ComboFix 08-07-03.5 - USER 2008-07-05 6:04:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.430 [GMT -7:00]
Running from: C:\Documents and Settings\USER\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Starware408
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\1223_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\1223_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\1229_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\1229_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\Button_50.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\Button_60.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\Button_70.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\WeatherHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware408\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware408\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware408\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware408\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware408\images\ncloudy.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\images\nmcloud.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware408\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware408\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware408\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware408\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware408\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware408\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\LocalService\Application Data\ShoppingReport
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\USER\Application Data\install.dat
C:\Documents and Settings\USER\Application Data\ShoppingReport
C:\Documents and Settings\USER\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\USER\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\USER\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\USER\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\USER\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\USER\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\USER\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\USER\Application Data\Starware408
C:\Documents and Settings\USER\Application Data\Starware408\Button_5\Button_5Options.xml
C:\Documents and Settings\USER\Application Data\Starware408\Button_5\Button_5Options.xml.backup
C:\Documents and Settings\USER\Application Data\Starware408\Button_6\Button_6Options.xml
C:\Documents and Settings\USER\Application Data\Starware408\Button_6\Button_6Options.xml.backup
C:\Documents and Settings\USER\Application Data\Starware408\Button_7\Button_7Options.xml
C:\Documents and Settings\USER\Application Data\Starware408\Button_7\Button_7Options.xml.backup
C:\Documents and Settings\USER\Application Data\Starware408\Video_Vault\Video_VaultOptions.xml
C:\Documents and Settings\USER\Application Data\Starware408\Video_Vault\Video_VaultOptions.xml.backup
C:\Documents and Settings\USER\Application Data\Starware408\Watch_Videos\Watch_VideosOptions.xml
C:\Documents and Settings\USER\Application Data\Starware408\Watch_Videos\Watch_VideosOptions.xml.backup
C:\Documents and Settings\USER\Application Data\ultra
C:\Documents and Settings\USER\Application Data\ultra\uninstall.bat
C:\Documents and Settings\USER\lsass.exe
C:\Documents and Settings\USER\services.exe
C:\Program Files\AntiSpywareMaster
C:\Program Files\AntiSpywareMaster\shit.exe
C:\Program Files\inetget2
C:\Program Files\mjc
C:\Program Files\mjc\mjc.exe
C:\Program Files\network monitor
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\Spcron
C:\Program Files\Spcron\Spc.dll
C:\Program Files\Temporary
C:\Program Files\Zumie
C:\Program Files\Zumie\home.js
C:\Program Files\Zumie\uninstall.exe
C:\Program Files\Zumie\zopt.exe
C:\Program Files\Zumie\zumie.dll
C:\Program Files\Zumie\zumie.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\accesss.exe
C:\WINDOWS\avpcc.dll
C:\WINDOWS\b152.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\cjdqcgan.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\rdpwdd.sys
C:\WINDOWS\system32\dxutsx.dll
C:\WINDOWS\system32\eeybpm.dll
C:\WINDOWS\system32\f10
C:\WINDOWS\system32\f10\kscomdll3.exe
C:\WINDOWS\system32\g75.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\hqykttyk.dll
C:\WINDOWS\system32\iifdcARj.dll
C:\WINDOWS\system32\jmfbqegs.ini
C:\WINDOWS\system32\kuhyoyvv.dll
C:\WINDOWS\system32\kyttkyqh.ini
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\lhtxedvb.dll
C:\WINDOWS\system32\mlJDurpq.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nagcqdjc.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\sdweludx.ini
C:\WINDOWS\system32\SrYxayay.ini
C:\WINDOWS\system32\SrYxayay.ini2
C:\WINDOWS\system32\WinNB55.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\xlibgfl254.dll
C:\WINDOWS\system32\yayaxYrS.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_NNSERV
-------\Legacy_RDPWDD
-------\Legacy_ZUMIE_SEARCH_SERVICE
-------\Service_cmdService
-------\Service_Network Monitor
-------\Service_NNServ
-------\Service_rdpwdd
-------\Service_Zumie Search Service
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.
2008-07-03 13:27 . 2008-07-03 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-03 13:10 . 2008-07-03 13:13 <DIR> d-------- C:\WINDOWS\SrInstallTemp
2008-07-03 13:10 . 2008-07-03 13:13 <DIR> d-------- C:\Program Files\Sr
2008-07-02 13:33 . 2005-02-02 01:41 67,456 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-07-02 13:33 . 2002-10-09 06:08 95 --a------ C:\WINDOWS\msje8tp.dat
2008-07-02 13:32 . 2008-07-02 13:32 <DIR> d-------- C:\Upload
2008-07-02 13:32 . 2008-07-02 13:32 <DIR> d-------- C:\ReplaceOnReboot
2008-07-02 13:32 . 2008-07-02 13:32 0 --a------ C:\WINDOWS\system32\lockscr.dat
2008-07-02 13:28 . 2002-10-08 16:08 290,816 --a------ C:\WINDOWS\system32\WINHTTP5.DLL
2008-06-30 21:17 . 2008-06-30 21:17 <DIR> d-------- C:\Documents and Settings\ShoppingReport
2008-06-30 21:17 . 2008-06-30 21:17 <DIR> d-------- C:\Documents and Settings\report
2008-06-30 20:12 . 2008-06-30 20:12 86,528 --a------ C:\WINDOWS\system32\xdulewds.VIR
2008-06-30 19:45 . 2008-06-30 19:46 63,918 --a------ C:\WINDOWS\system32\{41957f54-8c2c-de81-f2a7-893c69fd2cf2}.dll-uninst.exe
2008-06-29 23:03 . 2007-08-01 23:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-29 22:58 . 2008-06-29 22:58 9,662 --a------ C:\WINDOWS\system32\pinkip.ico
2008-06-29 20:01 . 2008-06-29 20:01 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-29 19:57 . 2008-07-03 14:31 <DIR> d--hs---- C:\WINDOWS\VVNFUg
2008-06-29 19:57 . 2008-06-29 19:57 <DIR> d-------- C:\WINDOWS\system32\xsir
2008-06-29 19:57 . 2008-06-29 19:57 <DIR> d-------- C:\WINDOWS\system32\vec3
2008-06-29 19:57 . 2008-06-29 19:57 <DIR> d-------- C:\WINDOWS\system32\mp
2008-06-29 19:57 . 2008-06-29 19:57 <DIR> d-------- C:\WINDOWS\system32\modtrux18
2008-06-29 19:57 . 2008-07-03 13:37 <DIR> d-------- C:\WINDOWS\system32\bam
2008-06-29 19:57 . 2008-06-29 19:57 <DIR> d-------- C:\TEMP\syschk3
2008-06-29 19:49 . 2008-06-29 19:50 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
2008-06-29 19:49 . 2008-06-29 19:50 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-06-29 19:49 . 2008-07-03 14:03 <DIR> d-------- C:\Program Files\AdvancedAdvisor
2008-06-29 19:49 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-06-16 21:54 . 2008-06-29 22:47 <DIR> d-------- C:\Program Files\Fx Video Converter
2008-06-16 21:54 . 2001-03-13 12:50 525,352 --a------ C:\WINDOWS\system32\dbgrid32.ocx
2008-06-16 21:54 . 2001-08-17 12:18 508,928 --a------ C:\WINDOWS\system32\msde.dll
2008-06-16 21:54 . 1999-02-16 20:49 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-06-16 21:54 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-06-16 21:54 . 2001-03-13 12:53 77,824 --a------ C:\WINDOWS\system32\msbind.dll
2008-06-16 21:54 . 2000-06-13 00:00 2,493 --a------ C:\WINDOWS\system32\COMCTL32.DEP
2008-06-16 21:53 . 2008-06-16 21:53 <DIR> d-------- C:\Program Files\Common Files\Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 00:41 --------- d-----w C:\Documents and Settings\USER\Application Data\iolo
2008-07-03 21:21 --------- d-----w C:\Program Files\iolo
2008-07-03 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-06-30 08:46 --------- d-----w C:\Documents and Settings\USER\Application Data\LimeWire
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 06:16 --------- d-----w C:\Program Files\My Downloaded Games
2008-05-08 06:16 --------- d-----w C:\Program Files\BoontyGames
2008-05-08 06:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-08 06:15 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-05-08 06:15 --------- d-----w C:\Program Files\AWS
2008-05-08 06:15 --------- d-----w C:\Documents and Settings\USER\Application Data\WeatherBug
2008-05-08 06:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 16:36 --------- d-----w C:\Program Files\Digital Locker Assistant
2005-07-29 23:24 472 --sha-r C:\WINDOWS\VVNFUg\pphIo0.vbs
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 335,872 2004-03-10 04:10:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
-c--a-w 184,320 2003-09-26 22:43:16 C:\Program Files\ltmoh\bak\Ltmoh.exe
-c--a-w 77,824 2004-05-07 19:11:10 C:\Program Files\QuickTime\bak\qttask.exe
-c--a-w 495,616 2004-01-23 00:08:36 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe
-c--a-w 98,304 2004-01-23 00:09:00 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe
-c--a-w 65,536 2003-09-05 10:24:46 C:\Program Files\Toshiba\TOSCDSPD\bak\toscdspd.exe
-c--a-w 430,080 2004-04-30 23:42:36 C:\Program Files\Toshiba\TOSHIBA Applet\bak\thotkey.exe
-c--a-w 135,168 2004-03-02 20:45:28 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\bak\SmoothView.exe
-c--a-w 1,089,589 2004-02-03 21:47:06 C:\Program Files\Toshiba\Touch and Launch\bak\PadExe.exe
-c--a-w 159,744 2003-10-20 15:39:26 C:\Toshiba\IVP\ISM\bak\pinger.exe
-c--a-w 13,312 2003-03-31 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 15:21 198184]
"{31-1A-A4-4C-DW}"="C:\windows\system32\rwwnw64d.exe" [N/A]
"d0531ae3"="C:\WINDOWS\system32\sgeqbfmj.dll" [N/A]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [N/A]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 14:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 15:00 88363 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2004-03-03 12:57 278528 C:\WINDOWS\system32\TPSMain.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-05-07 11:54:09 155648]
Wireless Configuration Utility HW.15.lnk - C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-01-30 14:57:42 577536]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Toshiba\\Windows Utilities\\TACSPROP.exe"=
R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-04-14 14:52]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R2 SR Agent;Secure Resolutions Managed Agent;C:\Program Files\Sr\AgentSvc.exe [2005-07-16 21:13]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 EVOLUSB;%EVOL_USB_SvcDesc%;C:\WINDOWS\system32\drivers\evolusb.sys []
S3 npkycryp;npkycryp;E:\maple story\npkycryp.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5f97f56-94bd-11dc-a167-0014d134f3b7}]
\Shell\Auto\command - E:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{6857fe06-2060-02bb-d1cf-253de73d0c32} - C:\WINDOWS\system32\{41957f54-8c2c-de81-f2a7-893c69fd2cf2}.dll
BHO-{cb5a26c3-d9b3-4ab0-9efc-443595518284} - C:\Program Files\Starware408\bin\Starware408.dll
Toolbar-{6e4cc754-caa4-4576-9af1-68323d5760d4} - C:\Program Files\Starware408\bin\Starware408.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-05 06:24:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Sr\AgentFrm.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Sr\Compnts\Vr\PavSrv51.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sr\Compnts\Vr\AvEngine.exe
C:\WINDOWS\system32\TPSBattM.exe
.
**************************************************************************
.
Completion time: 2008-07-05 6:28:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-05 13:28:32
Pre-Run: 5,658,439,680 bytes free
Post-Run: 5,668,081,664 bytes free
348 --- E O F --- 2008-06-20 16:20:44
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:35, on 2008-07-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Sr\AgentSvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Sr\AgentFrm.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Sr\compnts\Vr\PavSrv51.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Sr\compnts\Vr\AVENGINE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\USER\Desktop\HJT\removal.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [{31-1A-A4-4C-DW}] C:\windows\system32\rwwnw64d.exe DWram1
O4 - HKLM\..\Run: [d0531ae3] rundll32.exe "C:\WINDOWS\system32\sgeqbfmj.dll",b
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resourc ... oscan8.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 2481735171O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Sr\compnts\Vr\PavSrv51.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Secure Resolutions Managed Agent (SR Agent) - Unknown owner - C:\Program Files\Sr\AgentSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
--
End of file - 7763 bytes