1. ComboFix.txtComboFix 08-07-14.2 - Lim Mervin 2008-07-17 12:51:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.530 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\Tasks\XoftSpySE 2.job
C:\WINDOWS\Tasks\XoftSpySE.job
E:\My Documents\Downloads\Programs\BearShareV6.exe
E:\My Documents\Downloads\Programs\SmileyCentralFWBInitialSetup1.0.0.15-3.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\XoftSpySE
C:\Program Files\XoftSpySE\
0_days.htm
C:\Program Files\XoftSpySE\1_days.htm
C:\Program Files\XoftSpySE\15_days.htm
C:\Program Files\XoftSpySE\2_days.htm
C:\Program Files\XoftSpySE\30_days.htm
C:\Program Files\XoftSpySE\5_days.htm
C:\Program Files\XoftSpySE\autoupdate.dll
C:\Program Files\XoftSpySE\database.db
C:\Program Files\XoftSpySE\expired.htm
C:\Program Files\XoftSpySE\Images\10x10.gif
C:\Program Files\XoftSpySE\Images\10x10tile.gif
C:\Program Files\XoftSpySE\Images\back.bmp
C:\Program Files\XoftSpySE\Images\bottompanel.gif
C:\Program Files\XoftSpySE\Images\BottomRemine.bmp
C:\Program Files\XoftSpySE\Images\Button_BACK_D.bmp
C:\Program Files\XoftSpySE\Images\Button_BACK_N.bmp
C:\Program Files\XoftSpySE\Images\Button_BACK_O.bmp
C:\Program Files\XoftSpySE\Images\Button_Small_D.bmp
C:\Program Files\XoftSpySE\Images\Button_Small_N.bmp
C:\Program Files\XoftSpySE\Images\Button_Small_O.bmp
C:\Program Files\XoftSpySE\Images\buttonfill.jpg
C:\Program Files\XoftSpySE\Images\buttonfill_mo.jpg
C:\Program Files\XoftSpySE\Images\buttonfilldown.jpg
C:\Program Files\XoftSpySE\Images\contentwrapper.gif
C:\Program Files\XoftSpySE\Images\flash.bmp
C:\Program Files\XoftSpySE\Images\footerbar.gif
C:\Program Files\XoftSpySE\Images\info_bubble.jpg
C:\Program Files\XoftSpySE\Images\main_bt_focus.bmp
C:\Program Files\XoftSpySE\Images\main_bt_normal.bmp
C:\Program Files\XoftSpySE\Images\main_bt_normal1.bmp
C:\Program Files\XoftSpySE\Images\main_bt_selected.bmp
C:\Program Files\XoftSpySE\Images\poweredby.bmp
C:\Program Files\XoftSpySE\Images\startpageback.bmp
C:\Program Files\XoftSpySE\Images\subtitlebar.gif
C:\Program Files\XoftSpySE\Images\tile_titlebar.jpg
C:\Program Files\XoftSpySE\Images\toppanel.gif
C:\Program Files\XoftSpySE\Images\width.bmp
C:\Program Files\XoftSpySE\LogSettings.xml
C:\Program Files\XoftSpySE\main.css
C:\Program Files\XoftSpySE\resources.dll
C:\Program Files\XoftSpySE\settings.xml
C:\Program Files\XoftSpySE\trial.htm
C:\Program Files\XoftSpySE\uninstall.exe
C:\Program Files\XoftSpySE\welcome.htm
C:\Program Files\XoftSpySE\xAutoUpdate.dll
C:\Program Files\XoftSpySE\XoftSpy.exe
C:\Program Files\XoftSpySE\Xoftspy.ico
C:\Program Files\XoftSpySE\zlibwapi.dll
C:\WINDOWS\Tasks\XoftSpySE 2.job
C:\WINDOWS\Tasks\XoftSpySE.job
E:\My Documents\Downloads\Programs\BearShareV6.exe
E:\My Documents\Downloads\Programs\SmileyCentralFWBInitialSetup1.0.0.15-3.exe
.
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.
2008-07-16 13:21 . 2008-07-16 13:21 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-07-16 00:29 . 2008-07-16 00:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-07-15 18:32 . 2007-05-21 10:45 417,792 --a------ C:\WINDOWS\system32\ServoApp.exe
2008-07-15 18:32 . 2007-05-15 11:37 229,376 --a------ C:\WINDOWS\system32\Install98MFPPS.dll
2008-07-15 18:32 . 2006-09-22 11:35 151,552 --a------ C:\WINDOWS\system32\ddschk.dll
2008-07-15 18:32 . 2006-09-12 15:07 548 --a------ C:\WINDOWS\system32\cliktext.ini
2008-07-14 01:06 . 2008-07-16 00:12 <DIR> d-------- C:\Program Files\MFP Server Utilities
2008-07-12 01:22 . 2008-07-12 01:22 <DIR> d-------- C:\Lxk1100
2008-07-11 23:22 . 2000-07-15 00:00 929,844 --a------ C:\WINDOWS\system32\MFC42D.DLL
2008-07-11 23:22 . 2000-07-15 00:00 798,773 --a------ C:\WINDOWS\system32\MFCO42D.DLL
2008-07-11 23:22 . 2000-07-15 00:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-07-11 20:02 . 2008-07-11 20:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-10 13:51 . 2008-07-10 13:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-10 10:41 . 2008-07-10 10:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Elluminate
2008-07-03 20:35 . 2008-07-03 20:35 <DIR> d-------- C:\Program Files\PPTminimizer
2008-07-03 20:35 . 2008-07-03 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PPTminimizer
2008-07-03 13:04 . 2008-07-03 13:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-03 13:01 . 2008-07-03 13:01 <DIR> d-------- C:\Program Files\Skype
2008-07-03 13:01 . 2008-07-03 13:01 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-03 13:01 . 2008-07-03 13:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-07-03 12:59 . 2008-07-03 12:59 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-06-30 14:40 . 2008-06-30 14:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-27 09:14 . 2008-07-03 12:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-27 09:07 . 2004-05-19 06:44 40,960 --a------ C:\WINDOWS\system32\exitwx.exe
2008-06-23 09:52 . 2008-06-23 09:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-21 01:46 . 2008-06-21 01:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-21 01:46 . 2008-06-21 01:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 19:51 . 2008-06-20 19:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 19:40 . 2008-06-20 19:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 19:08 . 2008-06-20 19:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 02:41 . 2008-06-20 02:41 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-20 02:01 . 2008-07-03 13:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2008-06-20 02:01 . 2008-06-20 02:01 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-20 01:59 . 2008-07-03 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-20 01:34 . 2008-07-10 10:46 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-06-19 23:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-19 23:49 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-19 23:49 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-19 19:50 . 2008-06-19 19:59 <DIR> d-------- C:\Program Files\Windows Live
2008-06-19 19:50 . 2008-06-19 19:57 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-19 19:50 . 2008-06-19 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 04:31 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-15 05:29 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-07-14 18:00 --------- d-----w C:\Program Files\Java
2008-07-14 01:50 --------- d-----w C:\Program Files\mtd2002
2008-07-13 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 04:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-03 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-22 18:16 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 17:42 --------- d-----w C:\Program Files\Sun
2008-06-15 17:34 --------- d-----w C:\Program Files\Common Files\Java
2008-06-14 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-14 17:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-06-14 17:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-06-14 16:41 --------- d-----w C:\Program Files\Yahoo!
2008-06-14 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 22:44 --------- d-----w C:\Program Files\Unlocker
2008-06-11 20:10 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Desktopicon
2008-06-11 16:21 --------- d-----w C:\Program Files\Internet Download Manager
2008-06-11 16:20 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\IDM
2008-06-11 16:20 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Downloads
2008-06-11 16:20 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\DMCache
2008-06-11 15:05 --------- d-----w C:\Program Files\Symantec
2008-06-11 06:23 --------- d-----w C:\Program Files\DIFX
2008-06-11 05:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-11 05:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-11 03:46 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Ulead VideoStudio
2008-06-11 03:46 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Ulead Systems
2008-06-11 03:37 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\CyberLink
2008-06-11 03:33 --------- d-----w C:\Program Files\CyberLink
2008-06-11 03:25 --------- d-----w C:\Program Files\Common Files\Real
2008-06-11 03:14 --------- d-----w C:\Program Files\Windows Media Components
2008-06-11 03:02 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-06-11 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-11 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-11 03:01 --------- d-----w C:\Program Files\Ulead Systems
2008-06-11 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-11 02:17 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Symantec
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-15_14.48.05.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-15 05:36:20 41,238 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-16 16:32:59 41,238 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-15 05:36:20 315,076 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-16 16:32:59 315,076 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:12 15360]
"mtd2002Svr"="C:\Program Files\mtd2002\mtdserver.exe" [2002-10-05 13:05 544768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-14 03:02 7573504]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-10 21:34 798810]
"CPUTray"="C:\WINDOWS\system32\CPUTray.exe" [2005-05-14 06:46 212992]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 12:15 15872]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:43 57344]
"nwiz"="nwiz.exe" [2006-06-14 03:02 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 22:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-09-10 21:34 2879488 C:\WINDOWS\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 08:12 110592 C:\WINDOWS\system32\bthprops.cpl]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-05-29 03:12:48 593920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-04-26 23:30 895672 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 10:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-14 08:12 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
-ra------ 2006-09-10 21:34 557056 C:\WINDOWS\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\mtd2002\\mtdserver.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-26 23:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-06-01 00:51]
R2 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-13 15:27]
S2 ALIWEHCD;MFP Server Enhanced Controller;C:\WINDOWS\system32\Drivers\mfpec.sys []
S3 PhnxVcd;PhnxVcd;C:\WINDOWS\system32\Drivers\PhnxVcd.sys [2005-02-26 09:34]
S3 WUSBVBus;MFP Server Detector;C:\WINDOWS\system32\DRIVERS\mfpvbus.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{789df6d6-0d0e-11dc-a94b-806d6172696f}]
\Shell\AutoRun\command - D:\AUTORUN.exe /AUTORUN
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-17 12:53:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-17 12:54:10
ComboFix-quarantined-files.txt 2008-07-17 04:54:05
Pre-Run: 39,707,598,848 bytes free
Post-Run: 39,724,326,912 bytes free
260 --- E O F --- 2008-07-09 02:56:03
2. MBAM logMalwarebytes' Anti-Malware 1.20
Database version: 960
Windows 5.1.2600 Service Pack 3
2:15:20 PM 7/17/2008
mbam-log-7-17-2008 (14-15-20).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 89719
Time elapsed: 15 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\QooBox\Quarantine\E\My Documents\Downloads\Programs\SmileyCentralFWBInitialSetup1.0.0.15-3.exe.vir (Adware.Funweb) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{D7CCC6B9-5BBF-4648-83F4-9DEB5AF5C8FA}\RP73\A0040976.exe (Adware.Funweb) -> Quarantined and deleted successfully.
3. New HJT logLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:02 PM, on 7/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://en-us.start2.mozilla.com/firefox ... S:officialR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://sg.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.twinhead.com/R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CPUTray] C:\WINDOWS\system32\CPUTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.twinhead.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
https://support.microsoft.com/OAS/ActiveX/MSDcode.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 8245 bytes
Next?