*** Hijack Log ***
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:04 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {076E87FE-1A1F-4057-B8B9-5BC1225F7CBF} - C:\Program Files\MSN Gaming Zone\lavu.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2D812E56-AFD2-4C7F-87B4-1C7B1CF3D5D8} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {4C11BBBE-0251-5FAB-0212-2B00B8BD8BC6} - C:\WINDOWS\system32\guw.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6AF0FE17-0786-4BB2-9EC9-99B6701F6285} - C:\Program Files\Windows Media Player\hokemoqy83122.dll (file missing)
O2 - BHO: 0 - {8A615191-1BF8-4119-BF89-17F73F0CEE5F} - (no file)
O2 - BHO: 0 - {900E4750-38A0-4F33-4291-5AA2B625A255} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C5DDC4D2-DD00-401E-BF17-0CAFABAAFFC6} - C:\WINDOWS\system32\awtqp.dll (file missing)
O2 - BHO: (no name) - {D3F4220C-5E69-4EC9-8239-357483D1DE80} - C:\Program Files\Windows Media Player\hokemoqy4444.dll (file missing)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Osus] "C:\DOCUME~1\Jason\APPLIC~1\ASKS~1\spoolsv.exe" -vt yazb
O4 - HKCU\..\Run: [Rvvmjin] C:\WINDOWS\S?mantec\?ti2evxx.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fccccyv - C:\WINDOWS\
O20 - Winlogon Notify: obttjnqr - obttjnqr.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPNBC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
--
End of file - 9126 bytes
*** Combofix Log ***
ComboFix 08-02.05.1 - Jason 2008-02-04 12:39:17.1 - NTFSx86
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jason\Application Data\ASKS~1
C:\Documents and Settings\Jason\Application Data\ASKS~1\?asks\
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\bXlyYQ\
C:\WINDOWS\smante~1
C:\WINDOWS\smante~1\?ti2evxx.exe
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\obttjnqr.dllbox
C:\WINDOWS\system32\onscqnrq.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\uninstall_nmon.vbs
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService
-------\Network Monitor
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.
2008-02-04 11:50 . 2008-02-04 11:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 10:40 . 2008-01-31 10:57 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-31 10:40 . 2008-01-31 10:40 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-31 10:35 . 2008-01-31 10:35 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-31 10:35 . 2008-02-04 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-31 10:35 . 2008-02-04 12:50 3,920,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-31 10:35 . 2008-02-04 12:48 53,540 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-31 10:35 . 2008-02-04 12:49 11,808 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-31 10:35 . 2008-02-04 12:48 2,156 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-31 10:33 . 2008-01-31 10:33 <DIR> d-------- C:\kav
2008-01-29 15:42 . 2008-01-29 15:42 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-29 15:40 . 2008-01-29 15:40 72,566 --a------ C:\WINDOWS\system32\GameFly_2.ico
2008-01-29 10:38 . 2008-01-29 15:26 22 --a------ C:\WINDOWS\pskt.ini
2008-01-28 18:47 . 2008-01-30 13:50 <DIR> d-------- C:\WINDOWS\system32\wnis6
2008-01-28 18:47 . 2008-01-29 16:42 <DIR> d-------- C:\WINDOWS\system32\nip4
2008-01-28 18:47 . 2008-01-31 11:14 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-28 18:47 . 2008-01-28 18:47 <DIR> d-------- C:\WINDOWS\system32\ets1
2008-01-28 18:47 . 2008-01-28 20:24 <DIR> d-------- C:\WINDOWS\system32\comg9
2008-01-28 18:47 . 2008-01-28 18:47 <DIR> d-------- C:\Temp\gTiis19
2008-01-28 18:47 . 2008-01-28 18:47 <DIR> d-------- C:\Temp\cXzz9
2008-01-28 18:47 . 2008-02-04 12:40 <DIR> d-------- C:\Temp
2008-01-27 18:08 . 2008-01-27 18:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Canon
2008-01-27 15:54 . 1996-07-01 00:00 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2008-01-27 15:30 . 2008-01-27 15:30 <DIR> d--h----- C:\CanoScan
2008-01-27 15:30 . 2002-05-24 03:04 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
2008-01-27 15:30 . 2002-04-12 20:23 339,968 --a------ C:\WINDOWS\system32\N124UFW.dll
2008-01-27 15:30 . 2002-09-27 14:56 69,632 --a------ C:\WINDOWS\system32\CNQU70.DLL
2008-01-11 08:12 . 2008-01-11 08:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-01-11 08:11 . 2008-01-11 08:11 <DIR> d-------- C:\Program Files\Uniblue
2008-01-11 08:11 . 2008-01-11 08:11 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Uniblue
2008-01-07 05:23 . 1998-08-26 20:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-01-07 05:23 . 1998-08-20 03:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-01-07 05:23 . 1998-09-02 00:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-01-07 05:22 . 1998-09-02 00:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-01-07 05:22 . 1998-09-02 00:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-01-07 05:22 . 1998-08-17 01:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-01-07 05:22 . 1998-08-17 01:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-01-07 05:22 . 1998-08-17 01:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-01-07 05:22 . 2008-01-07 05:22 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-01-07 05:22 . 2008-01-07 05:22 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-01-07 05:22 . 2008-01-07 05:34 11 --a------ C:\trace.ini
2008-01-07 05:21 . 2008-01-07 05:21 <DIR> d-------- C:\Program Files\Auralog
2008-01-05 11:23 . 2008-01-05 11:23 0 --a------ C:\WINDOWS\iplayer.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 05:29 --------- d-----w C:\Documents and Settings\Jason\Application Data\Skype
2008-01-30 03:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 03:52 --------- d-----w C:\Program Files\Toshiba
2008-01-28 21:30 --------- d-----w C:\Documents and Settings\Jason\Application Data\ZoomBrowser EX
2008-01-28 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-01-28 00:50 --------- d-----w C:\Program Files\Canon
2008-01-28 00:01 --------- d-----w C:\Program Files\ArcSoft
2008-01-26 04:39 --------- d-----w C:\Documents and Settings\Jason\Application Data\uTorrent
2008-01-05 20:31 --------- d-----w C:\Program Files\DivX
2007-12-31 17:49 --------- d-----w C:\Program Files\AC3Filter
2007-12-31 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-25 14:01 --------- d-----w C:\Program Files\eFax Messenger 4.3
2007-12-25 14:01 --------- d-----w C:\Documents and Settings\Jason\Application Data\eFax Messenger
2007-12-25 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
2007-12-25 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
2007-12-18 08:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-16 18:56 --------- d-----w C:\Program Files\Litsoft
2007-12-16 18:55 140,288 ----a-w C:\WINDOWS\~GLC0000.TMP
2007-12-15 16:30 --------- d-----w C:\Documents and Settings\Jason\Application Data\Yahoo!
2007-12-13 21:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-12-10 14:47 --------- d-----w C:\Program Files\Audacity
2007-12-10 14:19 --------- d-----w C:\Program Files\Bulent's Screen Recorder 4
2007-12-08 15:36 --------- d-----w C:\Program Files\eMule
2004-10-10 15:03 169,808 ----a-w C:\Documents and Settings\myra\Application Data\shb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{076E87FE-1A1F-4057-B8B9-5BC1225F7CBF}]
C:\Program Files\MSN Gaming Zone\lavu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D812E56-AFD2-4C7F-87B4-1C7B1CF3D5D8}]
C:\WINDOWS\system32\vtsqq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C11BBBE-0251-5FAB-0212-2B00B8BD8BC6}]
C:\WINDOWS\system32\guw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AF0FE17-0786-4BB2-9EC9-99B6701F6285}]
C:\Program Files\Windows Media Player\hokemoqy83122.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A615191-1BF8-4119-BF89-17F73F0CEE5F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{900E4750-38A0-4F33-4291-5AA2B625A255}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5DDC4D2-DD00-401E-BF17-0CAFABAAFFC6}]
C:\WINDOWS\system32\awtqp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3F4220C-5E69-4EC9-8239-357483D1DE80}]
C:\Program Files\Windows Media Player\hokemoqy4444.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Osus"="C:\DOCUME~1\Jason\APPLIC~1\ASKS~1\spoolsv.exe" [ ]
"Rvvmjin"="C:\WINDOWS\S?mantec\?ti2evxx.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 17:38 54472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccccyv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\obttjnqr]
obttjnqr.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=C:\WINDOWS\pss\eFax 4.3.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
--a------ 2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
--a------ 2003-04-15 20:01 258048 C:\WINDOWS\System32\00THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2003-03-26 10:15 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-04-18 11:20 88363 C:\WINDOWS\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0b\AOL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLCC]
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2003-07-17 17:38 159744 C:\Program Files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]
--a------ 2003-11-05 05:38 1380352 C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
--a------ 2007-03-06 09:21 116224 C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 10:29 40960 C:\WINDOWS\system32\ezSP_Px.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1100834960\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2003-04-07 00:07 114688 C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-06-21 02:40 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2003-04-07 00:19 155648 C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-03-27 07:57 126104 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2003-01-02 16:16 172032 C:\Program Files\ltmoh\Ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
--a------ 2004-08-01 13:47 102672 C:\Program Files\NetZero\exec.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
--a------ 2003-10-20 09:39 159744 c:\toshiba\ivp\ism\pinger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-04-09 04:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-11-18 19:32 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w]
--a------ 2004-05-13 03:38 258114 C:\Program Files\NZSearch\hcm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
--a------ 2003-10-15 16:03 73728 C:\WINDOWS\system32\TFNF5.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2003-09-05 03:24 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
--a------ 2003-01-21 18:00 126976 C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2003-11-19 21:15 278528 C:\WINDOWS\system32\TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2002-06-06 01:07]
R2 BsUDF;B.H.A UDF Filesystem;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-11-04 11:50]
R2 Dynex DX-WGPNBC WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 15:08]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 pciSd;pciSd;C:\WINDOWS\system32\DRIVERS\tossdpci.sys [2003-02-12 09:03]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]
S3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\system32\DRIVERS\tsdhd.sys [2003-05-14 17:38]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 05:16:52 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 12:51:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
.
Completion time: 2008-02-04 13:00:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 21:00:11
.
2008-01-09 15:24:47 --- E O F ---
*** Anti-Malware Log ***
Malwarebytes' Anti-Malware 1.02
Database version: 318
Scan type: Full Scan (C:\|)
Objects scanned: 84581
Time elapsed: 35 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP2\A0000004.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP2\A0000005.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ets1\ovstadcom2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
*** End ***