HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37, on 2009-01-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PVSW\Bin\W3dbsmgr.exe
C:\WINDOWS\system32\logon.scr
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust Antivirus\realmon.exe" -s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\W3dbsmgr.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1962450637
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1962445062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = industries.local
O17 - HKLM\Software\..\Telephony: DomainName = industries.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{8167E0FB-CCE4-4BE0-8226-4C8B8E5FA78F}: NameServer = 192.168.100.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = industries.local
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 6348 bytes
******************************
******************************
******************************
ComboFix:
ComboFix 09-01-21.04 - ron 2009-01-30 18:22:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1519.941 [GMT -6:00]
Running from: c:\temp\ComboFix.exe
AV: eTrust ITM *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))))
.
2009-01-30 17:53 . 2009-01-30 17:54 3,048,418 -ra------ c:\temp\ComboFix.exe
2009-01-30 17:23 . 2009-01-30 17:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-30 17:22 . 2009-01-30 17:22 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-30 17:22 . 2009-01-30 17:22 <DIR> d-------- c:\documents and settings\ron\Application Data\SUPERAntiSpyware.com
2009-01-30 17:21 . 2009-01-30 17:21 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-30 17:15 . 2009-01-30 17:21 5,966,368 --a------ c:\temp\SUPERAntiSpyware.exe
2009-01-30 16:25 . 2009-01-30 16:25 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-30 16:24 . 2009-01-30 16:24 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-30 16:24 . 2009-01-30 16:24 <DIR> d-------- c:\program files\MSBuild
2009-01-30 16:23 . 2009-01-30 16:24 <DIR> d-------- C:\33e582246e9ab4ba9c24788d
2009-01-30 16:23 . 2008-07-06 06:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-30 16:23 . 2008-07-06 06:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-30 16:23 . 2008-07-06 04:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-30 16:23 . 2008-07-06 06:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-30 16:23 . 2008-07-06 06:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-30 16:23 . 2008-07-06 06:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-30 16:23 . 2008-07-06 06:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-30 16:22 . 2009-01-30 16:38 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-30 14:43 . 2009-01-30 14:45 1,886,800 --a------ c:\temp\install_flash_player_10_active_x.exe
2009-01-30 14:33 . 2009-01-30 14:33 <DIR> d-------- c:\windows\Sun
2009-01-30 14:33 . 2009-01-30 14:33 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-30 14:29 . 2009-01-30 14:28 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-30 14:29 . 2009-01-30 14:28 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-30 14:28 . 2009-01-30 14:28 <DIR> d-------- c:\program files\Java
2009-01-30 14:14 . 2009-01-30 14:14 <DIR> d-------- c:\program files\CCleaner
2009-01-30 14:12 . 2009-01-30 14:14 3,171,208 --a------ c:\temp\ccsetup216.exe
2009-01-30 13:50 . 2009-01-30 13:50 50,688 --a------ c:\temp\ATF-Cleaner.exe
2009-01-30 13:34 . 2009-01-30 13:34 532,480 --a------ c:\temp\cwshredder.exe
2009-01-30 11:45 . 2009-01-30 11:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-30 11:45 . 2009-01-30 11:45 <DIR> d-------- c:\documents and settings\ron\Application Data\Malwarebytes
2009-01-30 11:45 . 2009-01-30 11:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-30 11:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-30 11:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-30 11:44 . 2009-01-30 11:44 2,737,808 --a------ c:\temp\mbam-setup.exe
2009-01-30 10:10 . 2009-01-30 10:12 <DIR> d-------- c:\temp\Delete
2009-01-28 08:25 . 2009-01-28 08:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\SageInstalls
2009-01-28 08:25 . 2009-01-28 08:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sage
2009-01-28 08:25 . 2007-10-08 06:19 1,843,200 --a------ c:\windows\system32\acXMLParser.dll
2009-01-28 08:24 . 2009-01-28 08:25 <DIR> d-------- c:\program files\Common Files\Sage
2009-01-28 08:24 . 2009-01-28 08:24 <DIR> d-------- c:\program files\Common Files\Crystal Decisions
2009-01-28 08:24 . 2007-10-08 13:30 3,518,464 --a------ c:\windows\system32\cdintf300.dll
2009-01-28 08:24 . 2007-03-13 19:28 1,265,716 --------- c:\windows\system32\cxlib-1-6.dll
2009-01-28 08:24 . 2007-03-13 19:28 1,249,334 --------- c:\windows\system32\cxlibw-1-6.dll
2009-01-28 08:24 . 2007-12-13 19:23 901,768 --------- c:\windows\system32\pvxodbc.dll
2009-01-28 08:24 . 2007-12-13 19:23 262,792 --------- c:\windows\system32\pvxio.dll
2009-01-27 14:21 . 2009-01-27 14:21 1,071 --a------ c:\windows\AWMODEM.INF
2009-01-27 14:19 . 2004-08-04 06:00 132,608 --a--c--- c:\windows\system32\dllcache\fxsclntr.dll
2009-01-27 14:19 . 2004-08-04 06:00 111,104 --a--c--- c:\windows\system32\dllcache\fxscfgwz.dll
2009-01-27 14:19 . 2004-08-04 06:00 31,744 --a--c--- c:\windows\system32\dllcache\fxsroute.dll
2009-01-27 14:19 . 2004-08-04 06:00 11,264 --a--c--- c:\windows\system32\dllcache\fxssend.exe
2009-01-27 14:18 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-27 14:18 . 2008-04-14 00:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-01-27 14:18 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2009-01-27 14:18 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2009-01-27 14:18 . 2008-04-14 00:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-01-27 14:18 . 2008-04-14 00:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-01-14 13:52 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-01-14 13:11 . 2008-10-16 14:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-01-14 13:11 . 2007-04-17 03:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-14 13:11 . 2007-03-07 23:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-14 13:11 . 2008-10-16 14:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-01-14 13:11 . 2008-10-16 14:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-14 13:11 . 2008-10-16 14:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-01-14 13:11 . 2008-10-16 14:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-01-14 13:11 . 2008-10-16 14:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-14 13:11 . 2008-10-16 07:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-10 06:38 . 2008-10-23 06:36 286,720 -----c--- c:\windows\system32\dllcache\gdi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 14:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688]
"Realtime Monitor"="c:\program files\CA\eTrust Antivirus\realmon.exe" [2005-12-10 274432]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-30 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\Bin\W3dbsmgr.exe [2004-10-05 105472]
Ulead Photo Express 4.0 SE Calendar Checker .lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-10-27 69632]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3317183837-1499861873-4127397810-1114\Scripts\Logon\0\0]
"Script"=logon.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3317183837-1499861873-4127397810-1117\Scripts\Logon\0\0]
"Script"=logon.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3317183837-1499861873-4127397810-1119\Scripts\Logon\0\0]
"Script"=logon.bat
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrust Antivirus\\Shellscn.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"c:\\PVSW\\Bin\\W3dbsmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 MagEpNt;MagEpNt;c:\windows\system32\drivers\magepnt.sys [2006-09-05 26304]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM
*NewlyCreated* - SASKUTIL
*Deregistered* - m_qxckcrvkag
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
2009-01-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = 127.0.0.1
TCP: {8167E0FB-CCE4-4BE0-8226-4C8B8E5FA78F} = 192.168.100.4
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 18:25:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m_qxckcrvkag]
"ImagePath"="\??\c:\program files\Common Files\System\m_qxckcrvkag32.dll"
.
Completion time: 2009-01-30 18:28:10
ComboFix-quarantined-files.txt 2009-01-31 00:28:07
Pre-Run: 16,494,628,352 bytes free
Post-Run: 16,693,411,328 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
195 --- E O F --- 2009-01-30 12:26:24