Combo Fix Log
ComboFix 07-08-29.2 - "Brad Andersen" 2007-09-05 8:49:52.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.331 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Brad Andersen\Desktop\CFscript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\jhqyaxcy.dll
C:\WINDOWS\SYSTEM32\cbxwxwt.dll
C:\WINDOWS\system32\cbxwxwt.dll
C:\WINDOWS\system32\edyjifut.dll
C:\WINDOWS\system32\qnbtgmqf.dll
C:\Program Files\ComPlus Applications\rybivof.dll
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\ssqpp.dll
C:\Program Files\ComPlus Applications\vikokix.html
C:\WINDOWS\svhost.exe
C:\WINDOWS\QnJhZCBBbmRlcnNlbg\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\bwqcamty.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\moveex.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\RegDACL.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\zip.exe
C:\SDFix\backups\attrib.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\find.exe
C:\SDFix\backups\findstr.exe
C:\SDFix\backups\HOSTS
C:\SDFix\backups\regedit.exe
C:\SDFix\backups_old1\attrib.exe
C:\SDFix\backups_old1\backupreg.zip
C:\SDFix\backups_old1\find.exe
C:\SDFix\backups_old1\findstr.exe
C:\SDFix\backups_old1\HOSTS
C:\SDFix\backups_old1\regedit.exe
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\Norman_Malware_Cleaner.exe
C:\SDFix\Report.txt
C:\SDFix\Report_old_1.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\VundoFix Backups
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\MabryObj.dll
((((((((((((((((((((((((( Files Created from 2007-08-05 to 2007-09-05 )))))))))))))))))))))))))))))))
2007-09-01 15:20 <DIR> d-------- C:\CD
2007-09-01 15:19 83,552 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-09-01 15:19 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2007-08-30 09:10 <DIR> d-------- C:\!KillBox
2007-08-29 17:58 <DIR> d-------- C:\HJackT
2007-08-28 16:58 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-28 13:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-28 13:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-28 09:03 2,158 --a------ C:\WINDOWS\mozver.dat
2007-08-28 08:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-27 08:25 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-24 13:21 <DIR> d-------- C:\regsearch
2007-08-24 10:39 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-24 08:47 <DIR> d--hs---- C:\WINDOWS\QnJhZCBBbmRlcnNlbg
2007-08-24 08:47 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-08-23 09:22 <DIR> d-------- C:\WINDOWS\system32\temps1
2007-08-23 09:22 <DIR> d-------- C:\WINDOWS\system32\IBD4
2007-08-23 09:22 <DIR> d-------- C:\WINDOWS\system32\dllz1
2007-08-23 09:22 <DIR> d-------- C:\WINDOWS\system32\cofig32
2007-08-23 09:22 <DIR> d-------- C:\Temp
2007-08-23 09:22 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-05 08:53 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-05 08:52 --------- d-------- C:\Program Files\LogMeIn
2007-08-31 13:26 --------- d-------- C:\DOCUME~1\BRADAN~1\APPLIC~1\LogMeIn Rescue
2007-08-30 10:23 --------- d-------- C:\Program Files\Auction Sentry
2007-08-27 12:20 --------- d-------- C:\Program Files\MyPublisher
2007-08-27 12:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek
2007-08-23 09:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-21 11:19 --------- d-------- C:\Program Files\DC++
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-27 11:46 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-16 20:45 --------- d-------- C:\Program Files\Norton Internet Security
2007-06-26 10:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 09:09 658944 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 10:36 2090 --a------ C:\WINDOWS\panose.bin
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 13:09 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 13:09 615424 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 13:09 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 13:09 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 13:09 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 13:09 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 13:09 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 13:09 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 13:09 3058688 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 13:09 251392 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 13:09 205312 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 13:09 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 13:09 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 13:09 1494528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 13:09 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 13:09 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 13:09 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 09:07 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 05:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
2006-11-15 16:23 630784 --a------ C:\DOCUME~1\BRADAN~1\chatlnk.exe
2005-11-07 22:23:04 56 --sh--r C:\WINDOWS\system32\8E0EFC85BA.sys
2005-11-07 22:23:05 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
---- Directory of C:\WINDOWS\QnJhZCBBbmRlcnNlbg ----
---- Directory of C:\WINDOWS\system32\temps1 ----
---- Directory of C:\WINDOWS\system32\IBD4 ----
---- Directory of C:\WINDOWS\system32\dllz1 ----
---- Directory of C:\WINDOWS\system32\cofig32 ----
---- Directory of C:\Temp ----
---- Directory of C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon ----
2007-08-23 09:22 14 --a------ C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon\domains.txt
2007-08-23 09:22 124 --a------ C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon\log.txt
---- Directory of C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon ----
2007-08-24 08:47 14 --a------ C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt
2007-08-24 08:47 124 --a------ C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt
---- Directory of C:\Program Files\Network Monitor ----
C:\Program Files\Network Monitor\
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 23:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 23:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 23:10]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-08 17:03]
"HPWNTOOLBOX"="C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe" [2004-07-01 18:47]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-03 07:16]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-26 10:15]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
C:\DOCUME~1\BRADAN~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-03 15:46:41]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2005-07-29 09:26 8704 C:\WINDOWS\system32\PCANotify.dll
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys
*Newly Created Service* - LMIINFO
*Newly Created Service* - LMIRFSCLIENTNP
Contents of the 'Scheduled Tasks' folder
2007-09-01 12:45:39 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Brad Andersen.job - C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE
2007-09-05 14:00:00 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-09-05 09:01:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-05 9:03:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-05 09:03
C:\ComboFix2.txt ... 2007-08-29 17:28
C:\ComboFix3.txt ... 2007-08-29 17:11
--- E O F ---