ComboFix 08-01-23.1 - Gordon 2008-01-24 4:27:34.2 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.222 [GMT 0:00]
Running from: C:\Documents and Settings\Gordon\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gordon\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE
C:\WINDOWS\aslpmqk.dll
C:\WINDOWS\bxsnvqt.dll
C:\WINDOWS\fknxwqf.exe
C:\WINDOWS\lihcp.exe
C:\WINDOWS\tqz.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Gordon\Favorites\Error Cleaner.url
C:\Documents and Settings\Gordon\Favorites\Privacy Protector.url
C:\Documents and Settings\Gordon\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\aslpmqk.dll
C:\WINDOWS\bxsnvqt.dll
C:\WINDOWS\fknxwqf.exe
----- BITS: Possible infected sites -----
hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
.
2008-01-22 20:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-21 23:26 . 2008-01-21 23:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 17:55 . 2008-01-21 17:55 <DIR> d-------- C:\Program Files\Google
2008-01-21 17:42 . 2008-01-21 17:42 <DIR> d--hs---- C:\FOUND.062
2007-12-25 16:07 . 2007-12-25 16:07 <DIR> d-------- C:\Program Files\MSXML 4.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 16:40 8,597,058 --sh--r C:\AVG6DB_F.DAT
2008-01-21 16:37 5,202,432 ----a-w C:\WINDOWS\Internet Logs\xDB2DF.tmp
2008-01-21 16:37 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB2E0.tmp
2008-01-21 16:03 59,392 ----a-w C:\WINDOWS\Internet Logs\xDB2DE.tmp
2008-01-21 16:03 5,202,432 ----a-w C:\WINDOWS\Internet Logs\xDB2DD.tmp
2007-12-24 22:02 5,187,584 ----a-w C:\WINDOWS\Internet Logs\xDB2DB.tmp
2007-12-24 20:38 30,720 ----a-w C:\WINDOWS\Internet Logs\xDB2DC.tmp
2007-12-14 22:17 5,186,048 ----a-w C:\WINDOWS\Internet Logs\xDB2D9.tmp
2007-12-14 19:43 49,152 ----a-w C:\WINDOWS\Internet Logs\xDB2DA.tmp
2007-11-27 11:33 5,177,344 ----a-w C:\WINDOWS\Internet Logs\xDB2D6.tmp
2007-11-27 11:33 39,936 ----a-w C:\WINDOWS\Internet Logs\xDB2D8.tmp
2007-11-13 21:21 5,163,008 ----a-w C:\WINDOWS\Internet Logs\xDB2D5.tmp
2007-11-13 11:34 33,280 ----a-w C:\WINDOWS\Internet Logs\xDB2D7.tmp
2007-11-02 14:33 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB2D4.tmp
2007-11-02 14:06 5,147,136 ----a-w C:\WINDOWS\Internet Logs\xDB2D2.tmp
2007-10-30 00:08 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-30 00:08 286,720 ------w C:\WINDOWS\Setup1.exe
2007-10-27 22:38 5,141,504 ----a-w C:\WINDOWS\Internet Logs\xDB2D1.tmp
2007-10-27 21:03 39,424 ----a-w C:\WINDOWS\Internet Logs\xDB2D3.tmp
2007-10-22 18:25 5,136,896 ----a-w C:\WINDOWS\Internet Logs\xDB2D0.tmp
2007-10-22 00:11 5,136,896 ----a-w C:\WINDOWS\Internet Logs\xDB2CF.tmp
2007-10-20 00:23 55,296 ----a-w C:\WINDOWS\Internet Logs\xDB2CE.tmp
2007-10-20 00:23 5,143,040 ----a-w C:\WINDOWS\Internet Logs\xDB2CC.tmp
2007-10-01 13:05 76,288 ----a-w C:\WINDOWS\Internet Logs\xDB2CD.tmp
2007-10-01 13:05 5,106,688 ----a-w C:\WINDOWS\Internet Logs\xDB2CB.tmp
2007-09-20 07:17 96,768 ----a-w C:\WINDOWS\Internet Logs\xDB2CA.tmp
2007-09-20 06:17 5,085,184 ----a-w C:\WINDOWS\Internet Logs\xDB2C9.tmp
2007-09-11 22:52 5,093,376 ----a-w C:\WINDOWS\Internet Logs\xDB2C7.tmp
2007-09-06 20:20 5,083,648 ----a-w C:\WINDOWS\Internet Logs\xDB2C6.tmp
2007-09-06 19:56 75,264 ----a-w C:\WINDOWS\Internet Logs\xDB2C8.tmp
2007-08-21 21:26 5,074,432 ----a-w C:\WINDOWS\Internet Logs\xDB2C3.tmp
2007-08-21 21:26 33,280 ----a-w C:\WINDOWS\Internet Logs\xDB2C5.tmp
2007-08-19 16:42 5,074,432 ----a-w C:\WINDOWS\Internet Logs\xDB2C2.tmp
2007-08-19 16:42 37,376 ----a-w C:\WINDOWS\Internet Logs\xDB2C4.tmp
2007-08-15 15:40 5,045,248 ----a-w C:\WINDOWS\Internet Logs\xDB2C0.tmp
2007-08-15 15:40 120,320 ----a-w C:\WINDOWS\Internet Logs\xDB2C1.tmp
2007-07-28 15:19 5,004,288 ----a-w C:\WINDOWS\Internet Logs\xDB2BE.tmp
2007-07-28 15:19 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2BF.tmp
2007-07-28 03:35 14,848 ----a-w C:\WINDOWS\Internet Logs\xDB2BD.tmp
2007-07-28 03:34 57,856 ----a-w C:\WINDOWS\Internet Logs\xDB2BB.tmp
2007-07-28 03:34 5,004,288 ----a-w C:\WINDOWS\Internet Logs\xDB2BC.tmp
2007-07-28 03:34 5,004,288 ----a-w C:\WINDOWS\Internet Logs\xDB2B9.tmp
2007-07-19 16:30 4,998,656 ----a-w C:\WINDOWS\Internet Logs\xDB2B8.tmp
2007-07-19 16:30 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB2BA.tmp
2007-07-17 17:45 4,995,584 ----a-w C:\WINDOWS\Internet Logs\xDB2B5.tmp
2007-07-17 17:45 31,744 ----a-w C:\WINDOWS\Internet Logs\xDB2B6.tmp
2007-07-10 08:46 78,336 ----a-w C:\WINDOWS\Internet Logs\xDB2B7.tmp
2007-07-10 08:46 4,994,048 ----a-w C:\WINDOWS\Internet Logs\xDB2B4.tmp
2007-06-29 12:50 4,958,720 ----a-w C:\WINDOWS\Internet Logs\xDB2B3.tmp
2007-06-26 10:26 35,840 ----a-w C:\WINDOWS\Internet Logs\xDB2B2.tmp
2007-06-26 09:42 4,960,256 ----a-w C:\WINDOWS\Internet Logs\xDB2B1.tmp
2007-06-24 03:16 4,962,816 ----a-w C:\WINDOWS\Internet Logs\xDB2AE.tmp
2007-06-24 03:16 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB2B0.tmp
2007-06-21 17:58 6,029,312 ----a-w C:\WINDOWS\Internet Logs\xDB2AD.tmp
2007-06-21 17:58 36,864 ----a-w C:\WINDOWS\Internet Logs\xDB2AF.tmp
2007-06-20 01:35 36,864 ----a-w C:\WINDOWS\Internet Logs\xDB2AC.tmp
2007-06-20 01:31 4,996,096 ----a-w C:\WINDOWS\Internet Logs\xDB2AB.tmp
2007-06-18 04:03 4,958,720 ----a-w C:\WINDOWS\Internet Logs\xDB2A9.tmp
2007-06-17 16:41 25,088 ----a-w C:\WINDOWS\Internet Logs\xDB2AA.tmp
2007-06-15 23:36 4,958,720 ----a-w C:\WINDOWS\Internet Logs\xDB2A7.tmp
2007-06-15 23:36 26,624 ----a-w C:\WINDOWS\Internet Logs\xDB2A8.tmp
2007-06-15 03:04 1,081,344 ----a-w C:\WINDOWS\Internet Logs\xDB2A6.tmp
2007-06-15 03:03 4,959,232 ----a-w C:\WINDOWS\Internet Logs\xDB2A5.tmp
2007-06-10 07:44 19,968 ----a-w C:\WINDOWS\Internet Logs\xDB2A4.tmp
2007-06-10 07:41 4,917,248 ----a-w C:\WINDOWS\Internet Logs\xDB2A3.tmp
2007-06-09 23:53 4,917,248 ----a-w C:\WINDOWS\Internet Logs\xDB2A1.tmp
2007-06-09 23:53 31,232 ----a-w C:\WINDOWS\Internet Logs\xDB2A2.tmp
2007-06-08 14:24 4,917,248 ----a-w C:\WINDOWS\Internet Logs\xDB29F.tmp
2007-06-08 14:24 36,352 ----a-w C:\WINDOWS\Internet Logs\xDB2A0.tmp
2007-06-05 08:18 85,504 ----a-w C:\WINDOWS\Internet Logs\xDB29E.tmp
2007-06-05 08:18 4,960,256 ----a-w C:\WINDOWS\Internet Logs\xDB29D.tmp
2007-05-25 01:44 85,504 ----a-w C:\WINDOWS\Internet Logs\xDB29B.tmp
2007-05-25 01:43 4,893,696 ----a-w C:\WINDOWS\Internet Logs\xDB29A.tmp
2007-05-13 00:18 66,048 ----a-w C:\WINDOWS\Internet Logs\xDB29C.tmp
2007-05-13 00:18 4,891,648 ----a-w C:\WINDOWS\Internet Logs\xDB299.tmp
2007-05-05 07:25 148,992 ----a-w C:\WINDOWS\Internet Logs\xDB298.tmp
2007-05-05 07:13 4,891,648 ----a-w C:\WINDOWS\Internet Logs\xDB296.tmp
2007-04-13 05:14 55,296 ----a-w C:\WINDOWS\Internet Logs\xDB297.tmp
2007-04-13 05:14 4,879,872 ----a-w C:\WINDOWS\Internet Logs\xDB295.tmp
2007-04-06 07:58 384,512 ----a-w C:\WINDOWS\Internet Logs\xDB294.tmp
2007-04-06 07:54 4,864,512 ----a-w C:\WINDOWS\Internet Logs\xDB293.tmp
2007-04-02 07:20 4,864,000 ----a-w C:\WINDOWS\Internet Logs\xDB291.tmp
2007-04-02 07:20 273,920 ----a-w C:\WINDOWS\Internet Logs\xDB292.tmp
2007-03-17 04:58 465,408 ----a-w C:\WINDOWS\Internet Logs\xDB290.tmp
2007-03-17 04:57 4,850,176 ----a-w C:\WINDOWS\Internet Logs\xDB28F.tmp
2007-03-08 04:33 4,849,664 ----a-w C:\WINDOWS\Internet Logs\xDB28D.tmp
2007-03-08 04:33 374,272 ----a-w C:\WINDOWS\Internet Logs\xDB28E.tmp
2007-03-04 00:43 1,081,344 ----a-w C:\WINDOWS\Internet Logs\xDB28C.tmp
2007-03-04 00:25 4,840,448 ----a-w C:\WINDOWS\Internet Logs\xDB28B.tmp
2007-03-03 07:33 25,088 ----a-w C:\WINDOWS\Internet Logs\xDB28A.tmp
2007-03-03 07:32 4,840,448 ----a-w C:\WINDOWS\Internet Logs\xDB289.tmp
2007-03-03 00:12 739,840 ----a-w C:\WINDOWS\Internet Logs\xDB288.tmp
2007-03-03 00:11 4,840,448 ----a-w C:\WINDOWS\Internet Logs\xDB287.tmp
2007-02-20 05:34 4,820,480 ----a-w C:\WINDOWS\Internet Logs\xDB285.tmp
2007-02-20 05:34 1,966,080 ----a-w C:\WINDOWS\Internet Logs\xDB286.tmp
2007-01-26 08:51 4,793,344 ----a-w C:\WINDOWS\Internet Logs\xDB283.tmp
2007-01-26 08:51 219,136 ----a-w C:\WINDOWS\Internet Logs\xDB284.tmp
2007-01-23 16:15 4,793,344 ----a-w C:\WINDOWS\Internet Logs\xDB281.tmp
2007-01-23 16:15 1,108,992 ----a-w C:\WINDOWS\Internet Logs\xDB282.tmp
2007-01-10 15:41 815,104 ----a-w C:\WINDOWS\Internet Logs\xDB280.tmp
2004-10-19 19:46 8 --sh--w C:\WINDOWS\All Users\DRM\pdrm.dat
.
((((((((((((((((((((((((((((( snapshot@2008-01-23_20.48.41.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-22 20:41:38 593,920 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000001\NTUSER.DAT
+ 2008-01-24 04:27:12 598,016 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000001\NTUSER.DAT
- 2008-01-22 20:41:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000002\UsrClass.dat
+ 2008-01-24 04:27:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000002\UsrClass.dat
- 2008-01-22 20:41:38 593,920 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000003\NTUSER.DAT
+ 2008-01-24 04:27:12 593,920 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000003\NTUSER.DAT
- 2008-01-22 20:41:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000004\UsrClass.dat
+ 2008-01-24 04:27:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000004\UsrClass.dat
- 2008-01-22 20:41:42 6,549,504 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000005\ntuser.dat
+ 2008-01-24 04:27:14 6,549,504 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000005\ntuser.dat
- 2008-01-22 20:41:42 110,592 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000006\UsrClass.dat
+ 2008-01-24 04:27:14 110,592 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000006\UsrClass.dat
+ 2000-08-31 08:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
- 2008-01-22 20:42:18 618,496 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\ntuser.dat
+ 2008-01-24 04:27:28 618,496 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 12:00 13312]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"ares"="C:\Program Files\Ares\Ares.exe" [2006-03-13 03:35 1233408]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-07-19 08:28 6150456]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"GreedyTorrent"="C:\Program Files\GreedyTorrent\GTor.exe" [2007-03-08 11:09 2526661]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-03-28 00:04 190696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 09:42 35328]
"C-Media Echo Control"="C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 16:47 147456]
"AVG_CC"="C:\Program Files\Grisoft\AVG6\avgcc32.exe" [2003-09-10 18:02 345661]
"Zone Labs Client"="C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2004-04-01 09:30 693520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-03 17:57 180269]
"WD Button Manager"="WDBtnMgr.exe" [2007-03-06 17:28 364544 C:\WINDOWS\SYSTEM32\WDBtnMgr.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-23 12:00 13312]
C:\Documents and Settings\Gordon\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-02 12:12:58 113664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
Logitech Desktop Messenger.lnk - C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe [2003-08-23 23:58:23 156160]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-02 12:12:58 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 16:05:52 2297856]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-21 17:56:15 124400]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"= 16777216 (0x1000000)
"NoSetActiveDesktop"= 16777216 (0x1000000)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"= 16777216 (0x1000000)
"NoSetActiveDesktop"= 16777216 (0x1000000)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2006-03-13 03:35 1233408 C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-01-28 09:16 1228800 C:\WINDOWS\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2002-11-02 07:33 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-09-14 21:09 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-28 09:14 270648 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa Lite K++\kpp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-03-28 14:18 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"ati"=
"EnsoniqMixer"=starter.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"C-Media Echo Control"=C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
"C-Media Mixer"=Mixer.exe /startup
"ICSMGR"=ICSMGR.EXE
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
"LexStart"=lexstart.exe
"AVG_CC"=C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
"LoadQM"=loadqm.exe
R0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys [2002-11-28 11:43]
R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-22 07:14]
R2 AvgCore;AVG6 Kernel;C:\PROGRA~1\Grisoft\AVG6\avgcore.sys [2004-04-23 18:01]
R2 AvgFsh;AVG6 Rezident Driver;C:\PROGRA~1\Grisoft\AVG6\avgfsh.sys [2003-09-10 18:02]
R2 AvgServ;AVG6 Service;C:\PROGRA~1\Grisoft\AVG6\avgserv.exe [2004-06-03 18:01]
R3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\System32\DRIVERS\FA312nd5.sys [2001-08-17 12:12]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\System32\DRIVERS\wg111v2.sys [2006-03-27 17:53]
*Newly Created Service* - PGFILTER
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser]
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 19:00:02 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2008-01-20 04:42:02 C:\WINDOWS\Tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_Andrew.job"
"2008-01-24 04:06:04 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job"
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE
"2008-01-24 04:20:02 C:\WINDOWS\Tasks\Uninstall Expiration Reminder.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2008-01-24 04:30:02 C:\WINDOWS\Tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_ANDREW_Andrew.job"
- C:\WINDOWS\system32\mobsync.exeB /Schedule=
"2008-01-20 04:33:02 C:\WINDOWS\Tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_ANDREW_Gordon.job"
- C:\WINDOWS\system32\mobsync.exeB /Schedule=
"2008-01-20 04:52:02 C:\WINDOWS\Tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_ANDREW_Guest.job"
- C:\WINDOWS\system32\mobsync.exeA /Schedule=
"2008-01-04 12:50:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-24 04:31:03
Windows 5.1.2600 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-24 4:31:46
ComboFix-quarantined-files.txt 2008-01-24 04:31:44
ComboFix2.txt 2008-01-23 20:49:12
.
2007-12-25 16:11:57 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:33:04, on 1/24/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\WINDOWS\System32\lexpps.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\GreedyTorrent\GTor.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~3\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarerefer...=...6Ojg5&lid=2R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8D93C595-DA51-48D5-AB81-BD26953427A4} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {8D911181-10AA-4B3E-BC7F-8D4AD359921B} - (no file)
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [GreedyTorrent] "C:\Program Files\GreedyTorrent\GTor.exe" -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [tqz] C:\WINDOWS\tqz.exe
O4 - HKCU\..\Run: [lihcp] C:\WINDOWS\lihcp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zon...kr.cab56986.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1094218453858O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zon...er.cab56986.cabO21 - SSODL: bxsnvqt - {C4F4CA8B-8FDD-40EB-96BE-C083379A9E90} - C:\WINDOWS\bxsnvqt.dll (file missing)
O21 - SSODL: aslpmqk - {FAFE1F4A-CAAD-46FE-8F92-460216CE3565} - C:\WINDOWS\aslpmqk.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: Trend Virus Calendar -
http://www.antivirus...c98/desktop.htm--
End of file - 9152 bytes
This topic is locked
Sign In
Create Account
