Hello again, here are both files that you requested. Thanks, Frank
ComboFix 08-04-13.3 - Frank Forkapa 2008-04-14 20:58:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.101 [GMT -4:00]
Running from: C:\Documents and Settings\Frank Forkapa\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Danny Forkapa\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Frank Forkapa\Desktop\Error Cleaner.url
C:\Documents and Settings\Frank Forkapa\Desktop\Privacy Protector.url
C:\Documents and Settings\Frank Forkapa\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Frank Forkapa\Desktopblackbird.jpg
C:\Documents and Settings\Frank Forkapa\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Frank Forkapa\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Frank Forkapa\Desktopfilemanagerclient.exe
C:\Documents and Settings\Frank Forkapa\Desktopfkwp1.5.exe
C:\Documents and Settings\Frank Forkapa\Desktopfkwp2.0.exe
C:\Documents and Settings\Frank Forkapa\Desktopfwebd.exe
C:\Documents and Settings\Frank Forkapa\DesktopFWebdEditor.exe
C:\Documents and Settings\Frank Forkapa\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Frank Forkapa\Desktopvirii
C:\Documents and Settings\Frank Forkapa\Favorites\Error Cleaner.url
C:\Documents and Settings\Frank Forkapa\Favorites\Privacy Protector.url
C:\Documents and Settings\Frank Forkapa\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Laurelle Forkapa\Desktopblackbird.jpg
C:\Documents and Settings\Laurelle Forkapa\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Laurelle Forkapa\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Laurelle Forkapa\Desktopfilemanagerclient.exe
C:\Documents and Settings\Laurelle Forkapa\Desktopfkwp1.5.exe
C:\Documents and Settings\Laurelle Forkapa\Desktopfkwp2.0.exe
C:\Documents and Settings\Laurelle Forkapa\Desktopfwebd.exe
C:\Documents and Settings\Laurelle Forkapa\DesktopFWebdEditor.exe
C:\Documents and Settings\Laurelle Forkapa\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Laurelle Forkapa\Desktopvirii
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\apoxqwfv.exe
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mgsvflkw.dll
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\qdnkewfa.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\bmfjisip.dll
C:\WINDOWS\system32\EKjlTvut.ini
C:\WINDOWS\system32\EKjlTvut.ini2
C:\WINDOWS\system32\ewhjtqdo.ini
C:\WINDOWS\system32\odqtjhwe.dll
C:\WINDOWS\system32\pisijfmb.ini
C:\WINDOWS\system32\tuvTljKE.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\vnbptxlf.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-13 15:05 . 2008-04-13 15:05 <DIR> d-------- C:\Program Files\Sun
2008-04-13 15:04 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-13 15:02 . 2008-04-13 15:04 <DIR> d-------- C:\Program Files\Java
2008-04-13 15:00 . 2008-04-13 15:00 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-13 14:47 . 2008-04-13 14:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 13:01 . 2008-04-13 13:01 <DIR> d-------- C:\Program Files\RegCure
2008-04-13 12:29 . 2008-04-13 12:30 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-13 12:29 . 2008-04-14 19:56 886 --ahs---- C:\WINDOWS\system32\kpknxglm.ini
2008-04-13 11:49 . 2008-04-14 15:21 586 --ahs---- C:\WINDOWS\system32\xvhrthtl.ini
2008-04-13 11:49 . 2008-04-14 15:22 86 --a------ C:\WINDOWS\wininit.ini
2008-04-13 11:38 . 2008-04-13 11:38 <DIR> d-------- C:\Documents and Settings\Laurelle Forkapa\Application Data\HPAppData
2008-04-13 11:37 . 2008-04-13 11:49 354 --ahs---- C:\WINDOWS\system32\dsifsglv.ini
2008-04-13 11:36 . 2008-04-13 11:36 110,592 --a------ C:\WINDOWS\system32\dolgfydm.exe
2008-04-12 18:07 . 2008-04-12 19:22 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-12 17:58 . 2008-04-12 17:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-12 17:58 . 2008-04-12 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 17:19 . 2008-04-12 17:33 <DIR> d-------- C:\Program Files\SpywareIsolator
2008-04-12 17:19 . 2008-04-12 17:19 0 --a------ C:\winxplogon.sys
2008-04-12 17:15 . 2008-04-12 17:15 <DIR> d-------- C:\Program Files\XP Antivirus
2008-04-12 10:59 . 2008-04-13 12:24 474 --ahs---- C:\WINDOWS\system32\gvbqkctq.ini
2008-04-11 23:59 . 2008-04-12 09:09 870 --ahs---- C:\WINDOWS\system32\atxnjcft.ini
2008-04-11 23:52 . 2008-04-14 20:47 <DIR> d-------- C:\Documents and Settings\Frank Forkapa\Application Data\TmpRecentIcons
2008-04-11 20:45 . 2008-04-11 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fipsxcfk
2008-04-11 20:43 . 2008-04-11 11:37 262,144 --a------ C:\WINDOWS\temlxopqgdk.dll
2008-03-26 16:08 . 2008-03-26 16:08 147,677 --------- C:\WINDOWS\hpoins21.dat.temp
2008-03-26 16:08 . 2007-05-15 06:10 8,138 --------- C:\WINDOWS\hpomdl21.dat.temp
2008-03-25 19:05 . 2008-03-25 19:05 <DIR> d-------- C:\Documents and Settings\Danny Forkapa\Application Data\HPAppData
2008-03-20 18:28 . 2008-03-20 18:28 <DIR> d-------- C:\Documents and Settings\Matthew Forkapa\Application Data\HPAppData
2008-03-19 19:14 . 2008-03-19 19:14 <DIR> d-------- C:\Documents and Settings\Kristin Forkapa\Application Data\HPAppData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 00:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-15 00:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-09 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-13 01:19 --------- d-----w C:\Documents and Settings\Frank Forkapa\Application Data\HP
2008-03-13 01:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-13 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-12 22:55 --------- d-----w C:\Program Files\HP
2008-03-12 22:55 --------- d-----w C:\Documents and Settings\Frank Forkapa\Application Data\HPAppData
2008-03-12 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-12 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-03-12 22:52 --------- d-----w C:\Program Files\Common Files\HP
2008-03-12 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-12 22:51 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-12 22:51 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-03-02 23:35 --------- d-----w C:\Documents and Settings\Danny Forkapa\Application Data\Apple Computer
2008-02-23 04:04 --------- d-----w C:\Documents and Settings\Kristin Forkapa\Application Data\Apple Computer
2008-02-23 03:41 --------- d-----w C:\Program Files\iTunes
2008-02-23 03:41 --------- d-----w C:\Program Files\iPod
2008-02-23 03:41 --------- d-----w C:\Documents and Settings\Frank Forkapa\Application Data\Apple Computer
2008-02-23 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-23 03:40 --------- d-----w C:\Program Files\QuickTime
2008-02-23 03:40 --------- d-----w C:\Program Files\Bonjour
2008-02-23 03:38 --------- d-----w C:\Program Files\Apple Software Update
2008-02-23 03:37 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-23 03:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-17 15:49 --------- d-----w C:\Documents and Settings\Laurelle Forkapa\Application Data\VersionTracker Pro
2008-02-17 05:02 --------- d-----w C:\Documents and Settings\Kristin Forkapa\Application Data\VersionTracker Pro
2008-02-17 03:16 --------- d-----w C:\Documents and Settings\Matthew Forkapa\Application Data\VersionTracker Pro
2008-02-17 03:16 --------- d-----w C:\Documents and Settings\Matthew Forkapa\Application Data\Symantec
2008-02-17 03:16 --------- d-----w C:\Documents and Settings\Matthew Forkapa\Application Data\AOL
2008-02-16 16:23 --------- d-----w C:\Documents and Settings\Danny Forkapa\Application Data\VersionTracker Pro
2008-02-04 05:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 23:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-10 14:18 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82B8E0B5-45F5-4779-966A-C474164F8F7F}]
2008-04-11 11:37 262144 --a------ C:\WINDOWS\temlxopqgdk.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 23:51 316784]
"{2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3}"= "C:\WINDOWS\vnbptxlf.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CLASSES_ROOT\clsid\{2ebc25fd-cdc9-4354-b220-2b7bfcbb28d3}]
[HKEY_CLASSES_ROOT\vnbptxlf.1]
[HKEY_CLASSES_ROOT\TypeLib\{28FF5FA1-074A-471D-8A60-AA44A3C667B8}]
[HKEY_CLASSES_ROOT\vnbptxlf]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 23:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"AOL Fast Start"="C:\Program Files\AOL 9.1\AOL.exe" [2008-01-23 06:15 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"HostManager"="C:\Program Files\Common Files\AOL\1202103167\ee\AOLSoftware.exe" [2007-05-25 13:16 42032]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16:25 16859648 C:\WINDOWS\RTHDCPL.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 00:53 714608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\Program Files\AOL 9.1\AOL.exe" [2008-01-23 06:15 50528]
C:\Documents and Settings\Kristin Forkapa\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]
C:\Documents and Settings\Laurelle Forkapa\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1998-02-24 12:02:41 255408]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"Q1ZowkDTJY"= C:\Documents and Settings\All Users\Application Data\fipsxcfk\vijyjmzg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\aol\\1202103167\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe [2004-08-10 15:00]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-10 15:00]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 dump_wmimmc;dump_wmimmc;C:\Nexon\MapleStory\GameGuard\dump_wmimmc.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 22:18:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 00:00:19 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Frank Forkapa.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-04-15 01:10:19 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-13 17:01:10 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-11 18:54:34 C:\WINDOWS\Tasks\WebReg Photosmart C6200 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
"2008-04-15 01:10:20 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-04-13 16:30:08 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-14 21:11:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\aol\acs\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2008-04-14 21:20:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 01:20:13
Pre-Run: 84,255,006,720 bytes free
Post-Run: 84,350,439,424 bytes free
.
2008-04-09 10:14:49 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:15 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\All Users\Application Data\fipsxcfk\vijyjmzg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\AOL\1202103167\ee\AOLSoftware.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\tozgnang.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Frank Forkapa\Desktop\wedge.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: DVA Media - {82B8E0B5-45F5-4779-966A-C474164F8F7F} - C:\WINDOWS\temlxopqgdk.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: vnbptxlf - {2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3} - C:\WINDOWS\vnbptxlf.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1202103167\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [htdzbetr] C:\WINDOWS\system32\tozgnang.exe
O4 - HKLM\..\Policies\Explorer\Run: [Q1ZowkDTJY] C:\Documents and Settings\All Users\Application Data\fipsxcfk\vijyjmzg.exe
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewido.net/ewidoOnlineScan.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... ase370.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
--
End of file - 9946 bytes