-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, August 23, 2007 7:31:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 23/08/2007
Kaspersky Anti-Virus database records: 388347
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
Scan Statistics:
Total number of scanned objects: 36576
Number of viruses found: 11
Number of infected objects: 28
Number of suspicious objects: 6
Duration of the scan process: 02:42:08
Infected Object Name / Virus Name / Last Action
C:\B7.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\B7.tmp NSIS: infected - 1 skipped
C:\B8.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
C:\B8.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
C:\B8.tmp NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PurityScan.zip/offun.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PurityScan.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/retadpu72.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots\RegDPF-Global.reg Suspicious: Exploit.HTML.Mht skipped
C:\Documents and Settings\Heather\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Heather\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Heather\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Heather\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Heather\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Heather\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070822-131402-338 Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Windows Media Player\hoqeri4444.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{B9A206C5-A712-4FA9-9E8A-C0F5C8DB174D}\RP193\change.log Object is locked skipped
C:\Temp\bY001.exe/data0002/data0002 Infected: not-a-virus:AdWare.Win32.TTC.b skipped
C:\Temp\bY001.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.b skipped
C:\Temp\bY001.exe/data0006 Infected: Virus.Win32.Virut.i skipped
C:\Temp\bY001.exe/data0007 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Temp\bY001.exe/data0008 Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\Temp\bY001.exe NSIS: infected - 5 skipped
C:\VundoFix Backups\tuvuttr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{D50619AF-DB76-4400-B95B-002F9FD8D5DA}.bin Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{E3E867A5-DDAC-4A5E-97C7-D691F2B1FEAF}.bin Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\byxxyvv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\system.LOG Object is locked skipped
C:\WINNT\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINNT\system32\h323log.txt Object is locked skipped
C:\WINNT\system32\jpibdljd.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINNT\system32\myybenwd.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINNT\system32\okrdpkgx.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINNT\system32\opnomlm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINNT\system32\scqfrbgl.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINNT\system32\slqexlnf.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINNT\system32\vjjgnlli.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINNT\system32\X1\kmhp83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.b skipped
C:\WINNT\system32\X1\kmhp83122.exe NSIS: infected - 1 skipped
C:\WINNT\system32\xobxfnvg.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINNT\system32\yayvtqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINNT\TTC-4444.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINNT\TTC-4444.exe NSIS: infected - 1 skipped
C:\WINNT\wiadebug.log Object is locked skipped
C:\WINNT\wiaservc.log Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
Scan process completed.
ComboFix 07-08-17.2 - "Heather" 2007-08-23 19:53:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.67 [GMT -4:00]
((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))
2007-08-23 19:34 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-23 17:19 <DIR> d-------- C:\WINNT\system32\SoftwareDistribution
2007-08-23 16:37 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2007-08-23 16:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-22 18:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
2007-08-21 13:30 <DIR> d-------- C:\WINNT\system32\PreInstall
2007-08-21 13:29 22,752 --a------ C:\WINNT\system32\spupdsvc.exe
2007-08-21 00:49 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-08-20 22:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Comodo
2007-08-20 17:30 <DIR> d-------- C:\VundoFix Backups
2007-08-20 17:26 <DIR> d-------- C:\DOCUME~1\Heather\APPLIC~1\Comodo
2007-08-20 17:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-20 17:19 <DIR> d-------- C:\Program Files\Comodo
2007-08-20 13:30 83,456 --a------ C:\WINNT\system32\mtxoci.dll
2007-08-20 13:30 64,512 --a------ C:\WINNT\system32\mtxclu.dll
2007-08-20 13:21 <DIR> d--h----- C:\WINNT\$hf_mig$
2007-08-20 13:04 <DIR> d-------- C:\WINNT\Prefetch
2007-08-20 11:42 <DIR> d-------- C:\WINNT\ServicePackFiles
2007-08-20 11:42 <DIR> d-------- C:\WINNT\ehome
2007-08-20 11:12 9,216 --a------ C:\WINNT\system32\wuauserv.dll
2007-08-20 11:12 86,016 --a------ C:\WINNT\system32\xactsrv.dll
2007-08-20 11:12 56,832 --a------ C:\WINNT\system32\wzcdlg.dll
2007-08-20 11:12 446,464 --a------ C:\WINNT\system32\wmvdmoe.dll
2007-08-20 11:12 38,912 --a------ C:\WINNT\system32\wsnmp32.dll
2007-08-20 11:12 264,704 --a------ C:\WINNT\system32\wzcsvc.dll
2007-08-20 11:12 247,808 --a------ C:\WINNT\system32\wow32.dll
2007-08-20 11:12 24,576 --------- C:\WINNT\system32\odbcbcp.dll
2007-08-20 11:12 23,552 --a------ C:\WINNT\system32\wzcsapi.dll
2007-08-20 11:12 172,664 --a------ C:\WINNT\system32\xenroll.dll
2007-08-20 11:12 17,408 --a------ C:\WINNT\system32\wtsapi32.dll
2007-08-20 11:12 13,312 --a------ C:\WINNT\system32\wship6.dll
2007-08-20 11:11 86,528 --a------ C:\WINNT\system32\wlnotify.dll
2007-08-20 11:11 77,824 --a------ C:\WINNT\system32\wmpstub.exe
2007-08-20 11:11 51,200 --a------ C:\WINNT\system32\wmerrenu.dll
2007-08-20 11:11 48,128 --a------ C:\WINNT\system32\winsta.dll
2007-08-20 11:11 311,327 --a------ C:\WINNT\system32\wmv8dmod.dll
2007-08-20 11:11 296,448 --a------ C:\WINNT\system32\wmstream.dll
2007-08-20 11:11 168,448 --a------ C:\WINNT\system32\wldap32.dll
2007-08-20 11:11 118,784 --a------ C:\WINNT\system32\wmsdmoe.dll
2007-08-20 11:10 9,856 --------- C:\WINNT\system32\drivers\tunmp.sys
2007-08-20 11:10 88,064 --a------ C:\WINNT\system32\tscfgwmi.dll
2007-08-20 11:10 81,920 --a------ C:\WINNT\system32\trkwks.dll
2007-08-20 11:10 61,952 --a------ C:\WINNT\system32\webclnt.dll
2007-08-20 11:10 60,416 --a------ C:\WINNT\system32\wextract.exe
2007-08-20 11:10 48,640 --a------ C:\WINNT\system32\vdmredir.dll
2007-08-20 11:10 479,261 --a------ C:\WINNT\system32\vbscript.dll
2007-08-20 11:10 47,616 --a------ C:\WINNT\system32\utilman.exe
2007-08-20 11:10 409,088 --a------ C:\WINNT\system32\vssapi.dll
2007-08-20 11:10 40,960 --a------ C:\WINNT\system32\tscupgrd.exe
2007-08-20 11:10 384,000 --a------ C:\WINNT\system32\themeui.dll
2007-08-20 11:10 339,456 --a------ C:\WINNT\system32\usp10.dll
2007-08-20 11:10 32,256 --a------ C:\WINNT\system32\umandlg.dll
2007-08-20 11:10 266,752 --a------ C:\WINNT\winhlp32.exe
2007-08-20 11:10 231,424 --a------ C:\WINNT\system32\upnpui.dll
2007-08-20 11:10 22,016 --a------ C:\WINNT\system32\udhisapi.dll
2007-08-20 11:10 203,264 --a------ C:\WINNT\system32\uxtheme.dll
2007-08-20 11:10 171,520 --a------ C:\WINNT\system32\winmm.dll
2007-08-20 11:10 165,376 --a------ C:\WINNT\system32\w32time.dll
2007-08-20 11:10 164,864 --a------ C:\WINNT\system32\upnphost.dll
2007-08-20 11:10 16,384 --a------ C:\WINNT\system32\watchdog.sys
2007-08-20 11:10 16,384 --a------ C:\WINNT\system32\ups.exe
2007-08-20 11:10 124,928 --a------ C:\WINNT\system32\webvw.dll
2007-08-20 11:10 120,320 --a------ C:\WINNT\system32\upnp.dll
2007-08-20 11:10 119,808 --a------ C:\WINNT\system32\wiadss.dll
2007-08-20 11:10 107,008 --a------ C:\WINNT\system32\umpnpmgr.dll
2007-08-20 11:10 10,752 --a------ C:\WINNT\system32\tracert.exe
2007-08-20 11:09 82,944 --a------ C:\WINNT\system32\smlogsvc.exe
2007-08-20 11:09 8,192 --a------ C:\WINNT\system32\scrnsave.scr
2007-08-20 11:09 75,912 --a------ C:\WINNT\system32\rdpwsx.dll
2007-08-20 11:09 74,240 --a------ C:\WINNT\system32\rtcshare.exe
2007-08-20 11:09 72,192 --a------ C:\WINNT\system32\telnet.exe
2007-08-20 11:09 71,168 --a------ C:\WINNT\system32\storprop.dll
2007-08-20 11:09 71,168 --a------ C:\WINNT\system32\sdbinst.exe
2007-08-20 11:09 674,816 --a------ C:\WINNT\system32\sxs.dll
2007-08-20 11:09 667,648 --a------ C:\WINNT\system32\ss3dfo.scr
2007-08-20 11:09 66,560 --a------ C:\WINNT\system32\spoolss.dll
2007-08-20 11:09 66,048 --a------ C:\WINNT\system32\sigverif.exe
2007-08-20 11:09 638,976 --a------ C:\WINNT\system32\sstext3d.scr
2007-08-20 11:09 63,488 --a------ C:\WINNT\system32\srclient.dll
2007-08-20 11:09 62,976 --a------ C:\WINNT\system32\shgina.dll
2007-08-20 11:09 61,952 --a------ C:\WINNT\system32\sti.dll
2007-08-20 11:09 60,416 --a------ C:\WINNT\system32\shimeng.dll
2007-08-20 11:09 6,144 --a------ C:\WINNT\system32\sensapi.dll
2007-08-20 11:09 569,344 --a------ C:\WINNT\system32\sspipes.scr
2007-08-20 11:09 56,320 --a------ C:\WINNT\system32\remotepg.dll
2007-08-20 11:09 534,016 --a------ C:\WINNT\system32\spider.exe
2007-08-20 11:09 52,224 --a------ C:\WINNT\system32\secur32.dll
2007-08-20 11:09 5,504 --------- C:\WINNT\system32\drivers\smbali.sys
2007-08-20 11:09 48,128 --a------ C:\WINNT\system32\reg.exe
2007-08-20 11:09 44,032 --a------ C:\WINNT\system32\regapi.dll
2007-08-20 11:09 43,008 --a------ C:\WINNT\system32\ssdpsrv.dll
2007-08-20 11:09 420,864 --a------ C:\WINNT\system32\shimgvw.dll
2007-08-20 11:09 364,544 --a------ C:\WINNT\system32\ssflwbox.scr
2007-08-20 11:09 36,352 --a------ C:\WINNT\system32\sens.dll
2007-08-20 11:09 334,848 --a------ C:\WINNT\system32\smlogcfg.dll
2007-08-20 11:09 33,280 --a------ C:\WINNT\system32\shmgrate.exe
2007-08-20 11:09 3,338 --a------ C:\WINNT\system32\redir.exe
2007-08-20 11:09 297,984 --a------ C:\WINNT\system32\scesrv.dll
2007-08-20 11:09 27,136 --a------ C:\WINNT\system32\ssdpapi.dll
2007-08-20 11:09 251,904 --a------ C:\WINNT\system32\strmdll.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-22 18:15 --------- d-------- C:\Program Files\Lx_cats
2007-08-21 12:22 --------- d-------- C:\Program Files\eGames
2007-08-21 12:12 --------- d-------- C:\Program Files\Chuzzle Deluxe
2007-08-20 14:43 --------- d-------- C:\Program Files\MSN Messenger
2007-08-20 11:53 2682 --a------ C:\WINNT\pchealth\HELPCTR\PackageStore\SkuStore.bin
2007-08-20 11:49 --------- d-------- C:\Program Files\Messenger
2007-08-20 11:41 --------- d-------- C:\Program Files\Movie Maker
2007-08-11 15:11 --------- d-------- C:\Program Files\Yahoo!
2007-08-10 14:47 --------- d-------- C:\Program Files\Common Files\Scanner
2007-08-07 19:50 --------- d-------- C:\DOCUME~1\Heather\APPLIC~1\Wal-Mart Digital Photo Manager
2007-07-30 19:19 92504 --a------ C:\WINNT\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINNT\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINNT\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINNT\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINNT\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINNT\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINNT\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINNT\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINNT\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINNT\system32\wups.dll
2007-07-22 04:50 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-07-22 03:15 --------- d-------- C:\Program Files\eMusic Download Manager
2007-07-21 01:15 --------- d-------- C:\Program Files\Real
2007-07-21 01:13 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-11 13:10 --------- d-------- C:\DOCUME~1\Heather\APPLIC~1\Wal-Mart Digital Photo Viewer
2007-07-11 13:06 --------- d-------- C:\Program Files\Wal-Mart
2007-07-11 13:06 --------- d-------- C:\Program Files\Common Files\HP
2007-07-11 13:02 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-11 13:02 --------- d-------- C:\Program Files\aVinci
2007-07-11 13:02 --------- d-------- C:\DOCUME~1\Heather\APPLIC~1\InstallShield
2007-06-26 18:51 --------- d-------- C:\DOCUME~1\Heather\APPLIC~1\Yahoo!
2007-06-26 14:16 --------- d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-03-12 17:44 271 ---hs---- C:\Program Files\desktop.ini
2007-03-12 17:44 21952 --ah-c--- C:\Program Files\folder.htt
2005-07-29 20:24:26 472 --sha-r C:\WINNT\VXNlcg\prh5w0.vbs
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C8C899C-437C-3FDD-2974-39B67F38F2C2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D7DE6B8-603E-40A1-BB8F-585584718B00}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE228ECA-E9DE-4D4F-BFC6-06449D1862D1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB570C0A-4881-4222-953F-FA1597452335}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E76CAA55-332F-41C6-B0CC-D03CF5078A03}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFB96FBB-095A-422B-968B-68DBACC2B0CE}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F64ADC5C-78F5-4B33-8EC1-EF1D51C949DC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2001-08-23 08:00 C:\WINNT\system32\mobsync.exe]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 05:11]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 05:12]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 05:11]
"LXCTCATS"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 08:27]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-17 10:31]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"Affntiog"="C:\Program Files\Common Files\??pPatch\w?crtupd.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Outlook Express\prolyzuqo.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxur]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvuttr]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutu]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
R3 neo20xx;neo20xx;C:\WINNT\System32\DRIVERS\neo20xx.sys
R3 W8335XP;3Com OfficeConnect Wireless 54Mbps 11g PC Card Driver;C:\WINNT\System32\DRIVERS\MRV8335XP.sys
R3 wdm_nm6;NeoMagic MagicMedia 256 + AC97 Driver (WDM);C:\WINNT\System32\drivers\nm6wdm.sys
S3 DLINK11G;D-Link AirPlus G Wireless Adapter;C:\WINNT\System32\DRIVERS\TNET1130.SYS
S3 DLKRCB;D-Link DFE-690TXD CardBus PC Card;C:\WINNT\System32\DRIVERS\DLKRCB.SYS
S3 maestro;ESS Maestro 3 Audio Driver (WDM);C:\WINNT\System32\drivers\es198x.sys
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINNT\System32\DRIVERS\usb8023.sys
*Newly Created Service* - ALG
*Newly Created Service* - CATCHME
*Newly Created Service* - IPNAT
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 19:56:36
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
C:\WINNT\system32\cmd.exe [3324] 0x8165D750
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-23 19:58:11
C:\ComboFix-quarantined-files.txt ... 2007-08-23 19:57
C:\ComboFix2.txt ... 2007-08-23 19:50
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:39 PM, on 8/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\lxctcoms.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\good program.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.x/24
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - (no file)
O2 - BHO: (no name) - {3C8C899C-437C-3FDD-2974-39B67F38F2C2} - (no file)
O2 - BHO: (no name) - {3D7DE6B8-603E-40A1-BB8F-585584718B00} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - (no file)
O2 - BHO: (no name) - {CE228ECA-E9DE-4D4F-BFC6-06449D1862D1} - (no file)
O2 - BHO: (no name) - {DB570C0A-4881-4222-953F-FA1597452335} - (no file)
O2 - BHO: (no name) - {E76CAA55-332F-41C6-B0CC-D03CF5078A03} - (no file)
O2 - BHO: (no name) - {EFB96FBB-095A-422B-968B-68DBACC2B0CE} - (no file)
O2 - BHO: (no name) - {F64ADC5C-78F5-4B33-8EC1-EF1D51C949DC} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINNT\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Affntiog] "C:\Program Files\Common Files\??pPatch\w?crtupd.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZCxdm238MGUS
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://www.malwareremoval.com/forum
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/ ... /tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/ ... poti_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} -
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - Winlogon Notify: cbxur - C:\WINNT\
O20 - Winlogon Notify: tuvuttr - C:\WINNT\
O20 - Winlogon Notify: vtutu - C:\WINNT\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxct_device - - C:\WINNT\System32\lxctcoms.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Outlook Express\prolyzuqo.html
--
End of file - 8032 bytes