Ok so I have for you a new HiJackThis log, a SmitFraud log, a Combofix log and an Uninstall Manager List. Each log is labelled in RED font.HiJackThis LogLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:11, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Documents and Settings\All Users\Application Data\dwlcdofw\veropwly.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\sysabmpmfr.exe
C:\WINDOWS\sysatjsicj.exe
C:\WINDOWS\sysahbecjh.exe
C:\WINDOWS\sysawechod.exe
C:\WINDOWS\sysavxjgdu.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\zwnmtmvo.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Documents and Settings\OWB\My Documents\Others\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\OWB\My Documents\VirusRemoval\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bbc.co.ukR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8439A7BD-46E0-42DF-AA80-34356623F91B} - C:\WINDOWS\system32\cbXNGArs.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {FD62D5AE-F8A9-4A37-AC86-BB8726BE16AE} - C:\WINDOWS\system32\tuvvVnMD.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [{DD651081-A909-45ad-BD71-2335B0ADE043}] "C:\WINDOWS\sysabmpmfr.exe"
O4 - HKLM\..\Run: [{9754B85A-3B34-4969-BE1F-CD03227E9470}] "C:\WINDOWS\sysatjsicj.exe"
O4 - HKLM\..\Run: [{7DD4A7AC-A3F1-4495-884A-7947C5B89108}] "C:\WINDOWS\sysahbecjh.exe"
O4 - HKLM\..\Run: [{BAAA759D-56F0-428c-B8DA-827EA3B08C2C}] "C:\WINDOWS\sysawechod.exe"
O4 - HKLM\..\Run: [{2C70168B-97CE-4f31-B85D-1FEC5002721D}] "C:\WINDOWS\sysavxjgdu.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerPoint Password Recovery] C:\Program Files\Intelore\PowerPoint Password Recovery\PowerPointPasswordRecovery.exe /hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [gajgndzu] C:\WINDOWS\system32\pojohypk.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [xyzqbkib] C:\WINDOWS\system32\zwnmtmvo.exe
O4 - HKCU\..\Run: [dskesrgt] C:\WINDOWS\system32\hsrsrutk.exe
O4 - HKCU\..\Run: [milijdnm] C:\WINDOWS\system32\lmnwleti.exe
O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\Web Components\WUpdMan32.exe
O4 - HKLM\..\Policies\Explorer\Run: [D71Bh5t0dV] C:\Documents and Settings\All Users\Application Data\dwlcdofw\veropwly.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\OWB\My Documents\Others\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\OWB\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by116w.bay116.mail.live.com/mail ... nPUpld.cabO16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/So ... b56986.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://www.warwick.ac.uk/newwebcam/AxisCamControl.ocxO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cabO16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binary/ZI ... b56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b56986.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol ... _en_dl.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 16164 bytes
SmitFraud LogSmitFraudFix v2.309
Scan done at 23:10:22.15, 02/04/2008
Run from C:\Documents and Settings\OWB\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Documents and Settings\All Users\Application Data\dwlcdofw\veropwly.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\sysabmpmfr.exe
C:\WINDOWS\sysatjsicj.exe
C:\WINDOWS\sysahbecjh.exe
C:\WINDOWS\sysawechod.exe
C:\WINDOWS\sysavxjgdu.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\zwnmtmvo.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Documents and Settings\OWB\My Documents\Others\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\config.ini FOUND !
C:\WINDOWS\mywallpaper.bmp FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\1024\ FOUND !
C:\WINDOWS\system32\375013\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\OWB
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\OWB\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\OWB\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Belkin 802.11g Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{19943F20-196D-4932-978D-C9358BDFE864}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{19943F20-196D-4932-978D-C9358BDFE864}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{19943F20-196D-4932-978D-C9358BDFE864}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
ComboFix LogComboFix 08-04-02.1 - OWB 2008-04-02 22:49:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.560 [GMT 1:00]
Running from: C:\Documents and Settings\OWB\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\OWB\aria.txt
C:\Documents and Settings\OWB\Desktopblackbird.jpg
C:\Documents and Settings\OWB\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\OWB\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\OWB\Desktopfilemanagerclient.exe
C:\Documents and Settings\OWB\Desktopfkwp1.5.exe
C:\Documents and Settings\OWB\Desktopfkwp2.0.exe
C:\Documents and Settings\OWB\Desktopfwebd.exe
C:\Documents and Settings\OWB\DesktopFWebdEditor.exe
C:\Documents and Settings\OWB\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\OWB\Desktopvirii
C:\WINDOWS\a.bat
C:\WINDOWS\bdn.com
C:\WINDOWS\dwnrpofk.dll
C:\WINDOWS\itsME10.zip
C:\WINDOWS\itsME91.zip
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\mywallpaper.bmp
C:\WINDOWS\norlatmx.exe
C:\WINDOWS\photo15.zip
C:\WINDOWS\photo24.zip
C:\WINDOWS\photo42.zip
C:\WINDOWS\photo66.zip
C:\WINDOWS\qvdntlmw.dll
C:\WINDOWS\system32\DMnVvvut.ini
C:\WINDOWS\system32\DMnVvvut.ini2
C:\WINDOWS\system32\glpknjcw.ini
C:\WINDOWS\system32\hjpmbfpt.dll
C:\WINDOWS\system32\KUuwDcdd.ini
C:\WINDOWS\system32\KUuwDcdd.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nXwayGgh.ini
C:\WINDOWS\system32\nXwayGgh.ini2
C:\WINDOWS\system32\srAGNXbc.ini
C:\WINDOWS\system32\srAGNXbc.ini2
C:\WINDOWS\system32\ssqQJBtt.dll
C:\WINDOWS\system32\ttBJQqss.ini
C:\WINDOWS\system32\ttBJQqss.ini2
C:\WINDOWS\system32\urqQHawT.dll
C:\WINDOWS\system32\wcjnkplg.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\vbgtorfd.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\webcam-photos011.zip
C:\WINDOWS\webcam-photos032.zip
C:\WINDOWS\webcam-photos050.zip
C:\WINDOWS\webcam-photos08.zip
C:\WINDOWS\zysalwhkkw.exe
----- BITS: Possible infected sites -----
hxxp://58.65.234.25.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.
2008-04-01 00:20 . 2008-04-01 00:20 94,208 --a------ C:\WINDOWS\system32\khedaluf.exe
2008-03-31 11:16 . 2008-03-31 11:16 294 ---hs---- C:\WINDOWS\system32\faemiqad.ini
2008-03-30 22:42 . 2008-03-30 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-30 22:41 . 2008-03-30 22:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-30 22:41 . 2008-03-30 22:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-30 22:41 . 2008-03-30 22:41 <DIR> d-------- C:\Documents and Settings\OWB\Application Data\SUPERAntiSpyware.com
2008-03-30 22:24 . 2008-03-30 22:24 294 ---hs---- C:\WINDOWS\system32\ipwabrod.ini
2008-03-30 22:17 . 2008-03-30 22:17 90,112 --a------ C:\WINDOWS\system32\hsrsrutk.exe
2008-03-30 21:02 . 2008-03-30 21:02 95,970,288 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-03-30 20:38 . 2008-03-30 20:38 294 --ahs---- C:\WINDOWS\system32\nlrqmkqg.ini
2008-03-29 00:39 . 2008-03-29 00:39 110,592 --a------ C:\WINDOWS\system32\zwnmtmvo.exe
2008-03-28 23:00 . 2008-03-30 21:29 <DIR> d-------- C:\Program Files\Swift Security Suite
2008-03-28 22:05 . 2008-03-30 22:09 206 --a------ C:\WINDOWS\wininit.ini
2008-03-28 17:17 . 2008-03-28 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-28 17:15 . 2008-03-28 17:11 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-28 17:15 . 2008-03-28 17:15 2,539 --a------ C:\WINDOWS\unins000.dat
2008-03-28 16:09 . 2008-03-30 21:29 <DIR> d-------- C:\Program Files\XoftSpySE
2008-03-28 15:16 . 2008-03-28 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\dwlcdofw
2008-03-28 15:16 . 2008-03-28 12:28 212,992 --a------ C:\WINDOWS\kdftlboenbg.dll
2008-03-28 15:16 . 2008-03-28 15:16 106,496 --a------ C:\WINDOWS\system32\pojohypk.exe
2008-03-28 11:18 . 2008-03-28 11:18 85,056 --a------ C:\WINDOWS\sysatjsicj.exe
2008-03-28 11:18 . 2008-03-28 11:18 81,472 --a------ C:\WINDOWS\sysabmpmfr.exe
2008-03-28 11:18 . 2008-03-28 11:18 78,912 --a------ C:\WINDOWS\sysahbecjh.exe
2008-03-28 11:18 . 2008-03-28 11:18 75,840 --a------ C:\WINDOWS\sysawechod.exe
2008-03-28 11:18 . 2008-03-28 11:18 73,280 --a------ C:\WINDOWS\sysavxjgdu.exe
2008-03-28 11:18 . 2008-03-28 11:18 3,072 --a------ C:\WINDOWS\zysaoxcjiy.exe
2008-03-28 11:18 . 2008-03-28 11:18 1,919 --a------ C:\WINDOWS\config.ini
2008-03-28 11:18 . 2008-03-28 11:18 1,409 --a------ C:\WINDOWS\zysaxyczld.exe
2008-03-28 11:18 . 2008-03-28 11:18 1,272 --a------ C:\WINDOWS\zysapghucv.exe
2008-03-28 11:00 . 2008-03-31 00:40 <DIR> d-------- C:\WINDOWS\system32\375013
2008-03-19 02:31 . 2008-03-19 02:31 268 --ah----- C:\sqmdata05.sqm
2008-03-19 02:31 . 2008-03-19 02:31 244 --ah----- C:\sqmnoopt07.sqm
2008-03-14 22:28 . 2008-03-14 22:28 <DIR> d-------- C:\Program Files\Kontiki
2008-03-14 22:28 . 2008-03-14 22:28 <DIR> d-------- C:\Program Files\Channel4
2008-03-14 22:28 . 2008-04-02 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-14 22:26 . 2008-03-14 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2008-03-14 01:42 . 2008-03-14 01:42 <DIR> d-------- C:\Program Files\Easy Graphic Converter
2008-03-14 01:42 . 2008-03-14 01:42 <DIR> d-------- C:\ImageOutput
2008-03-14 01:40 . 2008-03-14 01:40 <DIR> d-------- C:\Program Files\Quick Screen Capture
2008-03-14 01:40 . 2008-03-14 01:40 <DIR> d-------- C:\MyCaptures
2008-03-14 00:51 . 2008-03-29 02:14 <DIR> d-------- C:\Documents and Settings\OWB\Application Data\Azureus
2008-03-14 00:51 . 2008-03-14 00:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-14 00:50 . 2008-03-14 00:50 <DIR> d-------- C:\Program Files\Azureus
2008-03-12 21:35 . 2008-03-12 21:35 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-30 22:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-30 21:09 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-03-30 20:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-29 23:29 --------- d-----w C:\Program Files\Norton 360
2008-03-28 16:37 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-18 16:37 --------- d-----w C:\Program Files\MSN Messenger
2008-03-18 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-15 00:21 --------- d-----w C:\Program Files\Morpheus
2008-03-06 21:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 21:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 21:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-25 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-25 00:51 --------- d-----w C:\Program Files\Yahoo!
2008-02-10 12:35 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-04 17:11 --------- d-----w C:\Program Files\Back2zip
2008-02-03 21:24 --------- d-----w C:\Program Files\WinXMedia
2008-02-03 21:24 --------- d-----w C:\Program Files\IrfanView
2008-02-03 21:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 20:53 --------- d-----w C:\Program Files\Common Files\Scanner
2008-02-03 20:46 --------- d-----w C:\Program Files\SnapStream Media
2008-02-03 20:45 --------- d-----w C:\Program Files\RogueRemover
2008-02-03 20:45 --------- d-----w C:\Program Files\NCH Swift Sound
2008-02-03 20:41 --------- d-----w C:\Program Files\Intelore
2008-02-03 20:34 --------- d-----w C:\Program Files\NewzToolz
2008-02-03 20:34 --------- d-----w C:\Documents and Settings\OWB\Application Data\MalwareBot
2008-02-03 20:33 --------- d-----w C:\Program Files\Stage Research
2008-02-03 20:31 --------- d-----w C:\Program Files\ElcomSoft
2008-02-03 20:30 --------- d-----w C:\Program Files\AviSynth 2.5
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8439A7BD-46E0-42DF-AA80-34356623F91B}]
C:\WINDOWS\system32\cbXNGArs.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD62D5AE-F8A9-4A37-AC86-BB8726BE16AE}]
C:\WINDOWS\system32\tuvvVnMD.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [2006-04-12 16:12 2150400]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"PowerPoint Password Recovery"="C:\Program Files\Intelore\PowerPoint Password Recovery\PowerPointPasswordRecovery.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-12 13:53 68856]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]
"gajgndzu"="C:\WINDOWS\system32\pojohypk.exe" [2008-03-28 15:16 106496]
"LDM"="\Program\BackWeb-8876480.exe" [ ]
"xyzqbkib"="C:\WINDOWS\system32\zwnmtmvo.exe" [2008-03-29 00:39 110592]
"dskesrgt"="C:\WINDOWS\system32\hsrsrutk.exe" [2008-03-30 22:17 90112]
"milijdnm"="C:\WINDOWS\system32\lmnwleti.exe" [2008-04-02 23:00 114688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 15:32 5537792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-02 06:21 180269]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 00:15 600896]
"MalwareBot"="C:\Program Files\MalwareBot\MalwareBot.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 04:10 116328]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]
"{DD651081-A909-45ad-BD71-2335B0ADE043}"="C:\WINDOWS\sysabmpmfr.exe" [2008-03-28 11:18 81472]
"{9754B85A-3B34-4969-BE1F-CD03227E9470}"="C:\WINDOWS\sysatjsicj.exe" [2008-03-28 11:18 85056]
"{7DD4A7AC-A3F1-4495-884A-7947C5B89108}"="C:\WINDOWS\sysahbecjh.exe" [2008-03-28 11:18 78912]
"{BAAA759D-56F0-428c-B8DA-827EA3B08C2C}"="C:\WINDOWS\sysawechod.exe" [2008-03-28 11:18 75840]
"{2C70168B-97CE-4f31-B85D-1FEC5002721D}"="C:\WINDOWS\sysavxjgdu.exe" [2008-03-28 11:18 73280]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
BTTray.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2004-10-01 15:12:18 565309]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-08-12 16:19:41 450560]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 14:26:54 2080768]
WinZip Quick Pick.lnk - C:\Documents and Settings\OWB\My Documents\Others\WinZip\WZQKPICK.EXE [2005-08-13 15:39:03 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"UpdateManager"= C:\Program Files\Common Files\Microsoft Shared\Web Components\WUpdMan32.exe
"D71Bh5t0dV"= C:\Documents and Settings\All Users\Application Data\dwlcdofw\veropwly.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"= 0 (0x0)
"Mn@mlrf"= 0 (0x0)
"MnOndNeg"= 0 (0x0)
"MnQtm"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 14:13:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-10-10 15:08:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-02 22:58:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\lmnwleti.exe 114688 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2008-04-02 23:03:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-02 22:03:18
Pre-Run: 40,472,166,400 bytes free
Post-Run: 40,997,040,128 bytes free
.
2008-03-12 23:18:56 --- E O F ---
Uninstall Manager List4oD
Active Desktop Calendar 5.9
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe Stock Photos 1.0
Age of Empires III
Agere Systems PCI Soft Modem
Apollo DVD to iPod 3.1.2
AppCore
Apple Mobile Device Support
Apple Software Update
Autograph 3
AV
Azureus Vuze
Belkin Bluetooth Software
Belkin Wireless Utility
Bonus
Calculator Powertoy for Windows XP
CC_ccProxyExt
ccCommon
ccPxyCore
CIB
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy Graphic Converter 1.2
Easy Internet Sign-up
FL Studio 7
GearDrvs
Google Earth
Google SketchUp 6
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Video Player
Guitar Pro 5.1
Help and Support Additions
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
IL Download Manager
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
LimeWire PRO 4.11.1
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 7 Demo
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Add-on Pack (Symantec Corporation)
Norton AntiSpam
Norton AntiSpam
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
Norton Internet Security Bonus Pack
NVIDIA Drivers
PC Connectivity Solution
PC-Doctor for Windows
Post-it® Software Notes Lite
Power Tab Editor 1.7
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quick Screen Capture 3.0
QuickTime
RealPlayer
Remove Microsoft Works 8.0 installer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sonic Express Labeler
Sonic Foundry ACID Music
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC 32bit
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SUPERAntiSpyware Free Edition
SuppSoft
Switch Uninstall
Symantec Technical Support Controls
Symantec Technical Support Web Controls
SymNet
The Sims 2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
WavePad Uninstall
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver
Yahoo! Messenger
Thanks.