ComboFix Log
ComboFix 07-10-26.4 - BKing 2007-10-27 14:42:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.424 [GMT -4:00]
Running from: C:\Documents and Settings\bking\My Documents\H Drive\ComboFix\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\bking\Application Data.\AVSystemCare
C:\Documents and Settings\bking\Application Data.\AVSystemCare\avtasks.dat
C:\Documents and Settings\bking\Application Data.\AVSystemCare\Logs\av.log
C:\Documents and Settings\bking\Application Data.\AVSystemCare\Logs\ga6Support.log
C:\Documents and Settings\bking\Application Data.\AVSystemCare\Logs\update.log
C:\Documents and Settings\bking\Application Data\BestsellerAntivirus
C:\Documents and Settings\bking\Application Data\BestsellerAntivirus\avtasks.dat
C:\Documents and Settings\bking\Application Data\BestsellerAntivirus\Logs\av.log
C:\Documents and Settings\bking\Application Data\BestsellerAntivirus\Logs\ga6Support.log
C:\Documents and Settings\bking\Application Data\BestsellerAntivirus\Logs\update.log
C:\Documents and Settings\bking\Application Data\BestsellerAntivirus\PGE.dat
C:\Documents and Settings\bking\Desktop\Live Safety Center.lnk
C:\Documents and Settings\bking\Desktop\Online Security Guide.lnk
C:\Documents and Settings\bking\Favorites\Online Security Guide.lnk
C:\Documents and Settings\bking\ResErrors.log
C:\Documents and Settings\LocalService\Desktop\Live Safety Center.lnk
C:\Documents and Settings\LocalService\Desktop\Online Security Guide.lnk
C:\Documents and Settings\LocalService\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Temp\fCOe
C:\UGA6P
C:\WINDOWS\system32\dqviqifr.dll
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\fyzuvrwa.dllbox
C:\WINDOWS\system32\jmllm.bak1
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.bak2
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\oTt08e
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pbhtwadm.dll
C:\WINDOWS\system32\rrutv.bak1
C:\WINDOWS\system32\rrutv.bak2
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\vtutrrq.dll
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.
2007-10-27 14:51 172,032 --a------ C:\WINDOWS\system32\KevlarSigs.dll
2007-10-27 14:51 172,032 --a------ C:\WINDOWS\system32\hidapi.dll
2007-10-27 14:51 53,248 --a------ C:\WINDOWS\system32\hidapistub.dll
2007-10-27 14:51 22,422 --a------ C:\WINDOWS\system32\kevlar_api_hook_list.dat
2007-10-27 14:50 187,904 --a------ C:\WINDOWS\system32\drivers\HidSys.sys
2007-10-27 14:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 14:38 83,520 --a------ C:\WINDOWS\system32\eetdlwjp.dll
2007-10-25 19:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-24 20:58 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2007-10-24 20:58 486,400 --a------ C:\WINDOWS\system32\wwSecure.exe
2007-10-24 20:58 57,344 --a------ C:\WINDOWS\Unwash6.exe
2007-10-23 23:36 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Bluetooth Software
2007-10-22 22:19 <DIR> d-------- C:\WINDOWS\pss
2007-10-22 20:38 15,860 --a------ C:\WINDOWS\system32\instdump.zip
2007-10-22 18:28 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-10-22 18:27 164 --a------ C:\install.dat
2007-10-22 14:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-22 14:43 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-10-22 14:43 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-10-22 14:43 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-10-22 14:42 <DIR> d-------- C:\Program Files\Webroot
2007-10-22 14:42 <DIR> d-------- C:\Documents and Settings\bking\Application Data\Webroot
2007-10-22 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-22 14:42 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-10-22 11:54 340,032 --a------ C:\WINDOWS\system32\kruokqdv.dll
2007-10-22 11:54 340,032 --a------ C:\WINDOWS\system32\fyzuvrwa.dll
2007-10-21 23:46 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-21 23:39 <DIR> d-------- C:\QUARANTINE
2007-10-19 10:33 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-19 10:33 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-10-19 10:33 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-10-19 10:33 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-10-19 10:33 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-10-19 10:33 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-10-16 13:47 <DIR> d-------- C:\Program Files\Emhart Tucker GmbH
2007-10-13 12:34 <DIR> d-------- C:\Program Files\InterActual
2007-10-12 11:43 5,316,176 --a------ C:\TEMP\msjavx86.exe
2007-10-12 11:42 <DIR> d-------- C:\TEMP
2007-10-11 15:00 <DIR> d-------- C:\WINDOWS\system32\rc
2007-10-05 11:41 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-10-05 11:41 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-10-05 11:39 <DIR> d-------- C:\Documents and Settings\bking\Application Data\Smart Panel
2007-10-05 11:38 <DIR> d-------- C:\EPSONREG
2007-10-05 11:38 <DIR> d-------- C:\Documents and Settings\bking\Application Data\Leadertech
2007-10-05 11:37 <DIR> d-------- C:\Program Files\NewSoft
2007-10-05 11:36 <DIR> d-------- C:\Program Files\Common Files\Python
2007-10-05 11:36 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-10-05 11:36 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-10-05 11:36 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-10-05 11:36 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-10-05 11:34 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-10-05 11:34 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-10-05 11:34 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-10-05 11:33 <DIR> d-------- C:\Program Files\Smart Panel
2007-10-05 11:33 <DIR> d-------- C:\Program Files\EPSON
2007-10-05 11:33 217,088 --a------ C:\WINDOWS\system32\ESDTR.dll
2007-10-05 11:33 139,264 --a------ C:\WINDOWS\system32\Esint32.dll
2007-10-05 11:33 65,793 --a------ C:\WINDOWS\system32\EsFw32.BIN
2007-10-05 11:33 47,104 --a------ C:\WINDOWS\system32\escimgn.dll
2007-10-05 11:33 32,768 --a------ C:\WINDOWS\system32\eswia32.dll
2007-10-05 11:33 23,552 --a------ C:\WINDOWS\system32\esccmn.dll
2007-10-05 11:17 <DIR> d--h----- C:\BJPrinter
2007-10-05 11:17 107,008 --a------ C:\WINDOWS\system32\CNMLM56.DLL
2007-10-05 11:17 6,656 --a------ C:\WINDOWS\system32\CNMVS56.DLL
2007-10-05 11:13 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-05 11:13 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-28 16:43 <DIR> d-------- C:\Program Files\Atari
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-22 12:50 --------- d-----w C:\Documents and Settings\bking\Application Data\U3
2007-10-22 01:09 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-19 14:33 --------- d-----w C:\Program Files\McAfee
2007-10-19 14:33 --------- d-----w C:\Program Files\Common Files\Network Associates
2007-10-19 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-16 17:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-15 14:31 53,248 ----a-w C:\WINDOWS\java\hob_jportal\hobjni.dll
2007-09-26 18:34 --------- d-----w C:\Program Files\Convert-It Pro
2007-09-26 16:06 94,208 ----a-w C:\WINDOWS\system32\ScrUnZip.dll
2007-09-26 16:06 129,536 ----a-w C:\WINDOWS\system32\IJL15.dll
2007-09-26 15:25 --------- d-----w C:\Program Files\Common Files\Cyco Shared
2007-09-26 15:25 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-09-20 21:12 356,352 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2007-09-20 21:12 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-09-20 21:12 21,393 ----a-w C:\WINDOWS\AegisP.sys
2007-09-20 21:12 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2007-09-20 21:12 --------- d-----w C:\Program Files\Intel
2007-09-20 21:12 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2007-09-20 21:12 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2007-09-20 21:12 --------- d-----w C:\Documents and Settings\EFTAdministrator\Application Data\Intel
2007-09-20 21:12 --------- d-----w C:\Documents and Settings\bking\Application Data\Intel
2007-09-20 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2007-09-20 21:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intel
2007-09-20 20:51 --------- d-----w C:\Program Files\Hewlett-Packard
2007-09-20 20:51 --------- d-----w C:\Program Files\Google
2007-09-20 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-20 20:43 --------- d-----w C:\Program Files\InterVideo
2007-09-20 20:28 --------- d-----w C:\Program Files\WIDCOMM
2007-09-20 20:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2007-09-20 20:26 --------- d-----w C:\Program Files\Macrovision Corp
2007-09-20 20:26 --------- d-----w C:\Program Files\Common Files\InterVideo
2007-09-20 20:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-20 20:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-09-20 20:25 1,781 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq 6910p (RM234UA#ABA)_YN_0U_QCND73529CF_E450345002_46_I30C1_SHP_VKBC Version 68.30_B68MCD Ver. F.06_T070620_WXP2_L409_M1024_J120_7Intel_8Core2 Duo T7300_92_#070705_N80861049_(RM234UA#ABA).MRK
2007-09-20 20:25 --------- d-----w C:\Program Files\ATI Technologies
2007-09-20 20:15 --------- d-----w C:\Program Files\Program Shortcuts
2007-09-20 20:13 --------- d-----w C:\Program Files\HPQ
2007-09-20 16:51 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-20 16:41 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-20 15:27 15,793 ----a-w C:\WINDOWS\system32\drivers\mdc80211.sys
2007-09-20 15:27 --------- d-----w C:\Program Files\iPass
2007-09-20 15:24 --------- d-----w C:\Program Files\Common Files\Deterministic Networks
2007-09-20 15:24 --------- d-----w C:\Program Files\Cisco Systems
2007-09-20 15:13 --------- d-----w C:\Program Files\RightFax
2007-09-20 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\RightFax
2007-09-20 15:12 --------- d-----w C:\Program Files\eCopy
2007-09-20 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-09-20 15:09 --------- d-----w C:\Program Files\Common Files\McAfee Inc
2007-09-20 15:09 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2007-09-20 15:05 --------- d-----w C:\Program Files\Snapshot Viewer
2007-09-20 14:57 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-09-20 14:57 --------- d-----w C:\Program Files\Common Files\L&H
2007-09-20 14:56 --------- d-----w C:\Program Files\Microsoft Works
2007-09-20 14:55 --------- d-----w C:\Program Files\Microsoft.NET
2007-09-20 14:54 --------- d-----w C:\Program Files\IBM
2007-09-20 14:26 --------- d-----w C:\Program Files\PatchLink
2007-09-20 14:26 --------- d-----w C:\Program Files\Common Files\PatchLink
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-22 11:54 340032 --a------ C:\WINDOWS\system32\fyzuvrwa.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2275DF-3560-4ACD-8BE2-96F26DA36259}]
C:\WINDOWS\system32\pmnno.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDDB2045-D9EB-4E57-8719-D30B9D615A08}]
C:\WINDOWS\system32\mljge.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\fyzuvrwa.dll [2007-10-22 11:54 340032]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-02-26 06:34]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-02-26 06:34]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-26 06:33]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 10:12]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 18:52]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 09:36]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 18:54]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 19:51]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-09 14:23]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 10:52]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 12:36]
"HPWWANGSAssistant"="c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe" [2007-02-26 11:07]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 10:51]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 10:49]
"PDDM"="C:\Program Files\PatchLink\Update Agent\pddm.exe" [2007-07-03 14:08]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2001-05-08 05:10]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2001-05-08 05:10]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2001-05-08 05:10]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2001-05-08 05:10]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-07-11 16:53]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe" [2005-02-24 13:09]
"eCopy Desktop Printer Service"="C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe" [2004-11-19 08:50]
"eCopy Desktop Inbox Monitor"="C:\PROGRA~1\eCopy\Desktop\Bin\INBOXM~1.exe" [2004-11-19 09:26]
"RightFAX Print-to-Fax Driver"="C:\Program Files\RightFax\Client\FaxCtrl.exe" [2007-06-20 14:10]
"iPCCheck"="C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe" [2004-05-11 10:05]
"WinVNC"="C:\WINDOWS\system32\rc\winvnc4.exe" [2006-05-12 15:04]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 20:50]
"6d1ea1dd"="rundll32.exe" [2004-08-04 04:00 C:\WINDOWS\system32\rundll32.exe]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2005-06-10 09:43]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-21 21:10:01]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 15:14:00]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-09-20 11:24:31]
iPassConnect.lnk - C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe [2007-09-20 11:27:14]
McAfee Host Intrusion Prevention Tray.lnk - C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [2007-09-20 11:09:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)
"NoMSAppLogo5ChannelNotify"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fyzuvrwa]
fyzuvrwa.dll 2007-10-22 11:54 340032 C:\WINDOWS\system32\fyzuvrwa.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vturr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\
0\
0]
"Script"=\\emhartna.com\NETLOGON\plagent.bat
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rtasks]
C:\Program Files\BestsellerAntivirus\rtasks.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com
R0 FirePM;McAfee HIP Component FirePM;C:\WINDOWS\system32\Drivers\FirePM.sys
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R1 FireHook;McAfee HIP Component FireHook;\??\C:\WINDOWS\system32\Drivers\Firehk5x.sys
R1 FireTDI;McAfee HIP Component FireTDI;\??\C:\WINDOWS\system32\Drivers\FireTDI.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;"C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe"
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;C:\WINDOWS\system32\DRIVERS\mdc80211.sys
R2 SWIHPWMI;SWIHPWMI;C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
R3 firelm01;firelm01;\??\C:\WINDOWS\system32\drivers\firelm01.sys
R3 hidsys;hidsys;\??\C:\WINDOWS\system32\Drivers\hidsys.sys
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 rismc32;RICOH Smart Card Reader;C:\WINDOWS\system32\DRIVERS\rismc32.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command - E:\LaunchU3.exe
*Newly Created Service* - HIDSYS
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-27 14:52:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 14:54:48 - machine was rebooted
.
--- E O F ---
HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59, on 2007-10-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PatchLink\Update Agent\GravitixService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\PatchLink\Update Agent\pddm.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe
C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
C:\Program Files\RightFax\Client\FaxCtrl.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.hp.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fyzuvrwa.dll
O2 - BHO: (no name) - {BE2275DF-3560-4ACD-8BE2-96F26DA36259} - C:\WINDOWS\system32\pmnno.dll (file missing)
O2 - BHO: (no name) - {EDDB2045-D9EB-4E57-8719-D30B9D615A08} - C:\WINDOWS\system32\mljge.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fyzuvrwa.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [HPWWANGSAssistant] "c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe" /TrayMode
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PDDM] "C:\Program Files\PatchLink\Update Agent\pddm.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [eCopy Desktop Printer Service] C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
O4 - HKLM\..\Run: [eCopy Desktop Inbox Monitor] "C:\PROGRA~1\eCopy\Desktop\Bin\INBOXM~1.EXE" -run
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] "C:\Program Files\RightFax\Client\FaxCtrl.exe"
O4 - HKLM\..\Run: [iPCCheck] "C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe" /startup
O4 - HKLM\..\Run: [WinVNC] "C:\WINDOWS\system32\rc\winvnc4.exe" -servicehelper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [6d1ea1dd] "rundll32.exe" "C:\WINDOWS\system32\eetdlwjp.dll",b
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: iPassConnect.lnk = C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe
O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bmp: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .dgn: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .doc: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .dot: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .dwf: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .dwg: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .dxf: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .gcd: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .pcx: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .plt: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .png: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .ppt: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .prj: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .prt: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .rlc: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .rtf: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .sld: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .tga: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .tif: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .vsd: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .vss: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .vst: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .vsw: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .wmf: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .wpg: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O12 - Plugin for .xls: C:\Program Files\Common Files\Cyco Shared\NpAMPlug.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: *.ezbdk.com
O15 - Trusted Zone: *.ezbdk.com (HKLM)
O16 - DPF: HOB Portal Software -
http://161.36.147.247/hob/lib/JLaunchDU.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emhartna.com
O17 - HKLM\Software\..\Telephony: DomainName = emhartna.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emhartna.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emhartna.com
O20 - Winlogon Notify: fyzuvrwa - C:\WINDOWS\SYSTEM32\fyzuvrwa.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: PatchLink Update - PatchLink Corporation - C:\Program Files\PatchLink\Update Agent\GravitixService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: VNC (WinVNC) - RealVNC Ltd. - C:\WINDOWS\system32\rc\winvnc4.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
--
End of file - 13558 bytes