Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:48 AM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\LYDIOT~1\LOCALS~1\Temp\tmpD2.tmp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\txrxfcyb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.8-2.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: txrxfcyb - C:\WINDOWS\SYSTEM32\txrxfcyb.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 5651 bytes
###############################################################
ComboFix 08-02.05.3 - Lydiot's Laptop 2008-02-08 10:35:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.96 [GMT 8:00]
Running from: C:\Documents and Settings\Lydiot's Laptop\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cbxxwwx.dll
C:\WINDOWS\system32\urssq.dll
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-07_20.10.59.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-08_19.35.18.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-10_10.28.31.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-10_11.38.31.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-10_12.58.31.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-10_15.48.31.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-11_22.39.45.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-11_22.49.45.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-12_18.00.57.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-16_20.55.10.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-21_20.42.56.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-25_22.36.28.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-26_20.43.19.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-27_20.51.47.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-27_21.01.47.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-27_22.32.54.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-05-28_00.12.54.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-09_22.11.13.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-11_17.36.30.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-11_20.07.19.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-12_20.50.37.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-17_11.24.27.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-17_17.26.53.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-19_21.46.07.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-19_21.56.07.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-21_21.04.57.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-22_22.29.01.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-22_22.39.02.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-24_10.57.06.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-29_22.36.30.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-30_20.10.58.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-30_20.20.58.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-06-30_20.50.58.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-01_23.00.18.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-02_18.22.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-02_18.32.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-02_21.32.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-02_22.45.10.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-04_00.42.55.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-04_22.41.57.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-07_21.52.50.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-08_17.46.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-10_21.54.34.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-13_22.42.02.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-19_17.25.36.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-22_09.30.43.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-23_11.40.27.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-23_16.30.27.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-23_16.50.27.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-23_17.22.35.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-23_19.31.08.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-24_21.48.16.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-24_21.58.16.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-24_22.08.16.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-28_21.23.41.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-28_22.13.41.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-29_12.41.40.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-29_13.41.40.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-29_13.51.40.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-29_14.51.40.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-29_18.01.40.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-29_18.51.40.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-30_15.31.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-30_15.41.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-30_15.51.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-07-30_16.51.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-08-30_21.31.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-08-30_22.01.32.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-02_21.51.50.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-03_22.27.34.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_09.34.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_10.44.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_11.34.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_12.04.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_12.14.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_12.44.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_12.54.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_14.44.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_15.54.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_16.34.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_17.44.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_17.54.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-04_18.34.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-05_07.52.05.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-05_09.02.05.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-05_09.22.05.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-05_17.29.23.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-06_14.57.53.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-06_15.07.53.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-06_15.57.53.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-06_20.06.14.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-06_20.16.14.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-06_20.26.14.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-06_21.26.14.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-07_19.05.17.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-07_21.45.17.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-08_19.18.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-08_19.28.44.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-10_23.13.06.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-11_16.39.29.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-11_17.09.29.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-11_21.59.30.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-12_09.03.20.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-12_21.53.53.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-12_22.03.53.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-13_12.09.57.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-14_19.33.57.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-14_20.03.57.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-14_21.23.57.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-15_21.03.40.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-15_21.52.36.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-16_20.53.39.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-16_21.23.39.hl
C:\Documents and Settings\All Users.\documents\settings\4079_2006-09-17_22.21.35.hl
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users.\documents\settings\rvnzs_a.dat
C:\Documents and Settings\All Users.\documents\settings\rvnzs_b.dat
C:\Documents and Settings\All Users.\documents\settings\rvnzs_f.dat
C:\Documents and Settings\All Users.\documents\settings\rvnzs_v.dat
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\0019B054.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\001D72ED.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\004D0632.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\004FB19A.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
C:\Program Files\FunWebProducts\Shared\007306AD.dat
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\WINDOWS\cookies.ini
C:\WINDOWS\mlmnno.dll
C:\WINDOWS\nmpsru.ini
C:\WINDOWS\onnmlm.ini
C:\WINDOWS\system32\bdncqxxg.dll
C:\WINDOWS\system32\cbxxwwx.dll
C:\WINDOWS\system32\gxxqcndb.ini
C:\WINDOWS\system32\iesoojgg.dllbox
C:\WINDOWS\system32\pdluvbbk.dll
C:\WINDOWS\system32\qssru.ini
C:\WINDOWS\system32\qssru.ini2
C:\WINDOWS\system32\qwerty12.exe
C:\WINDOWS\system32\tmp1.tmp.dll
C:\WINDOWS\system32\tmp10.tmp.dll
C:\WINDOWS\system32\tmp11.tmp.dll
C:\WINDOWS\system32\tmp128.tmp.dll
C:\WINDOWS\system32\tmp14.tmp.dll
C:\WINDOWS\system32\tmp16.tmp.dll
C:\WINDOWS\system32\tmp18.tmp.dll
C:\WINDOWS\system32\tmp19.tmp.dll
C:\WINDOWS\system32\tmp1A.tmp.dll
C:\WINDOWS\system32\tmp1C.tmp.dll
C:\WINDOWS\system32\tmp2.tmp.dll
C:\WINDOWS\system32\tmp23.tmp.dll
C:\WINDOWS\system32\tmp26.tmp.dll
C:\WINDOWS\system32\tmp29.tmp.dll
C:\WINDOWS\system32\tmp2A.tmp.dll
C:\WINDOWS\system32\tmp2C.tmp.dll
C:\WINDOWS\system32\tmp2E.tmp.dll
C:\WINDOWS\system32\tmp3.tmp.dll
C:\WINDOWS\system32\tmp4.tmp.dll
C:\WINDOWS\system32\tmp5.tmp.dll
C:\WINDOWS\system32\tmp55.tmp.dll
C:\WINDOWS\system32\tmp6.tmp.dll
C:\WINDOWS\system32\tmp7.tmp.dll
C:\WINDOWS\system32\tmp78B.tmp.dll
C:\WINDOWS\system32\tmp8.tmp.dll
C:\WINDOWS\system32\tmp9.tmp.dll
C:\WINDOWS\system32\tmpA51.tmp.dll
C:\WINDOWS\system32\tmpB.tmp.dll
C:\WINDOWS\system32\tmpC.tmp.dll
C:\WINDOWS\system32\tmpD.tmp.dll
C:\WINDOWS\system32\tmpD3.tmp.dll
C:\WINDOWS\system32\tmpE.tmp.dll
C:\WINDOWS\system32\txrxfcyb.dll
C:\WINDOWS\system32\txrxfcyb.dll . . . . failed to delete
C:\WINDOWS\system32\txrxfcyb.dllbox
C:\WINDOWS\system32\upfpddpk.dllbox
C:\WINDOWS\system32\urssq.dll
C:\WINDOWS\system32\yykkawuo.dll
C:\WINDOWS\urspmn.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.
2008-02-08 11:02 . 2008-02-08 11:06 19,054 ---hs---- C:\WINDOWS\system32\txrxfcyb.dllbox
2008-02-07 23:24 . 2008-02-07 23:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-07 20:46 . 2008-02-08 10:57 163,904 --a------ C:\WINDOWS\system32\txrxfcyb.dll
2008-01-22 21:04 . 2008-02-07 20:47 1,136,307 ---hs---- C:\WINDOWS\badehk.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 13:00 --------- d-----w C:\Program Files\QUICKENW
2008-01-01 06:50 --------- d-----w C:\Program Files\Sim 2 expansion
2008-01-01 05:55 --------- d-----w C:\Program Files\EA GAMES
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 933,888 2005-07-22 13:36:10 C:\Program Files\Brother\ControlCenter2\bak\brctrcen.exe
----a-r 155,648 2003-10-14 02:22:30 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
----a-w 77,824 2003-10-28 01:23:08 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 40,960 2005-03-17 06:45:52 C:\Program Files\ScanSoft\PaperPort\bak\IndexSearch.exe
----a-w 57,393 2005-03-17 06:25:54 C:\Program Files\ScanSoft\PaperPort\bak\pptd40nt.exe
----a-w 37,023 2007-02-21 13:02:44 C:\WINDOWS\system32\bak\lsasss.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4958ff13-04a8-43da-bbc4-13c7e2745a01}]
C:\WINDOWS\system32\pdluvbbk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D69901-97B7-4A85-8E1D-2EB2A050E7B1}]
C:\WINDOWS\system32\urssq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-08 10:57 163904 --a------ C:\WINDOWS\system32\txrxfcyb.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 20:21 68856]
"SysRestore"="C:\DOCUME~1\LYDIOT~1\LOCALS~1\Temp\tmpD2.tmp.exe" [2007-06-09 23:58 4096]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 14:08 4670968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [ ]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [ ]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [ ]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [ ]
"Lexmark_X79-55"="C:\WINDOWS\system32\lsasss.exe" [ ]
"NetService"="C:\DOCUME~1\LYDIOT~1\LOCALS~1\Temp\tmp1.tmp.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"7421f230"="C:\WINDOWS\system32\bdncqxxg.dll" [ ]
"combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-04 15:56 388608]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-10-18 21:34:53 802816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SFCDisable"=dword:00000004
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxwwx]
cbxxwwx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\txrxfcyb]
txrxfcyb.dll 2008-02-08 10:57 163904 C:\WINDOWS\system32\txrxfcyb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerPanel.lnk
backup=C:\WINDOWS\pss\PowerPanel.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^zakaria^Start Menu^Programs^Startup^Cleanup.lnk]
path=C:\Documents and Settings\zakaria\Start Menu\Programs\Startup\Cleanup.lnk
backup=C:\WINDOWS\pss\Cleanup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2002-03-01 03:27 114688 C:\Program Files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 15:56 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanupProgram]
C:\Sonysys\cleanup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2006-04-06 09:30 3284992 C:\Program Files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
--a------ 2002-01-31 02:14 417792 C:\Program Files\Sony\HotKey Utility\HKserv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2002-07-11 20:06 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Imatio]
--a------ 2004-03-09 10:17 360613 c:\program files\imation disk manager\imation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JOGSERV2.EXE]
--a------ 2002-03-06 06:26 159744 C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Office]
--a------ 2005-02-05 00:13 27349 C:\WINDOWS\system32\msoff.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-13 01:24 106557 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;C:\WINDOWS\system32\drivers\Vch.sys [2002-02-16 16:07]
R3 Ich;Ich;C:\WINDOWS\system32\DRIVERS\Ich.sys [2002-01-25 04:57]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 16:01]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 20:51]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSRTNDS.SYS [2003-04-14 11:25]
S3 USTOR;Imation USB Flash Drive;C:\WINDOWS\system32\DRIVERS\UStork.sys [2003-07-08 18:30]
S4 Wxhhalikb;Wxhhalikb;C:\WINDOWS\system32\exe2bin.exe [2001-08-18 20:00]
.
Contents of the 'Scheduled Tasks' folder
"2003-10-28 11:35:09 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2003-10-28 11:35:09 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 11:05:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\txrxfcyb.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\txrxfcyb.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ntvdm.exe
.
**************************************************************************
.
Completion time: 2008-02-08 11:11:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 03:11:36
.
2007-10-15 10:47:08 --- E O F ---