Malware thing.
The files I have in Reiko’s file are what he created for me when he was assisting me with my computer. I added the two newest logs, but the rest were from where he RD’d with me.
Jotti Results
File: Reiko.exe Status:
OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: ee86268e59e4b38961e7c40d16be5bb4 Packers detected:
UPX
Bit9 reports: No threat detected (more info)
Scanner results
Scan taken on 14 Nov 2007 11:45:16 (GMT) A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
ComboFix 07-11-07.3 - April 2007-11-14 6:01:56.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503 [GMT -6:00]
Running from: C:\Documents and Settings\April\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\April\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\bhxbktsl.dll
C:\WINDOWS\system32\qoenmeaq.dll
C:\WINDOWS\system32\rhqkegfr.exe
C:\WINDOWS\system32\vkeehahi.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VundoFix Backups
C:\WINDOWS\system32\qoenmeaq.dll
C:\WINDOWS\system32\vkeehahi.dll
.
((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.
2007-11-14 05:28 <DIR> d-------- C:\WatchNow
2007-11-14 03:13 <DIR> dr-h----- C:\Documents and Settings\April\Application Data\yahoo!
2007-11-12 02:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-12 02:41 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-07 04:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2007-11-07 03:56 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 02:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-07 02:11 <DIR> d-------- C:\Documents and Settings\April\Application Data\SUPERAntiSpyware.com
2007-11-07 02:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-06 22:08 <DIR> d-------- C:\Program Files\Atomic Clock Sync
2007-11-06 20:20 <DIR> d-------- C:\Documents and Settings\April\Application Data\Comodo
2007-11-06 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-06 20:13 <DIR> d-------- C:\Program Files\Comodo
2007-11-05 07:29 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-05 06:13 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-05 06:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-05 06:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-05 04:53 <DIR> d-------- C:\Program Files\CCleaner
2007-11-05 04:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-05 04:21 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-05 04:21 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-05 04:21 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-05 04:21 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-05 04:21 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-05 04:21 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-05 04:21 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-05 04:21 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-05 04:00 <DIR> d-------- C:\Program Files\TUGZip
2007-11-05 04:00 156,160 --a------ C:\WINDOWS\system32\unrar3.dll
2007-11-05 04:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-05 02:57 <DIR> d-------- C:\Program Files\TeamViewer3
2007-11-05 02:57 <DIR> d-------- C:\Documents and Settings\April\Application Data\TeamViewer
2007-11-05 02:56 <DIR> d-------- C:\Documents and Settings\April\temp
2007-10-29 18:42 <DIR> d---s---- C:\Documents and Settings\April\UserData
2007-10-28 04:17 <DIR> d-------- C:\Documents and Settings\April\Application Data\McAfee
2007-10-18 19:20 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-18 19:20 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-10-18 16:30 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-18 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-18 15:37 <DIR> d-------- C:\Documents and Settings\April\Application Data\U3
2007-10-18 15:37 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-15 17:12 <DIR> d-------- C:\Documents and Settings\April\Application Data\iShell
2007-10-15 17:12 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-10-15 17:11 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-10-15 17:11 <DIR> d-------- C:\Program Files\QuickTime
2007-10-15 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 11:58 --------- d-----w C:\Program Files\DivX
2007-11-12 08:42 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-07 04:16 --------- d-----w C:\Program Files\MSN Messenger
2007-11-05 14:20 --------- d-----w C:\Program Files\McAfee
2007-11-05 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-11-01 19:26 --------- d-----w C:\Program Files\Java
2007-10-18 21:41 --------- d-----w C:\Documents and Settings\April\Application Data\DivX
2007-10-13 08:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\scar5
2007-10-13 07:50 --------- d-----w C:\Program Files\scar5
2007-10-13 07:50 --------- d-----w C:\Documents and Settings\April\Application Data\scar5
2007-10-06 09:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-30 23:45 --------- d-----w C:\Documents and Settings\April\Application Data\Viewpoint
2007-09-28 08:07 --------- d-----w C:\Program Files\Veoh Networks
2007-09-19 02:50 --------- d-----w C:\Documents and Settings\April\Application Data\AdobeUM
2007-09-18 22:28 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-09-18 22:26 --------- d-----w C:\Program Files\Microsoft.NET
2007-09-18 19:54 --------- d-----w C:\Program Files\Viewpoint
2007-09-18 05:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-18 05:21 --------- d-----w C:\Program Files\Yahoo!
2007-09-18 04:50 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-18 04:20 --------- d-----w C:\Documents and Settings\April\Application Data\Talkback
2007-09-18 04:17 --------- d-----w C:\Program Files\AOD
2007-09-18 04:17 --------- d-----w C:\Program Files\AIM
2007-09-18 04:17 --------- d-----w C:\Documents and Settings\April\Application Data\Aim
2007-09-18 04:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-09-18 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2007-09-18 01:08 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-09-18 01:04 --------- d-----w C:\Documents and Settings\April\Application Data\McAfee.com Personal Firewall
2007-09-18 00:58 --------- d-----w C:\Program Files\Canon
2007-09-18 00:51 --------- d-----w C:\Program Files\CyberLink
2007-09-18 00:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-09-18 00:47 28,352 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-09-18 00:46 --------- d-----w C:\Program Files\MUSICMATCH
2007-09-18 00:46 --------- d-----w C:\Program Files\Dell
2007-09-18 00:45 --------- d-----w C:\Program Files\Jasc Software Inc
2007-09-18 00:43 --------- d-----w C:\Program Files\Dell Computer
2007-09-18 00:43 --------- d-----w C:\Documents and Settings\April\Application Data\Jasc Software Inc
2007-09-18 00:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-09-18 00:06 --------- d-----w C:\Program Files\Common Files\AOL
2007-09-18 00:01 --------- d-----w C:\Documents and Settings\April\Application Data\ATI
2007-09-17 23:59 --------- d-----w C:\Program Files\Modem Helper
2007-09-17 23:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-17 23:55 --------- d-----w C:\Program Files\ATI Technologies
2007-09-17 23:54 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2007-09-17 23:54 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2007-09-17 23:54 --------- d-----w C:\Documents and Settings\Default User\Application Data\Intel
2007-09-17 23:54 --------- d-----w C:\Documents and Settings\April\Application Data\Intel
2007-09-17 23:53 21,425 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-09-17 23:53 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2007-09-17 23:53 --------- d-----w C:\Program Files\Intel
2007-09-17 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2007-09-17 23:51 --------- d-----w C:\Program Files\Synaptics
2007-09-17 23:51 --------- d-----w C:\Program Files\CONEXANT
2007-09-17 23:50 --------- d-----w C:\Program Files\DIFX
2007-09-17 23:47 --------- d-----w C:\Program Files\SigmaTel
2007-09-17 23:45 --------- d-----w C:\Program Files\Common Files\Java
2007-09-17 23:30 5 ----a-w C:\WINDOWS\system32\drivers\DELL_XPS_MM061 .MRK
2007-09-17 23:30 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_XPS_MM061 .MRK
2007-09-17 22:51 --------- d-----w C:\Program Files\RGB
2007-09-17 22:49 --------- d-----w C:\Program Files\GemMaster
2007-09-17 22:49 --------- d-----w C:\Program Files\EnglishOtto
2007-09-17 22:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-17 22:31 --------- d-----w C:\Program Files\Windows Plus
.
((((((((((((((((((((((((((((( snapshot@2007-11-07_ 4.06.25.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-19 07:34:15 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-11-14 09:01:01 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2007-10-19 07:34:15 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-11-14 09:01:02 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-10-19 07:34:15 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2007-11-14 09:01:02 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2007-10-19 07:34:15 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-14 09:01:02 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-10-19 07:34:15 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-11-14 09:01:03 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-10-19 07:34:15 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-11-14 09:01:02 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2007-10-19 07:34:15 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-11-14 09:01:02 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2007-10-19 07:34:15 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-11-14 09:01:02 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2007-10-19 07:34:15 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-11-14 09:01:03 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-10-19 07:34:15 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-11-14 09:01:02 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-10-19 08:44:35 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-11-14 09:02:17 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-10-19 08:44:35 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-11-14 09:02:17 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-19 08:44:35 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-11-14 09:02:17 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-19 08:44:35 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-11-14 09:02:18 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-19 08:44:35 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-11-14 09:02:18 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-10-19 08:44:35 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-11-14 09:02:18 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-19 08:44:35 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-11-14 09:02:18 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-19 08:44:35 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-11-14 09:02:17 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-10-19 08:44:35 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-11-14 09:02:17 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-11-12 08:41:19 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
+ 2007-11-12 08:41:20 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2007-11-12 08:41:20 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2007-11-12 08:41:20 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe
+ 2007-11-12 08:41:20 7,278 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2007-11-12 08:41:19 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2006-09-29 12:56:38 28,248 ----a-r C:\WINDOWS\system32\AdobePDF.dll
- 2006-12-19 21:52:18 8,453,632 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-11-05 14:05:03 264,616 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-11-14 11:28:02 266,208 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-08-07 19:37:56 53,248 ----a-w C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
+ 2007-08-07 23:20:44 182,248 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDir.dll
- 2007-09-18 22:55:36 45,218 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-11-13 06:27:46 45,218 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-08-07 19:35:56 585,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2007-08-07 19:19:40 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
+ 2007-08-07 19:36:32 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2007-08-07 19:17:24 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
+ 2007-08-07 19:35:22 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2007-08-07 19:35:32 483,328 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2007-08-07 19:28:38 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2007-08-07 23:20:28 391,144 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwHelper_1020023.exe
+ 2007-08-07 19:37:56 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2007-08-07 19:35:18 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
+ 2007-08-07 19:37:58 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 1999-06-25 16:55:30 149,504 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
+ 2004-02-20 22:15:42 40,960 ----a-r C:\WINDOWS\system32\MFC71CHS.DLL
+ 2004-02-20 22:15:42 45,056 ----a-r C:\WINDOWS\system32\MFC71CHT.DLL
+ 2004-02-20 22:15:42 65,536 ----a-r C:\WINDOWS\system32\MFC71DEU.DLL
+ 2003-10-17 18:44:08 57,344 ----a-r C:\WINDOWS\system32\MFC71ENU.DLL
+ 2004-02-20 22:15:42 61,440 ----a-r C:\WINDOWS\system32\MFC71ESP.DLL
+ 2004-02-20 22:15:42 61,440 ----a-r C:\WINDOWS\system32\MFC71FRA.DLL
+ 2004-02-20 22:15:42 61,440 ----a-r C:\WINDOWS\system32\MFC71ITA.DLL
+ 2004-02-20 22:15:42 49,152 ----a-r C:\WINDOWS\system32\MFC71JPN.DLL
+ 2004-02-20 22:15:42 49,152 ----a-r C:\WINDOWS\system32\MFC71KOR.DLL
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-07 09:11:55 62,746 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-14 12:01:02 62,746 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-07 09:11:55 401,632 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-14 12:01:02 401,632 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
- 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-05-11 05:13:07 24,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ADREGP.DLL
+ 2007-05-11 05:13:22 190,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ADUIGP.DLL
+ 2003-05-05 22:47:20 129,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\Ps5ui.dll
+ 2003-05-05 22:47:20 455,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2007-05-11 05:13:07 24,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\AdReGP.dll
+ 2007-05-11 05:13:22 190,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ADUIGP.dll
+ 2003-05-05 22:47:20 129,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\PS5UI.DLL
+ 2003-05-05 22:47:20 455,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\PSCRIPT5.DLL
- 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2006-06-05 21:47:40 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80.dll
+ 2006-06-05 21:47:48 1,080,320 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80u.dll
+ 2006-06-05 21:47:50 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80.dll
+ 2006-06-05 21:47:50 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80u.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:56]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 17:04]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 16:58]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 17:51]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-20 12:24]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 16:23]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-06 20:13]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-17 00:29]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b9aeba6-7dc2-11dc-8293-0018de813166}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-14 06:05:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-14 6:07:35 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-09 23:34
C:\ComboFix3.txt ... 2007-11-07 05:21
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 6:09:02 AM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\April\Desktop\Reiko files\Reiko.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O8 - Extra context menu item: Append to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
My computer is running the same as it was before.