ComboFix 07-12-09.1 - Brad 2007-12-09 14:49:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2229 [GMT -5:00]
Running from: C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\2VB7A5UI\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\abW9
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\bemeibln.dll
C:\WINDOWS\system32\dqudxyqx.dll
C:\WINDOWS\system32\eavkkiaj.dll
C:\WINDOWS\system32\ebqdfise.ini
C:\WINDOWS\system32\esifdqbe.dll
C:\WINDOWS\system32\fdcmpink.ini
C:\WINDOWS\system32\fxmdxxsi.dll
C:\WINDOWS\system32\gebawuv.dll
C:\WINDOWS\system32\hhircxhy.dll
C:\WINDOWS\system32\isxxdmxf.ini
C:\WINDOWS\system32\jaikkvae.ini
C:\WINDOWS\system32\khfebxx.dll
C:\WINDOWS\system32\knipmcdf.dll
C:\WINDOWS\system32\nrpycnsx.dll
C:\WINDOWS\system32\obsaafqg.dll
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pbmmttul.dll
C:\WINDOWS\system32\pmnklmm.dll
C:\WINDOWS\system32\pmnopom.dll
C:\WINDOWS\system32\qdrxvwmg.dll
C:\WINDOWS\system32\qfcvavvx.dll
C:\WINDOWS\system32\qifeigba.dll
C:\WINDOWS\system32\qwshfrrs.dll
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rqrpppq.dll
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\srrfhswq.ini
C:\WINDOWS\system32\ssqnnoo.dll
C:\WINDOWS\system32\wuvuxwkv.dll
C:\WINDOWS\system32\xhfwptyt.dll
C:\WINDOWS\system32\xqyxduqd.ini
C:\WINDOWS\system32\xsncyprn.ini
C:\WINDOWS\Fonts\'
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.
2007-12-08 22:51 . 2007-12-09 00:27 <DIR> d-------- C:\Documents and Settings\Brad\.housecall6.6
2007-12-08 10:22 . 2007-12-08 10:22 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-07 13:42 . 2007-12-07 13:42 74,304 --a------ C:\WINDOWS\system32\pixxewmk.exe
2007-12-06 13:43 . 2007-12-06 13:43 74,304 --a------ C:\WINDOWS\system32\ojwqdpyk.exe
2007-12-05 13:42 . 2007-12-05 13:42 74,304 --a------ C:\WINDOWS\system32\fvmlqvtb.exe
2007-12-03 13:48 . 2007-12-04 06:07 794,040 --ahs---- C:\WINDOWS\system32\kvaqmsww.ini
2007-12-02 13:50 . 2007-12-02 13:50 793,784 --ahs---- C:\WINDOWS\system32\wqqomrnq.ini
2007-12-01 13:47 . 2007-12-02 13:47 793,724 --ahs---- C:\WINDOWS\system32\ramaqify.ini
2007-11-29 12:48 . 2007-11-29 14:40 <DIR> d-------- C:\Program Files\Dana
2007-11-28 11:32 . 2007-11-28 11:32 23,696 --a------ C:\WINDOWS\system32\ddcabxy.dll
2007-11-26 16:28 . 2007-11-26 16:29 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Move Networks
2007-11-24 15:29 . 2007-11-24 15:29 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-11-23 19:19 . 2007-12-03 18:45 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-11-23 19:19 . 2007-11-29 14:40 <DIR> d-------- C:\Program Files\AVI2ISO
2007-11-23 19:18 . 2007-12-05 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-22 21:26 . 2007-11-22 21:26 <DIR> d-------- C:\Program Files\DeluxeFTP
2007-11-21 17:41 . 2007-11-21 17:41 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-21 17:37 . 2007-12-09 14:51 <DIR> d-------- C:\Temp
2007-11-21 17:36 . 2007-12-02 07:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-21 17:32 . 2007-12-09 13:47 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 1
2007-11-16 20:00 . 2007-12-08 19:48 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-11-16 20:00 . 2007-11-16 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2007-11-15 20:23 . 2007-11-15 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2007-11-15 09:24 . 2007-11-15 09:24 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Jane s Hotel
2007-11-14 20:55 . 2007-11-14 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-11-14 20:19 . 2007-11-14 20:19 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\PlayFirst
2007-11-14 20:17 . 2007-11-14 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-14 20:17 . 2007-11-14 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-14 00:59 . 2007-11-14 11:11 <DIR> d-------- C:\Documents and Settings\Brad\Contacts
2007-11-14 00:55 . 2007-11-14 00:58 <DIR> d-------- C:\Program Files\Windows Live
2007-11-14 00:55 . 2007-11-14 00:58 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-14 00:55 . 2007-11-14 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-11 22:22 . 2007-11-11 22:22 <DIR> d-------- C:\Program Files\iTunes
2007-11-11 22:22 . 2007-11-11 22:22 <DIR> d-------- C:\Program Files\iPod
2007-11-11 22:21 . 2007-11-11 22:21 <DIR> d-------- C:\Program Files\QuickTime
2007-11-11 01:58 . 2007-11-11 01:58 <DIR> d-------- C:\iPod Photo Cache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 12:14 --------- d-----w C:\Program Files\LogMeIn
2007-12-09 03:51 --------- d-----w C:\Program Files\Avant Browser
2007-12-04 03:26 --------- d-----w C:\Program Files\ScreenshotCaptor
2007-11-22 16:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 05:57 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2007-11-22 05:57 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-11-22 05:57 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2007-11-22 05:57 21,496 ----a-w C:\WINDOWS\system32\LMIport.dll
2007-11-22 05:57 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2007-11-22 04:34 --------- d-----w C:\Program Files\McAfee
2007-11-22 04:32 --------- d-----w C:\Documents and Settings\Brad\Application Data\mIRC
2007-11-21 22:28 --------- d-----w C:\Program Files\mIRC
2007-11-19 22:43 --------- d-----w C:\Program Files\Mozilla Sunbird
2007-11-13 14:00 --------- d-----w C:\Program Files\Google
2007-11-06 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2007-11-06 18:35 --------- d-----w C:\Program Files\GRETECH
2007-11-06 18:35 --------- d-----w C:\Documents and Settings\Brad\Application Data\GRETECH
2007-11-05 05:02 --------- d-----w C:\Documents and Settings\Brad\Application Data\EssentialPIM
2007-11-05 03:32 --------- d-----w C:\Program Files\IBM
2007-11-04 17:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-03 02:16 --------- d-----w C:\Program Files\EssentialPIM
2007-11-02 02:41 --------- d-----w C:\Documents and Settings\Brad\Application Data\Talkback
2007-11-02 02:23 --------- d-----w C:\Program Files\Citrix
2007-11-02 02:23 --------- d-----w C:\Documents and Settings\Brad\Application Data\ICAClient
2007-10-31 15:48 --------- d-----w C:\Program Files\BeeThink MusicHandle 3.2
2007-10-30 01:50 --------- d-----w C:\Documents and Settings\Brad\Application Data\SmartDraw
2007-10-29 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Aliasworlds
2007-10-25 12:42 --------- d-----w C:\Program Files\Lavasoft
2007-10-25 02:52 --------- d-----w C:\Program Files\EGS
2007-10-24 19:32 --------- d-----w C:\Program Files\prjYahtzee
2007-10-24 19:31 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-10-24 19:30 --------- d-----w C:\Program Files\Nexus Radio
2007-10-24 19:29 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-24 19:29 --------- d-----w C:\Program Files\AimGames
2007-10-24 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-24 00:41 --------- d-----w C:\Documents and Settings\Brad\Application Data\OpenOffice.org2
2007-10-18 16:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-15 21:42 --------- d-----w C:\Program Files\Java
2007-10-10 20:22 --------- d-----w C:\Program Files\AIM6
2007-10-10 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-10 20:20 --------- d-----w C:\Program Files\Viewpoint
2007-09-12 21:42 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-09-12 21:42 487,424 ------w C:\WINDOWS\Setup1.exe
2006-02-19 07:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2007-11-28 11:32 23696 --a------ C:\WINDOWS\system32\ddcabxy.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"Aim6"="" []
"FolderShare"="C:\Program Files\FolderShare\FolderShare.exe" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:56]
"D-Link Wireless G WDA-1320"="C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe" [2005-12-14 14:56]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 09:35]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 06:00 C:\WINDOWS\system32\rundll32.exe]
"CTHelper"="CTHELPER.EXE" [2005-11-08 19:30 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 11:00 C:\WINDOWS\system32\CTXFIHLP.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 00:00]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 10:01]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 17:07]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 13:03]
"HostManager"="C:\Program Files\Common Files\AOL\1190388307\ee\AOLSoftware.exe" [2006-09-25 19:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-26 11:10:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\ddcabxy.dll [2007-11-28 11:32 23696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcabxy]
ddcabxy.dll 2007-11-28 11:32 23696 C:\WINDOWS\system32\ddcabxy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-08-24 09:17 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-22 00:57 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service
.
Contents of the 'Scheduled Tasks' folder
"2007-12-06 16:21:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-15 06:01:48 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-12-01 12:23:57 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ddcabxy.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ddcabxy.dll
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-09 14:53:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-09 14:55:08 - machine was rebooted
.
--- E O F ---
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop CS
Adobe Reader 8.1.1
Adobe Shockwave Player
AIM 6
ANIO Service
ANIWZCS2 Service
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Parental Control
Avant Browser (remove only)
BeeThink MusicHandle 3.2
Burger Shop (remove only)
Creative MediaSource
Dell Resource CD
DeluxeFTP 6.0.1
EGS Recipe Center
ESPNMotion
EssentialPIM
exPressit S.E. 2.1
GemMaster Mystic
GOM Player
Google Earth
GoToAssist 8.0.0.480
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB926239)
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
Intel(R) PRO Network Connections Drivers
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
LogMeIn
McAfee SecurityCenter
Meritline EZ Label Xpress 3.5 Lite
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Web Components
Microsoft Office Accounting 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Small Business Connectivity Components
Microsoft Office Small Business Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
MovieTrack
Mozilla Firefox (2.0.0.10)
Mozilla Firefox (3.0b1)
Mozilla Thunderbird (2.0.0.6)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero Suite
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
Otto
PDF reDirect (remove only)
QuickTime
Screenshot Captor 2.35.01
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Sonic Encoders
Sound Blaster X-Fi
Spybot - Search & Destroy 1.4
The Sims 2
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB925766
WinZip 11.1
Wireless G WDA-1320
Yahoo! Messenger
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:37 PM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\AOL\1190388307\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcabxy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1190388307\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CM_AdvancedCAB -
https://www.gs.reyrey.com/common/Client ... cedCAB.CABO16 - DPF: PrintTemplateViewerCab -
https://www.gs.reyrey.com/clientdll/pri ... viewer.cabO16 - DPF: ReyScanCab -
https://www.gs.reyrey.com/clientdll/ReyScan.cabO16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) -
http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 8002837281O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) -
https://www.gs.reyrey.com/clientdll/arview2.cabO20 - Winlogon Notify: ddcabxy - C:\WINDOWS\SYSTEM32\ddcabxy.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Ctpka4x - Creative Technology Ltd - (no file)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10487 bytes