Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:45 PM, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://www.ak3.xpert.adecco.comO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://dev.srtest.com/srl_bin/sysreqlab3.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) -
http://www.slide.com/uploader/SlideImageUploader.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDow ... eqlab2.cabO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterfly.com/downloads/Uploader.cabO16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) -
http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cabO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
--
End of file - 7469 bytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Combofix Log:
ComboFix 08-08-09.03 - Marten 2008-08-09 21:08:48.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2527 [GMT -4:00]
Running from: C:\Documents and Settings\Marten\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\Marten\Application Data\inst.exe
C:\Documents and Settings\Marten\Application Data\macromedia\Flash Player\#SharedObjects\8WGC56CG\interclick.com
C:\Documents and Settings\Marten\Application Data\macromedia\Flash Player\#SharedObjects\8WGC56CG\interclick.com\ud.sol
C:\Documents and Settings\Marten\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Marten\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Marten\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\Marten\Application Data\WinAntiVirus Pro 2006\activator_info.txt
C:\Documents and Settings\Marten\Application Data\WinAntiVirus Pro 2006\Logs\Activate.log
C:\Documents and Settings\Marten\Application Data\WinAntiVirus Pro 2006\Logs\update.log
C:\Documents and Settings\Marten\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
C:\Documents and Settings\Marten\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
C:\Documents and Settings\Marten\Application Data\WinAntiVirus Pro 2006\PGE.dat
C:\WINDOWS\BMdf6e7feb.txt
C:\WINDOWS\BMdf6e7feb.xml
C:\WINDOWS\system32\bqgtltwe.dll
C:\WINDOWS\system32\ccqigs.dll
C:\WINDOWS\system32\cgitlx.dll
C:\WINDOWS\system32\cppegiig.dll
C:\WINDOWS\system32\csfxsgvs.dll
C:\WINDOWS\system32\dadbmxwv.ini
C:\WINDOWS\system32\dexnka.dll
C:\WINDOWS\system32\diqsnqud.dll
C:\WINDOWS\system32\djgqaw.dll
C:\WINDOWS\system32\dyisgneq.ini
C:\WINDOWS\system32\enryxqpq.ini
C:\WINDOWS\system32\fanexqtv.dll
C:\WINDOWS\system32\fkowthtn.dll
C:\WINDOWS\system32\fpbbpfka.ini
C:\WINDOWS\system32\ftcnnh.dll
C:\WINDOWS\system32\fxcytwlq.ini
C:\WINDOWS\system32\gdsemvsu.dll
C:\WINDOWS\system32\glgdghap.ini
C:\WINDOWS\system32\goxvcfvn.dll
C:\WINDOWS\system32\gsvklynt.dll
C:\WINDOWS\system32\guxwgfhb.dll
C:\WINDOWS\system32\hekxza.dll
C:\WINDOWS\system32\hkkpkekm.dll
C:\WINDOWS\system32\hlywjfax.dll
C:\WINDOWS\system32\hsvtcovd.ini
C:\WINDOWS\system32\hvnumtvm.ini
C:\WINDOWS\system32\jkdkof.dll
C:\WINDOWS\system32\jorgxtac.ini
C:\WINDOWS\system32\jsenckuo.dll
C:\WINDOWS\system32\ktqklb.dll
C:\WINDOWS\system32\kxgpaodc.dll
C:\WINDOWS\system32\kxnjioer.ini
C:\WINDOWS\system32\ljrxcdnu.ini
C:\WINDOWS\system32\lsqevp.dll
C:\WINDOWS\system32\mqoaurgy.ini
C:\WINDOWS\system32\mvtmunvh.dll
C:\WINDOWS\system32\npybfkpo.dll
C:\WINDOWS\system32\nveliweu.ini
C:\WINDOWS\system32\nywpxqoi.ini
C:\WINDOWS\system32\oeuigbbd.dll
C:\WINDOWS\system32\olmxvwnb.ini
C:\WINDOWS\system32\ommsgror.dll
C:\WINDOWS\system32\oubvpgax.ini
C:\WINDOWS\system32\ovutzb.dll
C:\WINDOWS\system32\pxrfos.dll
C:\WINDOWS\system32\qmfpmgxx.dll
C:\WINDOWS\system32\qpqxyrne.dll
C:\WINDOWS\system32\qtvobmna.ini
C:\WINDOWS\system32\reeerh.dll
C:\WINDOWS\system32\rgihsn.dll
C:\WINDOWS\system32\snjytkws.dll
C:\WINDOWS\system32\srugrv.dll
C:\WINDOWS\system32\tdmiaewy.ini
C:\WINDOWS\system32\uoukqumk.dll
C:\WINDOWS\system32\vamxnndb.dll
C:\WINDOWS\system32\vbthuysm.dll
C:\WINDOWS\system32\vfymnlha.dll
C:\WINDOWS\system32\vrlbscnd.dll
C:\WINDOWS\system32\xkgdlb.dll
C:\WINDOWS\system32\yjxulbbh.ini
C:\WINDOWS\system32\ykqxseye.dll
C:\WINDOWS\system32\yrkgljve.dll
C:\WINDOWS\system32\yxwHRtwa.ini
C:\WINDOWS\system32\yxwHRtwa.ini2
C:\WINDOWS\system32\zdplog.dll
.
---- Previous Run -------
.
C:\Program Files\Common Files\winantivirus pro 2006
C:\Program Files\Common Files\winantivirus pro 2006\wa6pinst.exe
C:\Program Files\Common Files\winantivirus pro 2006\WAPPChk.dll
C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FOPN
-------\Service_FOPN
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-08 23:35 . 2008-08-08 23:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-08-08 17:36 . 2008-08-08 17:36 2,048 --a------ C:\WINDOWS\system32\vavebjjd.exe
2008-08-07 10:18 . 2008-08-07 10:18 2,048 --a------ C:\WINDOWS\system32\ykqwejab.exe
2008-08-07 08:16 . 2008-08-07 08:16 2,048 --a------ C:\WINDOWS\system32\kgdjcrfe.exe
2008-08-05 17:01 . 2008-08-07 09:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-05 17:01 . 2008-08-05 17:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-04 21:59 . 2008-08-04 21:59 2,048 --a------ C:\WINDOWS\system32\cjlgoilk.exe
2008-07-31 10:47 . 2008-08-01 20:01 810 --ahs---- C:\WINDOWS\system32\womutjjj.ini
2008-07-31 00:45 . 2008-07-31 00:45 <DIR> d-------- C:\Documents and Settings\Marten\DoctorWeb
2008-07-30 22:46 . 2008-07-30 22:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-14 02:09 . 2008-07-14 02:09 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-07-12 19:59 . 2008-07-12 19:59 <DIR> d-------- C:\Program Files\Veoh Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 00:43 --------- d-----w C:\Documents and Settings\Marten\Application Data\MxBoost
2008-08-09 23:39 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-07 20:40 --------- d-----w C:\Documents and Settings\Marten\Application Data\dvdcss
2008-08-06 02:30 --------- d-----w C:\Program Files\Trillian
2008-08-04 14:18 --------- d-----w C:\Documents and Settings\Marten\Application Data\Maxthon2
2008-07-13 00:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 12:35 --------- d-----w C:\Documents and Settings\Marten\Application Data\uTorrent
2008-07-07 22:28 --------- d-----w C:\Documents and Settings\Marten\Application Data\nView_Wallpaper
2008-07-07 21:52 --------- d-----w C:\Program Files\Ventrilo
2008-07-07 21:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-03 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinSoftware
2008-07-02 22:27 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-02 22:27 47,360 ----a-w C:\Documents and Settings\Marten\Application Data\pcouffin.sys
2008-07-02 22:27 --------- d-----w C:\Program Files\DVDFab 5
2008-07-02 22:27 --------- d-----w C:\Documents and Settings\Marten\Application Data\Vso
2008-07-02 22:25 --------- d-----w C:\Documents and Settings\Marten\Application Data\RipIt4Me
2008-06-22 12:09 --------- d-----w C:\Program Files\eMule
2008-06-22 00:43 --------- d-----w C:\Documents and Settings\Marten\Application Data\AdobeUM
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 02:24 81 ----a-w C:\CTX.DAT
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-10 20:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-10 20:42 --------- d-----w C:\Program Files\RegCleaner
2005-12-21 13:48 2,248 -c--a-w C:\Documents and Settings\Marten\Application Data\wklnhst.dat
2005-12-12 02:33 89,800 -c--a-w C:\Documents and Settings\Marten\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2007-04-01 06:47 299520]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:56 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk
backup=C:\WINDOWS\pss\Color Calibration.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NCProTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk
backup=C:\WINDOWS\pss\NCProTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Marten^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Marten\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 C:\PROGRA~1\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2006-03-21 21:30 1191936 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 19:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
--a------ 2008-05-19 10:57 1400832 C:\Program Files\Curse\CurseClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 10:57 133016 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5400]
--a--c--- 2003-05-26 23:00 99840 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2G1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 01:31 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a--c--- 2005-12-04 16:38 437008 C:\Program Files\Microsoft IntelliType Pro\itype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a--c--- 2003-08-19 06:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexPPS.exe]
--a------ 2003-08-18 10:32 174592 C:\WINDOWS\system32\LEXPPS.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeChat]
--a--c--- 2007-01-26 14:31 259440 C:\Program Files\Microsoft LifeChat\LifeChat.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a--c--- 2004-08-04 01:31 59392 C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-02 22:46 13529088 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 22:46 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a--c--- 2006-03-21 14:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 01:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 01:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a--c--- 2006-05-20 06:13 188416 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra--c--- 2003-09-30 01:14 155648 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a--c--- 2007-07-27 01:22 1258744 C:\Program Files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-05 15:01 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a--c--- 2007-01-11 11:18 5288960 C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a--c--- 2005-05-03 18:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a--c--- 2005-09-21 15:32 2807808 C:\WINDOWS\ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a--c--- 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
--a--c--- 2003-07-14 10:52 40960 C:\WINDOWS\ltmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2005-09-21 10:24 86016 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\sandra.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcDataSrv.exe"=
"D:\\World of Warcraft\\WoW-1.8.0-enUS-downloader.exe"=
"D:\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe"=
"D:\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe"=
"C:\\StubInstaller.exe"=
"D:\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"=
"D:\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"=
"D:\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Documents and Settings\\Marten\\Application Data\\Maxthon2\\Maxthon.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-04-14 00:07]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 02:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaba4e5a-0366-11dc-bcfc-0011113ff874}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3da53ac-4fe0-11dc-bd7c-0011113ff874}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-06 C:\WINDOWS\Tasks\Ad-Aware SE Personal.job
- C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe [2005-05-27 14:22]
2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-08-06 C:\WINDOWS\Tasks\SpybotSD.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-01-28 11:43]
.
- - - - ORPHANS REMOVED - - - -
BHO-{27AF7590-1035-464C-A2BB-2FA3B8D3AC7B} - C:\Documents and Settings\Marten\Local Settings\Temporary Internet Files\Content.IE5\
0RSZHUD0\3077ahntdksr[1].dll
BHO-{3F63632A-EF8E-4E26-85CA-72C9EB35F785} - C:\WINDOWS\system32\awtRHwxy.dll
BHO-{99972D1B-964E-49EC-92F4-1EB39F4810A5} - C:\WINDOWS\system32\ddcBsstU.dll
BHO-{EB757622-6A08-41F6-98D5-96FF490F01A2} - C:\WINDOWS\system32\eqfcdndn.dll
Notify-ddcBsstU - ddcBsstU.dll
MSConfigStartUp-aimbooksoftwareremote - C:\Documents and Settings\All Users\Application Data\Cakedriveaimbook\army cast.exe
MSConfigStartUp-avgnt - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
MSConfigStartUp-BMdf6e7feb - C:\WINDOWS\system32\hpkfygmo.dll
MSConfigStartUp-dc5d4c77 - C:\WINDOWS\system32\qlwtycxf.dll
MSConfigStartUp-logeq - C:\DOCUME~1\Marten\APPLIC~1\BEEPFR~1\manager gpl fast.exe
MSConfigStartUp-New - C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
MSConfigStartUp-RemoteControl - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-WinAntiVirusPro2006 - C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe
MSConfigStartUp-Windows Defender - C:\Program Files\Windows Defender\MSASCui.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Marten\Application Data\Mozilla\Firefox\Profiles\rcvg7l1a.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL -
hxxp://search.yahoo.com/search?fr=ffsp1&p=FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://www.yahoo.com/**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-09 21:14:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
.
**************************************************************************
.
Completion time: 2008-08-09 21:25:12 - machine was rebooted [Marten]
ComboFix-quarantined-files.txt 2008-08-10 01:24:59
Pre-Run: 3,354,398,720 bytes free
Post-Run: 3,406,032,896 bytes free
340 --- E O F --- 2008-07-14 06:10:03