Results from ComboFix:
ComboFix 07-08-14.4 - "Patti" 2007-08-19 21:53:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.272 [GMT -4:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\a.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\autorun.exe
C:\DOCUME~1\Patti\APPLIC~1.\crosof~1.net
C:\DOCUME~1\Patti\APPLIC~1.\dobe~1
C:\DOCUME~1\Patti\APPLIC~1.\ecurit~1
C:\DOCUME~1\Patti\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\Patti\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\Patti\APPLIC~1\..\err.log
C:\DOCUME~1\Patti\APPLIC~1\Microsoft\25319.dat
C:\DOCUME~1\Patti\APPLIC~1\WinAntiSpyware 2007\Logs\update.log
C:\DOCUME~1\Patti\MYDOCU~1.\icroso~1
C:\DOCUME~1\Patti\STARTM~1\Programs.\Outerinfo
C:\DOCUME~1\Patti\STARTM~1\Programs.\Outerinfo\Terms.lnk
C:\DOCUME~1\Patti\STARTM~1\Programs.\Outerinfo\Uninstall.lnk
C:\DOCUME~1\Patti\STARTM~1\Programs\Startup.\system.exe
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Program Files\appatc~1
C:\Program Files\appatc~1\A?pPatch\
C:\Program Files\appatc~1\explorer.exe
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\Program Files\Messenger\zykisuh.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\pppatc~1
C:\Program Files\WindowsUpdate\vixyz4444.dll
C:\Program Files\WindowsUpdate\vixyz83122.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\bi.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hyomeyd.exe
C:\WINDOWS\hyomeydA.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\new_drv.sys
C:\WINDOWS\pbar.dll
C:\WINDOWS\rau001978.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\stcloader.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\sysrlb32.exe
C:\WINDOWS\system32\180ax.exe
C:\WINDOWS\system32\7_exception.nls
C:\WINDOWS\system32\bi.dll
C:\WINDOWS\system32\biprep.exe
C:\WINDOWS\system32\configs
C:\WINDOWS\system32\configs\kmhp83122.exe
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\crosof~1.net\?ti2evxx.exe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver\w717.exe
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\remove_spyware_button.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\drivers\secuity_center_logo.gif
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\F3\n553.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\icroso~1.net
C:\WINDOWS\system32\KB05401733.exe
C:\WINDOWS\system32\KB35675404.exe
C:\WINDOWS\system32\KB37658028.exe
C:\WINDOWS\system32\KB49214670.exe
C:\WINDOWS\system32\KB58956977.exe
C:\WINDOWS\system32\KB73687313.exe
C:\WINDOWS\system32\KB78583298.exe
C:\WINDOWS\system32\KB82468156.exe
C:\WINDOWS\system32\KB86927746.exe
C:\WINDOWS\system32\kdxsk.exe
C:\WINDOWS\system32\lfd32.ini
C:\WINDOWS\system32\msbind32.exe
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\msscds32.dll
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\qdogswdk.exe
C:\WINDOWS\system32\rkgmibus.exe
C:\WINDOWS\system32\salm.exe
C:\WINDOWS\system32\satmat.exe
C:\WINDOWS\system32\sl.bin
C:\WINDOWS\system32\spooldr.ini
C:\WINDOWS\system32\stimon.dll
C:\WINDOWS\system32\susp.exe
C:\WINDOWS\system32\updatetc.exe
C:\WINDOWS\system32\vcud.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wcpicomsv.exe
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\WinAvXX.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wmvds32.dll
C:\WINDOWS\TISKY009.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\voiceip.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NET_AGENT
-------\LEGACY_NEW_DRV
-------\LEGACY_NTMLSVC
-------\LEGACY_POOF
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\LEGACY_SYMAVC32
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\Net Agent
-------\NtmlSvc
((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 )))))))))))))))))))))))))))))))
2007-08-19 20:43 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 15:51 192,625 --a------ C:\WINDOWS\system32\kwinqmdt.exe
2007-08-17 20:31 <DIR> d-------- C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\Lavasoft
2007-08-17 20:26 37,376 --a------ C:\WINDOWS\system32\vtr441.dll
2007-08-17 20:24 786,432 --ah----- C:\DOCUME~1\ADMINI~1.FAM\NTUSER.DAT
2007-08-17 20:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1.FAM\WINDOWS
2007-08-17 20:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1.FAM\APPLIC~1\Gtek
2007-08-17 19:57 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-17 19:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-08-17 19:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Gtek
2007-08-17 12:57 <DIR> d-------- C:\WINDOWS\LogFiles
2007-08-16 19:20 10,000 --a------ C:\WINDOWS\system32\sder4gh.dll
2007-08-13 11:13 26,454 --a------ C:\WINDOWS\system32\afn.exe
2007-08-12 18:13 3,072 --a------ C:\WINDOWS\u4j3d4e1.exe
2007-08-11 12:26 173,056 --a------ C:\WINDOWS\system32\drivers\Kpa37.sys
2007-08-11 12:21 173,056 --a------ C:\WINDOWS\system32\drivers\Qdwa41.sys
2007-08-10 11:11 12 --a------ C:\WINDOWS\system32\sl.bin
2007-08-09 10:00 <DIR> d-------- C:\Program Files\XXXPlugin
2007-08-08 20:30 153 --a------ C:\WINDOWS\system32\delFSF.bat
2007-08-08 20:06 23,851 --ah----- C:\wsusupd.exe
2007-08-08 20:06 15,360 --a------ C:\WINDOWS\addoo32.exe
2007-08-08 20:05 13,697 --a------ C:\WINDOWS\system32\KB_963491.exe
2007-08-08 15:00 <DIR> d-------- C:\VundoFix Backups
2007-08-08 14:40 <DIR> d-------- C:\Program Files\Trend Micro
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-19 22:54 --------- d--h----- C:\Program Files\WindowsUpdate
2007-08-19 22:38 --------- d-------- C:\Program Files\Messenger
2007-08-19 20:42 --------- d-------- C:\Program Files\Lx_cats
2007-08-06 20:55 --------- d-------- C:\Program Files\LimeWire
2007-08-06 18:28 --------- d-------- C:\DOCUME~1\Patti\APPLIC~1\LimeWire
2007-08-05 15:08 --------- d-------- C:\DOCUME~1\Patti\APPLIC~1\AdobeUM
2007-08-05 14:48 --------- d-------- C:\DOCUME~1\Patti\APPLIC~1\OpenOffice.org2
2007-08-03 17:36 55296 --a------ C:\WINDOWS\system32\haspnt32.dll
2007-07-12 22:18 --------- d-------- C:\DOCUME~1\Patti\APPLIC~1\Google
2007-07-12 22:07 --------- d-------- C:\Program Files\Google
2004-12-04 19:52 0 --a------ C:\WINDOWS\prefetch\ADDBE32.DLL
2005-01-18 18:09:10 0 --sha-w C:\WINDOWS\lyxwy.dll
2004-11-25 16:15:08 94,784 --sha-w C:\WINDOWS\twain.dll
2001-08-18 12:00:00 46,592 --sh--w C:\WINDOWS\twain_32.dll
2004-11-25 03:07:00 1,007 --sha-w C:\WINDOWS\system32\iewo32.dll
2002-08-29 10:41:10 569,344 --sh--w C:\WINDOWS\system32\oleaut32.dll
2001-08-18 12:00:00 9,728 --sh--w C:\WINDOWS\system32\regsvr32.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-05-22 12:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"infamous.exe"="C:\Program Files\Windows Media Player\wmplayer.exe" [2005-01-28 14:44]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" []
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-10 10:32]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW4"="" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-13 15:00:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{740470CC-C8E1-4325-BD9B-03DD0C0C226C}"= haspnt32.dll [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"GXDNCVdudvH"= {304EC1B2-9AE4-6B18-7E6A-480461BD63AB} - C:\WINDOWS\System32\nc.dll [2006-08-08 20:06 14848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\System32\hanonvt.ini
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Patti^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Patti^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
R0 Bstg74;Bstg74;C:\WINDOWS\System32\drivers\Bstg74.sys
R0 sonypvl2;sonypvl2;C:\WINDOWS\System32\drivers\sonypvl2.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\System32\drivers\cdudf_xp.sys
R1 pwd_2K;pwd_2K;C:\WINDOWS\System32\drivers\pwd_2K.sys
R1 sonypvf2;sonypvf2;C:\WINDOWS\System32\drivers\sonypvf2.sys
R1 sonypvt2;sonypvt2;C:\WINDOWS\System32\drivers\sonypvt2.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\System32\drivers\UdfReadr_xp.sys
R2 PackethSvc;Virtual NIC Service;C:\WINDOWS\System32\PackethSvc.exe
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 mmc_2K;mmc_2K;C:\WINDOWS\System32\drivers\mmc_2K.sys
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys
S1 sonypvd2;sonypvd2;C:\WINDOWS\System32\DRIVERS\sonypvd2.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\System32\drivers\dvd_2K.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E02310B4E666}]
C:\WINDOWS\system32\tmrsrv32.exe
Contents of the 'Scheduled Tasks' folder
2007-08-11 19:17:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-19 22:54:44
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\Soap Bubbles.bmp:hubou 10752 bytes executable
C:\WINDOWS\FeatherTexture.bmp:yvzkw 10752 bytes executable
C:\WINDOWS\GatorHDPlugin.log-old.log:jvrqq 29696 bytes executable
C:\WINDOWS\REGLOCS.OLD:kccehy 64000 bytes executable
C:\WINDOWS\vmmreg32.dll:ewhaqp 29696 bytes executable
C:\WINDOWS\vsapi32.dll:izqnz 10752 bytes executable
C:\WINDOWS\Windows Update.log:cwkle 56320 bytes executable
C:\WINDOWS\svcpack.log:zvtbw 29696 bytes executable
C:\WINDOWS\comsetup.log:lmxvf 56320 bytes executable
C:\WINDOWS\ipdg32.dll:rrpuff 10752 bytes executable
C:\WINDOWS\ipir32.dll:ussnba 29696 bytes executable
C:\WINDOWS\iplu32.dll:giikop 55808 bytes executable
C:\WINDOWS\tsoc.log:xffqo 56320 bytes executable
C:\WINDOWS\twain.dll:typet 10752 bytes executable
C:\WINDOWS\Blue Lace 16.bmp:gdlnkx 70144 bytes executable
C:\WINDOWS\bootstat.dat:ebyot 29696 bytes executable
C:\WINDOWS\BPMNT.dll:rafdvq 10752 bytes executable
C:\WINDOWS\Compaq Amber.BMP:hregdv 10752 bytes executable
C:\WINDOWS\Compaq Sapphire.BMP:zrwmfg 29696 bytes executable
C:\WINDOWS\winhw32.dll:lszwfk 55808 bytes executable
C:\WINDOWS\winmp.dll:krsjsj 10752 bytes executable
C:\WINDOWS\winnt256.bmp:bvtnh 10752 bytes executable
C:\WINDOWS\wints32.dll:twmsj 29696 bytes executable
C:\WINDOWS\wints32.dll:vtwboe 29696 bytes executable
C:\WINDOWS\winuc32.dll:izftp 10752 bytes executable
C:\WINDOWS\winyn.dll:aaqzr 29696 bytes executable
C:\WINDOWS\liveup.ini:hfbofm 29696 bytes executable
C:\WINDOWS\LPT$VPN.606:oylpg 29696 bytes executable
C:\WINDOWS\addsq32.dll:huerl 56320 bytes executable
C:\WINDOWS\addsw32.dll:zstwt 29696 bytes executable
C:\WINDOWS\apicg32.dll:dvcpns 10752 bytes executable
C:\WINDOWS\apidi32.dll:vwvchc 29696 bytes executable
C:\WINDOWS\apiey.dll:bexemc 10752 bytes executable
C:\WINDOWS\apihg.dll:ufikpf 29696 bytes executable
C:\WINDOWS\netuo.dll:bjnfoi 55808 bytes executable
C:\WINDOWS\ntdtcsetup.log:btyswc 10752 bytes executable
C:\WINDOWS\d3cd32.dll:ukwax 10752 bytes executable
C:\WINDOWS\d3ll32.dll:juikif 10752 bytes executable
C:\WINDOWS\d3os32.dll:elofa 29696 bytes executable
C:\WINDOWS\d3sg32.dll:bvapcq 29696 bytes executable
C:\WINDOWS\sdket32.dll:hchkee 10752 bytes executable
C:\WINDOWS\sdkic.dll:acapgo 29696 bytes executable
C:\WINDOWS\sdkjd.dll:ptlsgt 10752 bytes executable
C:\WINDOWS\sdkls32.dll:iuexae 29696 bytes executable
C:\WINDOWS\sdkxq32.dll:uiswk 10752 bytes executable
C:\WINDOWS\SDSALRES.dll:mjlbe 29696 bytes executable
C:\WINDOWS\atlfr.dll:thgade 55808 bytes executable
C:\WINDOWS\atlow.dll:ugdntr 10752 bytes executable
C:\WINDOWS\atlyk.dll:azkshg 29696 bytes executable
C:\WINDOWS\AuHCcup1.ini:magaz 10752 bytes executable
C:\WINDOWS\sysri.dll:vkvezm 10752 bytes executable
C:\WINDOWS\mtcap.ini:kawglb 10752 bytes executable
C:\WINDOWS\N6Uninst.exe:ctplfd 29696 bytes executable
C:\WINDOWS\netpi.dll:mfxeqm 10752 bytes executable
C:\WINDOWS\netqu32.dll:vvkvq 55808 bytes executable
C:\WINDOWS\netrd32.dll:fgijso 29696 bytes executable
C:\WINDOWS\xpsp1hfm.log:plcuel 10752 bytes executable
C:\WINDOWS\_default.pif:zxzau 103943 bytes executable
C:\WINDOWS\apirw.dll:ojgip 10752 bytes executable
C:\WINDOWS\apiwm32.dll:hkrnr 29696 bytes executable
C:\WINDOWS\apply.dll:nmhriu 29696 bytes executable
C:\WINDOWS\appmi32.dll:dcsnrb 68096 bytes executable
C:\WINDOWS\ntij32.dll:uujxzm 29696 bytes executable
C:\WINDOWS\ocmsn.log:bhzzx 29696 bytes executable
C:\WINDOWS\mfcjq32.dll:nbaxrw 68096 bytes executable
C:\WINDOWS\mfcpb32.dll:cukxt 55808 bytes executable
C:\WINDOWS\iemo.dll:yqtbbd 10752 bytes executable
C:\WINDOWS\ieqm.dll:qqmgvf 29696 bytes executable
C:\WINDOWS\crfb32.dll:ifhemn 64000 bytes executable
C:\WINDOWS\crhl.dll:kpmcwc 10752 bytes executable
C:\WINDOWS\crjj.dll:dpfqye 29696 bytes executable
C:\WINDOWS\crjq32.dll:gndcsq 68096 bytes executable
C:\WINDOWS\twunk_32.exe:lzakn 29696 bytes executable
C:\WINDOWS\vb.ini:lhnwk 29696 bytes executable
C:\WINDOWS\addbe32.dll:hrbrr 10752 bytes executable
C:\WINDOWS\system32\drivers\Bstg74.sys
C:\WINDOWS\system32\drivers\symavc32.sys
scan completed successfully
hidden files: 77
**************************************************************************
Completion time: 2007-08-19 23:02:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-19 23:02
--- E O F ---
-------------------------------------------------------------------------------------_____________________________________________________________
Results from virustotal:
Antivirus Version Last Update Result
AhnLab-V3 2007.8.18.0 2007.08.18 -
AntiVir 7.4.1.62 2007.08.19 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.08.17 -
Avast 4.7.1029.0 2007.08.20 -
AVG 7.5.0.484 2007.08.19 -
BitDefender 7.2 2007.08.20 -
CAT-QuickHeal 9.00 2007.08.18 TrojanDownloader.Agent.bxx
ClamAV 0.91 2007.08.20 -
DrWeb 4.33 2007.08.19 Trojan.Proxy.1739
eSafe 7.0.15.0 2007.08.16 -
eTrust-Vet 31.1.5069 2007.08.18 -
Ewido 4.0 2007.08.19 -
FileAdvisor 1 2007.08.20 -
Fortinet 2.91.0.0 2007.08.19 W32/Agent.BXX!tr.dldr
F-Prot 4.3.2.48 2007.08.17 -
F-Secure 6.70.13030.0 2007.08.19 -
Ikarus T3.1.1.12 2007.08.19 Trojan-Downloader.Win32.Agent.bxx
Kaspersky 4.0.2.24 2007.08.20 -
McAfee 5100 2007.08.17 -
Microsoft 1.2803 2007.08.19 -
NOD32v2 2470 2007.08.19 -
Norman 5.80.02 2007.08.17 -
Panda 9.0.0.4 2007.08.19 Adware/WinAntiVirus2007
Prevx1 V2 2007.08.20 -
Rising 19.36.60.00 2007.08.19 -
Sophos 4.20.0 2007.08.12 -
Sunbelt 2.2.907.0 2007.08.18 -
Symantec 10 2007.08.20 Trojan.Perfcoo
TheHacker 6.1.8.170 2007.08.17 -
VBA32 3.12.2.2 2007.08.17 -
VirusBuster 4.3.26:9 2007.08.19 -
Webwasher-Gateway 6.0.1 2007.08.20 Trojan.Crypt.XPACK.Gen
Additional information
File size: 6144 bytes
MD5: b26f13d207ca8e073bb6632118d00537
SHA1: b49acae0cd0c5d30633e9531cee288cf0ccb98d4
_____________________________________________________________
Results from Uninstall list:
18 Wheels of Steel Pedal to the Metal
3D Groove Playback Engine
7 Wonders of the Ancient World
888.info
ABBYY FineReader 6.0 Sprint Plus
ACDSee
Action Replay Code Manager
Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Advanced Font Viewer 2.4
AIM 6.0
AOL Toolbar 4.0
Apple Software Update
ArcSoft Software Suite
Barbie® As Sleeping Beauty
Blasterball 2 Holidays (Free with Game Console - WildGames)
Boggle® Supreme
Caillou(R) Birthday Party(TM)
Coloreal
Compaq Wallpaper
Compaq WinDVD
Deer's Revenge
Disney's Toontown Online
Easy CD Creator 5 Basic
Encarta Online
Everyday Spelling Grade 3
Fisher-Price® - Toddler
Fisher-Price® Big Action Construction
Font Creator 5.0
Fuel Tax By WolfByte
GAIN
Game Console - WildGames
GdiplusUpgrade
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
GuitarVision
hhy_worldss Screen Saver
Hijackthis 1.99.1
HijackThis 2.0.2
Hot Shots Bug Drop
HP Image Zone 4.2
HP Photo Imaging Software
HP Photo Printing Software
HP PSC & Officejet 4.7 Corporate Edition
HP Software Update
ImageMixer for Sony DVD Handycam
InterActual Player
InterVideo Installer
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
JumpStart Kindergarten v2.4b
JumpStart Preschool v2.0
Kids Next Door
Lexmark 7100 Series
Lexmark 7100 Series Fax Solutions
Linksys EasyLink Advisor 1.5 (1045)
LoadLedger
Luxor
Luxor: Amun Rising
Macromedia Shockwave Player
MGI PhotoSuite III SE (Remove Only)
Microsoft .NET Framework 1.1
Microsoft Location Finder
Microsoft Works 6.0
MicroStaff WINASPI
Mini Car Racing
MLB.com Playball
Monster Truck Stunts v1.2
MSN Add-in for Windows Messenger
MSN Music Assistant
MSXML 4.0 SP2 Parser and SDK
Netscape (7.1)
Netscape (7.2)
NHRA Drag Racing
Nikon Message Center
NVIDIA Windows 2000/XP Display Drivers
OfotoNow
OpenOffice.org 2.0
Opera
Outlook Express Q837009
overland
Owl and Mouse MegaMaps
PhonicsTutor Classic Demo
Pic-Tac-Toe
PictureProject
Plantasia
PopCap Browser Plugin
Princess Castle Party
Quicken 2005
QuickTime
RealArcade
RealPlayer
Registry Booster
Road Runner Medic 5.3
Roll
School House Rock Grammar Rock
SCRABBLE
Sean's Magic Slate
Security Task Manager 1.7
Shockwave
Sierra On-Line Games (Remove only)
Sony DVD Handycam USB Driver
SoundMAX
Spybot - Search & Destroy 1.4
Sudoku
Super Collapse II
Super Collapse! II
Super SpongeBob Collapse!
Super TextTwist
Tarzan Action Game
The Print Shop® 6.0 Deluxe
The Weather Channel
TOBYMAC_saver
TurboTax Deluxe 2003
TurboTax Deluxe 2004
UnderTheSea3D
USB6800 Instant Drive
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtools 3D Life Player
W&G Screen Saver
Weather Services
WexTech AnswerWorks
Where in the USA is Carmen Sandiego?
Where in the World is Carmen Sandiego?
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB835732
Windows XP Service Pack 1a
Word Challenger
Word Munchers
Word Slinger
Writing Trek Ages 4-6
XXXPlugin
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar
_______________________________________________________________New..HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:55 PM, on 8/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tmrsrv32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\PATTI\Application Data\Mozilla\Profiles\default\wkrltbti.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\PATTI\Application Data\Mozilla\Profiles\default\wkrltbti.slt\prefs.js)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [infamous.exe] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O20 - AppInit_DLLs: C:\WINDOWS\System32\hanonvt.ini
O21 - SSODL: GXDNCVdudvH - {304EC1B2-9AE4-6B18-7E6A-480461BD63AB} - C:\WINDOWS\System32\nc.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
--
End of file - 3470 bytes
Thanks for your help!!!