ComboFix 07-10-09.3 - Administrator 2007-10-09 18:44:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.193 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator.RICKEEE\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\d.exe
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\8_exception.nls
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\tsitra.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\winh32.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_RUNTIME
-------\runtime
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.
2007-10-09 18:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 18:43 50,176 --a------ C:\WINDOWS\system32\ktasr.dll
2007-10-09 18:27 0 --a------ C:\WINDOWS\system32\qiawpbjj.dll
2007-10-09 17:44 50,176 --a------ C:\WINDOWS\system32\btasv.dll
2007-10-09 17:44 28,160 --a------ C:\uuuj.exe
2007-10-09 17:44 24,064 --a------ C:\ucixikxr.exe
2007-10-09 17:44 1,918 --a------ C:\WINDOWS\system32\conf.dat
2007-10-08 09:33 7,388 --a------ C:\dcksdix.exe
2007-10-07 19:41 73,216 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-07 10:29 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-06 16:31 43,848 --a------ C:\lhowls.exe
2007-10-06 16:31 39,452 --a------ C:\pspw.exe
2007-10-06 16:31 32,256 --a------ C:\jqdbw.exe
2007-10-06 16:30 <DIR> d-------- C:\Program Files\Application name
2007-10-06 16:30 54,273 --a------ C:\WINDOWS\Application name Uninstaller.exe
2007-10-06 16:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-06 16:22 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-10-06 11:20 7,552 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2007-10-06 11:04 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-06 11:04 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-06 11:04 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-06 11:03 <DIR> d-------- C:\Program Files\Alwil Software
2007-10-06 11:03 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-10-06 11:03 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-06 11:03 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-06 11:03 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-06 11:03 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-06 10:33 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-05 13:38 72,220 --a------ C:\qewtcr.exe
2007-10-05 13:38 43,848 --a------ C:\vnasoqi.exe
2007-10-05 13:16 <DIR> d-------- C:\Program Files\Sygate
2007-10-05 13:16 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-10-05 13:16 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-10-05 13:16 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-10-05 13:16 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-10-05 13:16 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-10-05 13:16 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-10-05 13:16 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-10-05 12:18 13,568 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-05 12:18 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-05 11:39 <DIR> d-------- C:\ie-spyad_zo
2007-10-05 11:16 109,196 --a------ C:\hmwbeiik.exe
2007-10-05 08:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-04 19:45 51,200 --a------ C:\WINDOWS\system32\g82.exe
2007-10-04 19:45 40,966 --a------ C:\WINDOWS\system32\ld.exe
2007-10-04 19:45 2 --a------ C:\WINDOWS\system32\faxwin32.bin
2007-10-01 20:13 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Opera
2007-10-01 20:13 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Opera
2007-10-01 20:13 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Opera
2007-09-27 15:20 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-09-26 22:52 <DIR> d-------- C:\Documents and Settings\Administrator.RICKEEE\Shared
2007-09-26 22:52 <DIR> d-------- C:\Documents and Settings\Administrator.RICKEEE\Incomplete
2007-09-26 22:52 <DIR> d-------- C:\Documents and Settings\Administrator.RICKEEE\Application Data\LimeWire
2007-09-26 21:55 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-09-26 21:55 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-09-26 19:11 <DIR> d-------- C:\WINDOWS\system32\vMW06a
2007-09-26 19:11 880,968 --a------ C:\WINDOWS\system32\RabioSetup.exe
2007-09-26 19:11 26,624 --a------ C:\WINDOWS\plite731.exe
2007-09-26 19:11 41 --a------ C:\WINDOWS\plite731_uninstaller_.bat
2007-09-26 19:10 153 --a------ C:\WINDOWS\system32\delFSF.bat
2007-09-26 13:16 158,464 --a------ C:\WINDOWS\system32\2305b6e2.sys
2007-09-26 13:15 <DIR> d-------- C:\WINDOWS\system32\vMW03a
2007-09-26 01:47 90,176 --a------ C:\WINDOWS\system32\rluaocxa.exe
2007-09-24 18:17 <DIR> d-------- C:\Documents and Settings\Administrator.RICKEEE\Application Data\WinRAR
2007-09-23 19:32 0 --a------ C:\WINDOWS\PowerReg.dat
2007-09-23 19:13 <DIR> d-------- C:\Program Files\directx
2007-09-23 18:11 <DIR> d-------- C:\Program Files\Infogrames Interactive
2007-09-23 02:45 2,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-22 18:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2007-09-22 18:30 <DIR> d-------- C:\Documents and Settings\Administrator.RICKEEE\Application Data\MailFrontier
2007-09-22 18:30 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-09-22 18:29 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-09-22 18:29 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-09-22 18:18 152,576 --a------ C:\WINDOWS\system32\npdl.exe
2007-09-22 18:03 3,956 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-22 18:01 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-22 18:01 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-22 18:01 196,608 --a------ C:\WINDOWS\system32\Process.exe
2007-09-22 18:01 128,000 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-22 16:34 <DIR> d-------- C:\Documents and Settings\Administrator.RICKEEE\Application Data\Lavasoft
2007-09-22 16:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2007-09-22 13:46 2,006,440 ---hs---- C:\WINDOWS\system32\rstwa.bak2
2007-09-22 01:18 <DIR> d-------- C:\Downloads
2007-09-22 01:18 <DIR> d-------- C:\Documents and Settings\Administrator.RICKEEE\Application Data\GetRightToGo
2007-09-22 01:12 <DIR> d-------- C:\Documents and Settings\Administrator.RICKEEE\Application Data\mIRC
2007-09-21 16:19 <DIR> d-------- C:\Documents and Settings\Administrator.RICKEEE\Application Data\Apple Computer
2007-09-21 16:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-09-21 16:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-09-21 14:12 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Opera
2007-09-21 01:45 2,004,777 ---hs---- C:\WINDOWS\system32\rstwa.bak1
2007-09-21 01:38 <DIR> d-------- C:\WINDOWS\system32\GRB9
2007-09-21 01:38 <DIR> d--hs---- C:\WINDOWS\cmlja3kgb3J0aXo
2007-09-20 18:48 <DIR> d-------- C:\Program Files\Broadcom Management Programs
2007-09-20 18:45 43,136 --a------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
2007-09-20 04:12 <DIR> d-------- C:\Documents and Settings\Administrator.RICKEEE\Application Data\Viewpoint
2007-09-20 01:11 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2007-09-20 01:06 <DIR> d-------- C:\Drivers
2007-09-20 01:06 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_v4342.dll
2007-09-20 01:05 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_v4020.dll
2007-09-20 00:58 <DIR> d-------- C:\Documents and Settings\Administrator.RICKEEE\Application Data\GTek
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 01:52 --------- d-----w C:\Program Files\Steam
2007-10-09 00:40 --------- d-----w C:\Program Files\BearShare
2007-10-08 23:50 --------- d-----w C:\Program Files\QuickTime
2007-10-08 02:40 --------- d-----w C:\Program Files\LimeWire
2007-10-05 16:54 --------- d-----w C:\Program Files\Opera
2007-10-05 16:50 --------- d-----w C:\Program Files\iTunes
2007-10-05 16:36 --------- d-----w C:\Program Files\AIM6
2007-10-05 15:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-05 02:45 841 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif
2007-10-05 02:45 811 ----a-w C:\WINDOWS\system32\drivers\download_btn.gif
2007-10-05 02:45 746 ----a-w C:\WINDOWS\system32\drivers\buy_btn.gif
2007-10-05 02:45 737 ----a-w C:\WINDOWS\system32\drivers\logo_bg.gif
2007-10-05 02:45 580 ----a-w C:\WINDOWS\system32\drivers\features.gif
2007-10-05 02:45 579 ----a-w C:\WINDOWS\system32\drivers\spy_away_header_small.gif
2007-10-05 02:45 567 ----a-w C:\WINDOWS\system32\drivers\users_rating.gif
2007-10-05 02:45 5,097 ----a-w C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
2007-10-05 02:45 427 ----a-w C:\WINDOWS\system32\drivers\4_stars.gif
2007-10-05 02:45 4,557 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg
2007-10-05 02:45 365 ----a-w C:\WINDOWS\system32\drivers\5_stars.gif
2007-10-05 02:45 14,484 ----a-w C:\WINDOWS\system32\drivers\protect.gif
2007-10-05 02:45 1,804 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif
2007-10-05 02:45 1,139 ----a-w C:\WINDOWS\system32\drivers\spy_away_header.gif
2007-10-05 02:45 1,009 ----a-w C:\WINDOWS\system32\drivers\arrow.gif
2007-09-27 15:22 --------- d-----w C:\Program Files\mIRC
2007-09-24 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-23 09:48 1,100 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-23 01:17 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-09-21 23:12 --------- d-----w C:\Program Files\Apple Software Update
2007-09-19 06:18 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-19 02:55 --------- d-----w C:\Program Files\Yahoo!
2007-09-18 03:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-08 10:26 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-09-08 09:19 --------- d-----w C:\Program Files\Common Files\ComponentOne
2007-09-07 05:19 --------- d-----w C:\Program Files\MSN Messenger
2007-09-06 23:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-09-05 19:06 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-08-17 11:38 --------- d-----w C:\Program Files\Lavasoft
2007-08-13 04:24 --------- d-----w C:\Program Files\Samsung
2007-08-13 04:14 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-08-10 04:28 --------- d-----w C:\Program Files\Microsoft Works
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\cmlja3kgb3J0aXo\wA53ua40vaLXurC.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{026B5895-3E8E-49A9-8EEE-B52A326DA962}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{033B7F98-4A9D-48A2-8C44-84B6932B4729}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4522BF4C-91AA-2AC7-F6C3-02F9FA534F67}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56A265F3-87E1-4D6D-96D3-0F5847DD63C0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89C1122F-F527-4256-890B-A9FC76E503C9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971D5B7B-F7DF-43ee-B771-6B7FA09975C3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{989FA1DC-DA38-46C0-96BA-1EC054D8192C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7A1CDCD-0F5C-44AF-95A7-29D486A22097}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3352FCD-CFE5-4F35-831A-19C68DDB7CF4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFB0805C-1AA1-4E79-9608-29AA398010A4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF50F976-592A-47a4-81C7-AD34D5A3A947}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7AB6D2B-956B-467A-99A5-4F94554B1EDD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"RRT-Auto"="C:\Documents and Settings\Administrator.RICKEEE\Desktop\RRT.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 23:48]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" []
"zrwvijnx"="C:\Program Files\Zksklobt\zrwvijnx.exe" []
"jtbavqrc"="C:\Program Files\Qvctyzhs\jtbavqrc.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-10-04 19:44]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-19 13:54]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09]
"WinAble"="C:\Program Files\WinAble\winable.exe" []
"ISMModule4"="C:\Program Files\ISM\ISMModule4.exe" []
C:\Documents and Settings\Administrator.RICKEEE\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
PowerReg Scheduler V3.exe [2007-09-23 19:33:02]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcayw]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32]
S1 a25edfcb.sys;a25edfcb.sys;\??\C:\WINDOWS\system32\drivers\a25edfcb.sys
S3 PCIUtil;PCI Utility;\??\C:\DOCUME~1\ADMINI~1.RIC\LOCALS~1\Temp\PCIUtil.sys
S3 vtdg46xx;vtdg46xx;\??\C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys
S3 ZD1211BU(WLAN);IEEE 802.11g USB Wireless LAN(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-05 17:28:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-09 18:52:40
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-09 18:56:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 18:55
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:26 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\update\update.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.serial99.com/?a
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {026B5895-3E8E-49A9-8EEE-B52A326DA962} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {033B7F98-4A9D-48A2-8C44-84B6932B4729} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {4522BF4C-91AA-2AC7-F6C3-02F9FA534F67} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {56A265F3-87E1-4D6D-96D3-0F5847DD63C0} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {89C1122F-F527-4256-890B-A9FC76E503C9} - (no file)
O2 - BHO: (no name) - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - (no file)
O2 - BHO: (no name) - {989FA1DC-DA38-46C0-96BA-1EC054D8192C} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B7A1CDCD-0F5C-44AF-95A7-29D486A22097} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {CFB0805C-1AA1-4E79-9608-29AA398010A4} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: Flash Module - {DF50F976-592A-47a4-81C7-AD34D5A3A947} - btasv.dll (file missing)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {F7AB6D2B-956B-467A-99A5-4F94554B1EDD} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\Administrator.RICKEEE\Desktop\RRT.exe auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [zrwvijnx] C:\Program Files\Zksklobt\zrwvijnx.exe
O4 - HKLM\..\Run: [jtbavqrc] C:\Program Files\Qvctyzhs\jtbavqrc.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\IEEE 802.11g USB Wireless LAN\Wireless LAN\WlanUtil.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: iifcayw - C:\WINDOWS\
O20 - Winlogon Notify: winghy32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 8372 bytes