm
2008-07-25 23:08 . 2008-07-25 23:08 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-24 22:25 . 2008-07-24 22:25 <DIR> d-------- C:\Program Files\Netlog Music Tool
2008-07-24 22:04 . 2008-07-24 22:04 <DIR> d-------- C:\downloads
2008-07-24 22:04 . 2008-07-24 22:04 <DIR> d-------- C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\GrabPro
2008-07-23 14:58 . 2008-07-23 14:58 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-07-23 14:43 . 2008-07-23 14:43 <DIR> d-------- C:\Program Files\PowerISO
2008-07-22 12:51 . 2008-04-13 20:54 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2008-07-22 12:51 . 2008-04-13 20:54 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-07-22 12:49 . 2008-07-22 12:49 <DIR> d-------- C:\WINDOWS\USB-IrDA
2008-07-22 12:40 . 2008-04-13 20:54 88,192 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-07-22 12:40 . 2008-04-13 20:54 88,192 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2008-07-22 12:40 . 2001-08-17 13:49 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys
2008-07-22 12:40 . 2001-08-17 13:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
2008-07-22 12:40 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-07-22 12:40 . 2001-08-17 13:51 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys
2008-07-21 12:55 . 2008-07-21 12:55 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-07-21 12:55 . 2008-07-21 12:54 17,920 --a------ C:\WINDOWS\system32\sophosboottasks.exe
2008-07-21 12:54 . 2008-07-21 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-07-21 12:54 . 2008-07-21 12:54 101,120 --a------ C:\WINDOWS\system32\drivers\savonaccesscontrol.sys
2008-07-21 12:54 . 2008-07-21 12:54 33,408 --a------ C:\WINDOWS\system32\drivers\savonaccessfilter.sys
2008-07-21 12:53 . 2008-07-21 12:54 <DIR> d-------- C:\Program Files\Sophos
2008-07-21 12:52 . 2007-11-20 12:26 <DIR> d-------- C:\sav_install
2008-07-21 12:37 . 2008-08-18 21:25 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-21 10:33 . 2008-07-21 10:33 <DIR> d-------- C:\Program Files\AC3Filter
2008-07-21 10:33 . 2008-07-09 10:05 421,888 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-07-21 10:29 . 2008-07-21 10:29 <DIR> d-------- C:\Program Files\Xvid
2008-07-21 10:25 . 2008-07-21 10:25 <DIR> d-------- C:\Program Files\KC Softwares
2008-07-19 15:27 . 2008-07-19 15:27 <DIR> d-------- C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\Mumble
2008-07-19 15:21 . 2008-07-19 16:06 <DIR> d-------- C:\Program Files\Mumble
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 21:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-18 19:03 --------- d-----w C:\Program Files\PeerGuardian2
2008-08-18 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-18 18:21 --------- d-----w C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\uTorrent
2008-08-18 18:17 --------- d-----w C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\Orbit
2008-08-18 15:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-17 22:25 --------- d-----w C:\Program Files\Xfire
2008-08-17 22:25 --------- d-----w C:\Program Files\Steam
2008-08-17 22:25 --------- d-----w C:\Program Files\eMule
2008-08-17 22:21 --------- d-----w C:\Program Files\Orbitdownloader
2008-08-17 22:19 --------- d-----w C:\Program Files\LucasArts
2008-08-15 13:26 --------- d-----w C:\Program Files\Power Tab Software
2008-08-14 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-07 15:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-26 15:31 23 ----a-w C:\Documents and Settings\Tine a.k.a Pepc619\jagex_runescape_preferences.dat
2008-07-21 10:47 --------- d-----w C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\SUPERAntiSpyware.com
2008-07-21 10:46 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-21 10:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-20 00:30 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-16 20:59 --------- d-----w C:\Program Files\Sublight
2008-07-15 21:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-14 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-14 21:36 --------- d-----w C:\Program Files\QuickTime
2008-07-14 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-12 17:20 --------- d-----w C:\Program Files\Magic Video Converter
2008-07-11 15:15 --------- d-----w C:\Program Files\Java
2008-07-10 23:09 --------- d-----w C:\Program Files\Uniblue
2008-07-10 23:08 --------- d-----w C:\Program Files\Moyea
2008-07-10 22:38 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-10 20:20 --------- d-----w C:\Program Files\AVG
2008-07-10 17:30 --------- d-----w C:\Program Files\Trend Micro
2008-07-09 10:10 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-07-09 10:04 --------- d-----w C:\Program Files\MagicISO
2008-07-07 14:27 --------- d-----w C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\Moyea
2008-07-06 10:52 --------- d-----w C:\Program Files\FLV Player
2008-07-06 10:15 --------- d-----w C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\Apple Computer
2008-07-06 09:53 --------- d-----w C:\Program Files\Apple Software Update
2008-07-06 09:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-03 14:08 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-03 04:41 --------- d-----w C:\Program Files\ONWIND
2008-07-02 23:23 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-02 23:16 --------- d-----w C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\Launchy
2008-07-02 23:14 --------- d-----w C:\Program Files\Launchy
2008-06-30 22:20 --------- d-----w C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\Xfire
2008-06-27 11:29 --------- d-----w C:\Program Files\CFToolbox
2008-06-27 08:42 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-26 03:02 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-25 00:37 --------- d-----w C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\Warsow
2008-06-22 22:42 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-22 22:42 249,856 ------w C:\WINDOWS\Setup1.exe
2008-06-22 22:41 --------- d-----w C:\Program Files\AV Music Morpher Gold
2008-06-22 21:58 --------- d-----w C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\LimeWire
2008-06-22 21:32 --------- d-----w C:\Program Files\Audacity
2008-06-21 22:23 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-20 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-06-20 17:27 --------- d-----w C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\Uniblue
2008-06-20 12:55 --------- d-----w C:\Program Files\R-Studio
2008-06-20 12:35 53,088 ----a-w C:\WINDOWS\system32\drivers\Tetri5.sys
2008-06-20 12:21 48,928 ----a-w C:\WINDOWS\system32\drivers\Tetris.sys
2008-06-20 12:20 137,344 ----a-w C:\WINDOWS\system32\drivers\litsgt.sys
2008-06-20 12:20 12,032 ----a-w C:\WINDOWS\system32\drivers\tansgt.sys
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 12:18 --------- d-----w C:\Program Files\Audio Phonics, Inc
2008-06-19 00:38 --------- d-----w C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\Ludia
2008-06-19 00:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ludia
2008-06-19 00:23 --------- d-----w C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\Nokia
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-05-09 16:55 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-08-02 20:33:27 245760]
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2008-07-03 00:56:36 274432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2008-05-19 15:24 91432 C:\Program Files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2008-05-09 16:55 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
--a------ 2007-11-30 17:16 14450688 C:\Program Files\inKline Global\PC Booster\PCBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
--------- 2007-12-14 11:36 50472 C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 02:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-07-01 00:17 1271032 C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"C:\\Program Files\\Steam\\steamapps\\norhid\\Counter-Strike\\hl.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Steam\\steamapps\\norhid\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Documents and Settings\\Tine a.k.a Pepc619\\Desktop\\warsow_0.42_unified_www.g4g.it\\warsow_x86.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62614:TCP"= 62614:TCP:89.142.3.191/255.255.255.255:Enabled:Tine a.k.a Pepc619
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-08-18 22:01]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 17:49]
R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2008-07-21 12:54]
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2008-07-21 12:54]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-05-15 12:07]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-08-18 22:01]
R2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2008-06-20 14:20]
R2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2008-06-20 14:20]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
R3 Tetri5;Tetri5 driver;C:\WINDOWS\system32\Drivers\Tetri5.sys [2008-06-20 14:35]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-06-20 14:21]
R3 TotRec7;Total Recorder WDM audio driver;C:\WINDOWS\system32\drivers\TotRec7.sys [2008-04-17 01:34]
S1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.sys []
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2001-08-23 16:00]
.
Contents of the 'Scheduled Tasks' folder
2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-08-12 C:\WINDOWS\Tasks\IT Services Recommended Weekly Scan.job
- C:\Program Files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2008-07-21 12:54]
2008-08-12 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-05-14 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-07-09 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
2008-08-18 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-07-21 12:34]
2008-07-29 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-07-21 12:34]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-d84bc3b0 - C:\WINDOWS\system32\rxtfeaaj.dll
HKLM-Run-BMdb78f02c - C:\WINDOWS\system32\hbcjlmmm.dll
Notify-WgaLogon - (no file)
MSConfigStartUp-SUPERAntiSpyware - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Tine a.k.a Pepc619\Application Data\Mozilla\Firefox\Profiles\1tdwycp5.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.enomesto.com/
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 22:57:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-08-18 23:10:48 - machine was rebooted [Tine a.k.a Pepc619]
ComboFix-quarantined-files.txt 2008-08-18 21:09:40
Pre-Run: 13,569,150,976 bytes free
Post-Run: 13,452,779,520 bytes free
324 --- E O F --- 2008-08-14 11:42:37
Edited by Pepc619, 18 August 2008 - 03:36 PM.
Sign In
Create Account
