Virus scan results
Known viruses: 410643 Updated: 10-09-2007
File size (Kb): 116 Virus bodies: 0
Files: 1 Warnings: 0
Archives: 0 Suspicious: 0
Combo fix
ComboFix 07-09-10.2 - "Marc" 2007-09-09 17:56:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.56 [GMT -5:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Marc\APPLIC~1\WinTouch
C:\DOCUME~1\Marc\APPLIC~1\WinTouch\wintouch.cfg
C:\DOCUME~1\Marc\APPLIC~1\WinTouch\WinTouch.exe
C:\DOCUME~1\Marc\APPLIC~1\WinTouch\WTUninstaller.exe
C:\DOCUME~1\Marc\err.log
C:\DOCUME~1\Marc\MYDOCU~1\ICROSO~1.NET
C:\DOCUME~1\Marc\MYDOCU~1\ICROSO~1.NET\?icrosoft.NET\
C:\DOCUME~1\Marc\STARTM~1\Programs\Outerinfo
C:\DOCUME~1\Marc\STARTM~1\Programs\Outerinfo\Terms.lnk
C:\DOCUME~1\Marc\STARTM~1\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\winpop
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\bass.exe
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\b138.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\icroso~1
C:\WINDOWS\icroso~1\r?gedit.exe
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\ffpcvdfh.exe
C:\WINDOWS\system32\gtcwcomy.dll
C:\WINDOWS\system32\gtgyhksb.exe
C:\WINDOWS\system32\hoptvosk.exe
C:\WINDOWS\system32\jcybokgj.exe
C:\WINDOWS\system32\kyaigbju.exe
C:\WINDOWS\system32\lilyvbbj.exe
C:\WINDOWS\system32\mkireoos.exe
C:\WINDOWS\system32\njnicykg.exe
C:\WINDOWS\system32\oeponlhu.exe
C:\WINDOWS\system32\omssyvqo.exe
C:\WINDOWS\system32\ptqokbho.exe
C:\WINDOWS\system32\wtscc.exe
C:\WINDOWS\system32\xufofcwu.exe
C:\WINDOWS\system32\ymfottwa.exe
C:\WINDOWS\SYSTEM32\ymocwctg.ini
C:\WINDOWS\system32\zwmqwqrf.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_SFSYNC02
-------\sfsync02
((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.
2007-09-09 17:36 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-08 12:32 <DIR> d-------- C:\VundoFix Backups
2007-09-03 08:32 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-03 08:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-03 08:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-03 00:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-02 19:22 <DIR> d-------- C:\Program Files\absolutist.com
2007-09-02 10:47 <DIR> d-------- C:\DOCUME~1\Marc\APPLIC~1\Tenebril
2007-09-01 15:41 512,688 --a------ C:\WINDOWS\SYSTEM32\XceedCry.dll
2007-09-01 15:41 423,784 --a------ C:\WINDOWS\SYSTEM32\XceedBkp.dll
2007-09-01 15:40 10,752 --a------ C:\WINDOWS\SYSTEM32\md5.dll
2007-09-01 15:40 <DIR> d-------- C:\Program Files\MalwareSweeper.com
2007-08-30 16:51 <DIR> d-------- C:\Program Files\LEGO Media
2007-08-29 06:05 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-08-29 06:03 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-08-29 06:03 <DIR> d-------- C:\DOCUME~1\Marc\APPLIC~1\SiteAdvisor
2007-08-29 06:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-08-29 05:57 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-08-29 05:57 37,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-08-29 05:57 34,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-08-29 05:57 32,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-08-29 05:57 170,408 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-08-29 05:56 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-08-29 05:45 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-08-26 17:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril
2007-08-26 16:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1.D9N\APPLIC~1\Sonic
2007-08-26 16:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1.D9N\APPLIC~1\Real
2007-08-26 16:47 40,960 --a-s---- C:\WINDOWS\SYSTEM32\ProcessKiller.dll
2007-08-26 16:47 180,224 --a-s---- C:\WINDOWS\SYSTEM32\archlib.dll
2007-08-26 16:47 169,544 --a-s---- C:\WINDOWS\SYSTEM32\SecuLoad.dll
2007-08-26 16:47 1,103,944 --a-s---- C:\WINDOWS\SYSTEM32\Protector.dll
2007-08-26 16:47 <DIR> d-------- C:\WINDOWS\SYSTEM32\tenarchlib
2007-08-26 16:47 <DIR> d-------- C:\Program Files\SpyCatcher
2007-08-26 16:35 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-23 21:02 <DIR> d-------- C:\DOCUME~1\Marc\APPLIC~1\NCH Swift Sound
2007-08-23 20:59 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-08-22 20:27 <DIR> d-------- C:\Program Files\TheRingtoneMaker
2007-08-21 19:50 <DIR> d-------- C:\WINDOWS\SYSTEM32\EXP
2007-08-21 19:50 <DIR> d-------- C:\Program Files\Expstudio
2007-08-21 19:47 <DIR> d-------- C:\WINDOWS\SYSTEM32\IBC22
2007-08-21 19:47 <DIR> d-------- C:\WINDOWS\SYSTEM32\cofig3
2007-08-17 17:52 374 --a------ C:\WINDOWS\EReg072.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-07 18:04 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-03 11:50 --------- d-------- C:\DOCUME~1\Marc\APPLIC~1\U3
2007-09-01 12:28 --------- d-------- C:\DOCUME~1\Marc\APPLIC~1\AdobeUM
2007-08-29 17:52 --------- d-------- C:\Program Files\McAfee
2007-08-29 06:37 --------- d-------- C:\Program Files\McAfee.com
2007-08-29 06:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-08-29 06:32 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-26 18:17 --------- d-------- C:\Program Files\PeoplePC
2007-08-23 16:14 --------- d-------- C:\Program Files\GameSpy Arcade
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-07-12 18:31 765952 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
2007-07-12 10:18 278528 --a------ C:\WINDOWS\SYSTEM32\livesnth.dll
2007-07-11 16:34 --------- d-------- C:\Program Files\PokerStars.NET
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-27 09:34 823808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-06-27 09:34 44544 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-06-27 09:34 384512 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-06-27 09:34 232960 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-06-27 09:34 230400 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-06-27 09:34 153088 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-06-27 09:34 124928 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-06-27 09:34 105984 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-06-27 09:34 102400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-06-27 03:27 63488 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-06-27 03:27 625152 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-06-27 02:00 161792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2007-06-26 01:08 1104896 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
2007-06-25 11:16 325632 --a------ C:\WINDOWS\SYSTEM32\EAREMOVE.EXE
2007-06-25 11:16 132608 --a------ C:\WINDOWS\SYSTEM32\EAEXEC.EXE
2007-06-19 08:31 282112 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll
2007-06-19 08:31 282112 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 05:23 1033216 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe
2004-10-03 13:29 3495391 --a--c--- C:\Program Files\Narcadlines_install.exe
2004-09-29 21:39 24265736 --a--c--- C:\Program Files\dotnetfx.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6489FD1-3EA5-4EEB-8BA0-051E171E0815}]
C:\WINDOWS\system32\ddcya.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-11-12 07:45]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 03:08]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56]
"CY_BG"="C:\WINDOWS\bp_bg.exe" [2003-04-18 11:30]
"Bart Station"="C:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe" [2005-07-14 12:01]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 04:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-25 22:35]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40]
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-07-09 10:56]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6028\SiteAdv.exe" [2007-02-08 21:39]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 22:36]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40]
"Qwzwd"="C:\WINDOWS\?icrosoft\r?gedit.exe" []
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" [2005-07-20 07:00]
"Malware Sweeper"="C:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe" [2006-06-12 17:53]
"HijackThis startup scan"="C:\Program Files\HijackThis\HijackThis.exe" []
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
DESKTOP.INI [2002-09-03 09:00:00]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56]
SpyCatcher Protector.lnk - C:\Program Files\SpyCatcher\Protector.exe [2007-08-26 16:47:30]
C:\DOCUME~1\ADMINI~1.D9N\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 09:00:00]
C:\DOCUME~1\Johna\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 09:00:00]
C:\DOCUME~1\Marc\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 09:00:00]
PowerReg Scheduler V3.exe [2007-08-06 11:20:08]
PowerReg Scheduler.exe [2007-03-02 16:32:02]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 09:00:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SOFTWARE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
R1 BpCdrVsd;BpCdrVsd;C:\WINDOWS\system32\drivers\BpCdrVsd.sys
R1 bpfinder;BACKPACK Finder;C:\WINDOWS\system32\DRIVERS\bpfinder.sys
R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
R3 bpflt;BACKPACK Filter;C:\WINDOWS\system32\DRIVERS\bpflt.sys
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 BP_FX_AT;BACKPACK USB;C:\WINDOWS\system32\DRIVERS\bp_fx_at.sys
S3 bppccard;BACKPACK PC Card;C:\WINDOWS\system32\DRIVERS\bppccard.sys
S3 bppnpdrv;BACKPACK Driver;C:\WINDOWS\system32\DRIVERS\bppnpdrv.sys
S3 bpusbdrv;BACKPACK USB 1 Cable;C:\WINDOWS\system32\DRIVERS\bpusbdrv.sys
S3 bpusbflt;BACKPACK USB Filter;C:\WINDOWS\system32\DRIVERS\bpusbflt.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG Mobile Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG Mobile Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\sscdserd.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c30780ff-c97f-11d9-b1c0-00038a000011}]
.
Contents of the 'Scheduled Tasks' folder
"2007-09-08 08:30:03 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\SYSTEM32\cleanmgr.exe
"2007-09-01 01:00:07 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D9NX6N31-Marc).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-08-29 10:53:29 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-01 06:10:15 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-09-10 18:09:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-10 18:17:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-10 18:17
.
--- E O F ---
hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 6:25:33 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\bp_bg.exe
C:\Program Files\PeoplePC\ISP6230\Browser\Bartshel.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\PeoplePC\ISP6230\Browser\PPShared.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\findvundo.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: (no name) - {C6489FD1-3EA5-4EEB-8BA0-051E171E0815} - C:\WINDOWS\system32\ddcya.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\bp_bg.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Qwzwd] C:\WINDOWS\?icrosoft\r?gedit.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" /START
O4 - HKCU\..\Run: [Malware Sweeper] C:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\HijackThis\HijackThis.exe /startupscan
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
https://objects.aol.com/mcafee/molbin/s ... cGDMgr.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} -
http://mediaplayer.walmart.com/installer/install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E98371A0-EC05-4E47-933B-FB7775E6D099}: NameServer = 66.209.10.202 66.102.163.232
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: SOFTWARE - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Thanks IndiGenus!!!
Johna