|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:59 PM, on 10/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Linksys EasyLink Advisor\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Fix ME\2007\HJT\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\GENERIC\USB Card Reader Driver v2.3\FlashIcon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe" O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe" O4 - HKCU\..\RunOnce: [SpybotDeletingB3847] command /c del "C:\Program Files\VnrBlock\xtarga.gz" O4 - HKCU\..\RunOnce: [SpybotDeletingD2922] cmd /c del "C:\Program Files\VnrBlock\xtarga.gz" O4 - HKCU\..\RunOnce: [SpybotDeletingB3648] command /c del "C:\Program Files\GetPack\trgtame.gz" O4 - HKCU\..\RunOnce: [SpybotDeletingD1756] cmd /c del "C:\Program Files\GetPack\trgtame.gz" O4 - HKCU\..\RunOnce: [SpybotDeletingB5288] command /c del "C:\WINDOWS\system32\rvcrjbgc.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD1967] cmd /c del "C:\WINDOWS\system32\rvcrjbgc.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB3900] command /c del "C:\WINDOWS\system32\ailxhnsb.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD1851] cmd /c del "C:\WINDOWS\system32\ailxhnsb.dll_old" O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195537941859O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195560842125O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: ovmtcj.dll ugxhjy.dll ruyswv.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe --
End of file - 12531 bytes
Generated 10/05/2008 at 05:20 PM
Application Version : 3.9.1008
Core Rules Database Version : 3589
Trace Rules Database Version: 1576
Scan type : Complete Scan
Total Scan Time : 01:45:10
Memory items scanned : 557
Memory threats detected : 7
Registry items scanned : 6935
Registry threats detected : 36
File items scanned : 74478
File threats detected : 110
Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\OVMTCJ.DLL
C:\WINDOWS\SYSTEM32\OVMTCJ.DLL
C:\WINDOWS\SYSTEM32\UGXHJY.DLL
C:\WINDOWS\SYSTEM32\UGXHJY.DLL
C:\WINDOWS\SYSTEM32\RUYSWV.DLL
C:\WINDOWS\SYSTEM32\RUYSWV.DLL
Adware.Vundo/Variant
C:\WINDOWS\SYSTEM32\WINDGJ32.DLL
C:\WINDOWS\SYSTEM32\WINDGJ32.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\windgj32
Adware.Vundo Variant/OE
C:\WINDOWS\SYSTEM32\BYXPPMDA.DLL
C:\WINDOWS\SYSTEM32\BYXPPMDA.DLL
C:\WINDOWS\SYSTEM32\WVUMJICY.DLL
C:\WINDOWS\SYSTEM32\WVUMJICY.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6911B3AD-EEA6-43C8-97AE-A82406DEB263}
HKCR\CLSID\{6911B3AD-EEA6-43C8-97AE-A82406DEB263}
HKCR\CLSID\{6911B3AD-EEA6-43C8-97AE-A82406DEB263}\InprocServer32
HKCR\CLSID\{6911B3AD-EEA6-43C8-97AE-A82406DEB263}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A982037A-5FA0-44BD-8BB8-BCE93EBBDFE8}
HKCR\CLSID\{A982037A-5FA0-44BD-8BB8-BCE93EBBDFE8}
HKCR\CLSID\{A982037A-5FA0-44BD-8BB8-BCE93EBBDFE8}\InprocServer32
HKCR\CLSID\{A982037A-5FA0-44BD-8BB8-BCE93EBBDFE8}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{A982037A-5FA0-44BD-8BB8-BCE93EBBDFE8}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\byXppMdA
C:\WINDOWS\SYSTEM32\BFEVGNSB.DLL
C:\WINDOWS\SYSTEM32\EKMSBEOB.DLL
C:\WINDOWS\SYSTEM32\FCCAXOEX.DLL
C:\WINDOWS\SYSTEM32\IEHCWPHX.DLL
C:\WINDOWS\SYSTEM32\ILJOHPPD.DLL
C:\WINDOWS\SYSTEM32\ILLBYIKH.DLL
C:\WINDOWS\SYSTEM32\JSDJNSET.DLL
C:\WINDOWS\SYSTEM32\LBSJCXCB.DLL
C:\WINDOWS\SYSTEM32\MTRNUSTN.DLL
C:\WINDOWS\SYSTEM32\OBJPUPEX.DLL
C:\WINDOWS\SYSTEM32\WAIYDSCC.DLL
C:\WINDOWS\SYSTEM32\XWTGBEHX.DLL
Trojan.Unclassified/Twain-ONM
C:\PROGRAM FILES\TWAIN\TWAIN.EXE
C:\PROGRAM FILES\TWAIN\TWAIN.EXE
C:\WINDOWS\Prefetch\TWAIN.EXE-18A24091.pf
Adware.Tracking Cookie
C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Cookies\emeka@mediatraffic[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Cookies\emeka@partners.tattomedia[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Cookies\emeka@trafficmp[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Cookies\emeka@cache.trafficmp[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Cookies\emeka@mytracknow[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Cookies\emeka@ad.yieldmanager[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Cookies\emeka@adtrafficdriver[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Cookies\emeka@indextools[2].txt
C:\Documents and Settings\Administrator.MOTHERBRAIN\Cookies\administrator@myaccounts.navyfcu[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@accounts[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@acronymfinder[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@app.insightgrit[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@bookfinder[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@cardfinder.capitalone[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@find.blackplanet[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@fire!!!!s[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@ig.insightgrit[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@insightfirst[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@myaccount[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@pathfinder[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@trafficdashboard[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@www.findarticles[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@www.hrsaccount[1].txt
C:\Documents and Settings\Emeka\Cookies\emeka@www.!!!!!bot[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@2o7[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@3.adbrite[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@a.websponsors[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@ad1.clickhype[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@adopt.specificclick[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@ads.adbrite[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@ads.ak.facebook[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@ads.monster[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@ads.revsci[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@adultadworld[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@advertising[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@atwola[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@banners.cams[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@burstnet[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@cf-db01.clickfacts[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@click.madewell1937[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@clickaider[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@clicktorrent[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@crackle[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@crossmediaservices[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@ehg-camcorderinfo.hitbox[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@gcc-06.googleadservices[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@imrworldwide[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@insightexpressai[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@login.tracking101[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@media.hopstop[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@media.mtvnservices[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@mediamgr.ugo[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@myaccounts.navyfcu[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@partner2profit[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@path.pureadstracking[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@precisionclick[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@sales.liveperson[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@sales.liveperson[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@server.cpmstar[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@server2.mediatakeout[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@stats.crossmediaservices[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@stats.gamestop[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@superstats[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@tagiq.clickforensics[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@track.asus[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@track.bestbuy[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@trafficmp[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@usenext[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@webreports.digitalinsight[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@www.googleadservices[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@www.googleadservices[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@www.googleadservices[3].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@www.googleadservices[5].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@www.googleadservices[7].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@www.hrsaccount[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@www.ttzmedia[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@www.warezquality[2].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@xiti[1].txt
C:\Documents and Settings\Emeka.MOTHERBRAIN\Cookies\emeka@yadro[2].txt
C:\Documents and Settings\Guest\Cookies\guest@accountonline[1].txt
C:\Documents and Settings\Guest\Cookies\guest@find.intelius[1].txt
C:\Documents and Settings\Guest\Cookies\guest@find.person.superpages[2].txt
C:\Documents and Settings\Guest\Cookies\guest@insightfirst[2].txt
C:\Documents and Settings\Guest\Cookies\guest@www.accountonline[1].txt
C:\Documents and Settings\Guest\Cookies\guest@www.dontcountusout[1].txt
Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
C:\WINDOWS\B157.EXE
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
Trojan.Unclassified/TestCPV
HKCR\TypeLib\{63334394-3da3-4b29-a041-03535909d361}
HKCR\TypeLib\{63334394-3da3-4b29-a041-03535909d361}\1.0
HKCR\TypeLib\{63334394-3da3-4b29-a041-03535909d361}\1.0\0
HKCR\TypeLib\{63334394-3da3-4b29-a041-03535909d361}\1.0\0\win32
HKCR\TypeLib\{63334394-3da3-4b29-a041-03535909d361}\1.0\FLAGS
HKCR\TypeLib\{63334394-3da3-4b29-a041-03535909d361}\1.0\HELPDIR
HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}
HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}\ProxyStubClsid
HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}\ProxyStubClsid32
HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}\TypeLib
HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}\TypeLib#Version
HKCR\AppId\testcpv6.dll
HKCR\AppId\testcpv6.dll#AppID
HKCR\AppId\{ff46f4ab-a85f-487e-b399-3f191ac0fe23}
C:\PROGRAM FILES\WEBTOOLS\WEBTOOLS.DLL
Trojan.Dropper/FaceBack-A
C:\WINDOWS\FACEBACK.EXE
Trojan.Downloader/ZLob
C:\WINDOWS\SYSTEM32\124909\124909.DLL
ComboFix 08-10-05.03 - Emeka 2008-10-05 18:10:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1450 [GMT -4:00]
Running from: D:\Fix ME\2007\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator.MOTHERBRAIN\Cookies\administrator@www.monstermarketplace[2].txt
C:\Documents and Settings\Administrator.MOTHERBRAIN\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Administrator.MOTHERBRAIN\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Administrator.MOTHERBRAIN\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Guest\Cookies\guest@vendorweb.citibank[1].txt
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\CPV.stt
C:\Program Files\asembl~1
C:\WINDOWS\BM01e26af3.txt
C:\WINDOWS\BM01e26af3.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\bcxcjsbl.ini
C:\WINDOWS\system32\bsngvefb.ini
C:\WINDOWS\system32\bsnhxlia.ini
C:\WINDOWS\system32\crbmjy.dll
C:\WINDOWS\system32\irgeqlyi.ini
C:\WINDOWS\system32\nstszw.dll
C:\WINDOWS\system32\qnvihvja.ini
C:\WINDOWS\system32\wcasysmb.ini
C:\WINDOWS\system32\wmydbe.dll
C:\WINDOWS\system32\YcIjmUvw.ini
C:\WINDOWS\system32\YcIjmUvw.ini2
.
((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.
2008-10-05 17:23 . 2008-10-05 18:20 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-00000009-00001102-00000004-20021102}.BAK
2008-10-05 15:32 . 2008-10-05 15:32 <DIR> d-------- C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Application Data\SUPERAntiSpyware.com
2008-10-05 15:32 . 2008-10-05 15:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-10-02 23:24 . 2008-10-02 23:24 <DIR> d-------- C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Application Data\Grisoft
2008-10-02 00:51 . 2008-10-02 00:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-10-02 00:51 . 2008-10-02 00:51 <DIR> d-------- C:\Documents and Settings\Administrator.MOTHERBRAIN.000\Application Data\Grisoft
2008-10-02 00:51 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-10-02 00:46 . 2007-12-10 23:06 <DIR> d-------- C:\Documents and Settings\Administrator.MOTHERBRAIN.000\Application Data\Gtek
2008-10-02 00:46 . 2008-04-29 07:09 <DIR> d-------- C:\Documents and Settings\Administrator.MOTHERBRAIN.000\Application Data\Apple Computer
2008-10-02 00:46 . 2008-10-02 00:49 <DIR> d-------- C:\Documents and Settings\Administrator.MOTHERBRAIN.000
2008-10-01 23:18 . 2008-10-05 12:43 379 --a------ C:\WINDOWS\wininit.ini
2008-10-01 22:48 . 2008-10-05 12:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-09-30 02:36 . 2008-10-05 17:22 <DIR> d-------- C:\WINDOWS\system32\124909
2008-09-29 13:42 . 2008-10-05 17:25 <DIR> d-------- C:\Program Files\Twain
2008-09-29 13:37 . 2008-10-05 17:22 <DIR> d-------- C:\Program Files\Webtools
2008-09-29 13:32 . 2008-09-29 13:32 <DIR> d-------- C:\Program Files\Mjcore
2008-09-28 22:23 . 2008-09-28 22:23 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-28 22:23 . 2008-09-28 22:23 <DIR> d-------- C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Application Data\Lavasoft
2008-09-28 13:45 . 2008-09-28 13:46 <DIR> d-------- C:\Program Files\CCleaner
2008-09-15 22:32 . 2008-09-15 22:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-15 22:30 . 2008-09-15 22:30 <DIR> d-------- C:\Program Files\Bonjour
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2099-10-03 23:47 --------- d-----w C:\Documents and Settings\Administrator.MOTHERBRAIN\Application Data\Gtek
2099-10-01 01:14 --------- d-----w C:\Documents and Settings\Administrator.MOTHERBRAIN\Application Data\Talkback
2008-10-05 22:21 --------- d-----w C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Application Data\BitTorrent
2008-10-05 22:04 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-10-05 21:27 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-10-05 20:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-10-05 19:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-05 15:22 --------- d-----w C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Application Data\Skype
2008-10-02 02:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-02 02:20 --------- d-----w C:\Program Files\TomTom HOME 2
2008-09-25 01:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit
2008-09-16 02:33 --------- d-----w C:\Program Files\iTunes
2008-09-16 02:32 --------- d-----w C:\Program Files\iPod
2008-09-16 02:30 --------- d-----w C:\Program Files\QuickTime
2008-09-16 02:29 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-30 17:21 --------- d-----w C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Application Data\DNA
2008-08-30 17:07 --------- d-----w C:\Program Files\DNA
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-29 02:36 --------- d-----w C:\Program Files\DivX
2008-08-28 23:52 --------- d-----w C:\Program Files\BitTorrent
2008-08-27 02:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2008-08-20 03:39 --------- d-----w C:\Program Files\Apple Software Update
2008-08-20 00:13 --------- d-----w C:\Program Files\Sony Setup
2008-08-20 00:11 --------- d-----w C:\Program Files\Sony
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-04-02 21:46 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2004-06-10 16:13 40,960 ----a-w C:\Program Files\owcsetup.dll
2004-04-29 16:36 40,960 ----a-w C:\Program Files\owsetup1.dll
2008-06-11 03:16 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2008-03-22 587568]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-19 7315456]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-19 86016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 196608]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 245760]
"FlashIcon"="C:\Program Files\GENERIC\USB Card Reader Driver v2.3\FlashIcon.exe" [2004-11-26 40960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"nwiz"="nwiz.exe" [2005-12-19 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 C:\WINDOWS\system32\CTXFIHLP.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2006-08-11 C:\WINDOWS\MIDIDEF.EXE]
C:\Documents and Settings\Emeka.MOTHERBRAIN.000\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-04-08 546816]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-15 125624]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-02 67128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ovmtcj.dll ugxhjy.dll ruyswv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 nv_agp;NVIDIA nForce AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-10-29 21120]
R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-29 91830]
S3 filter;filter;C:\WINDOWS\system32\drivers\filter.sys [2004-11-26 8832]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a3f0274-cbca-11dc-95ad-0015f21ea13a}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder
2008-09-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
BHO-{26916414-4643-43e5-a214-ad087abc4614} - C:\WINDOWS\system32\ovmtcj.dll
BHO-{9EE72BE8-06F9-42D4-BAFB-B3DA9F3FFD01} - (no file)
BHO-{D93B4707-5777-4639-AD25-5326C02965C1} - (no file)
HKCU-Run-GetPack21 - C:\Program Files\GetPack\GetPack21.exe
HKCU-Run-VnrBlock21 - C:\Program Files\VnrBlock\VnrBlock21.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - %~$path:i
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-10-05 18:20:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-10-05 18:33:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-05 22:31:59
Pre-Run: 22,040,752,128 bytes free
Post-Run: 22,352,244,736 bytes free
239 --- E O F --- 2008-09-10 03:05:44
| 
|