Thing seem to be better.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:17 PM, on 10/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ppcbooster\ppcb_32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Dad\Local Settings\temp\jkos-Dad\binaries\ScanningProcess.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.rcuniverse.com/index.cfmR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://go.microsoft.com/fwlink/?LinkId=54843O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 1360571921O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6435 bytes
ComboFix 08-10-28.01 - Dad 2008-10-28 20:30:02.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.74 [GMT -4:00]
Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dad\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\bdtb3452.exe
C:\WINDOWS\pptb1948.exe
C:\WINDOWS\system32\g41.exe
C:\WINDOWS\system32\ytrewfgyzd.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\bdtb3452.exe
C:\WINDOWS\pptb1948.exe
C:\WINDOWS\system32\g41.exe
C:\WINDOWS\system32\ytrewfgyzd.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 )))))))))))))))))))))))))))))))
.
2008-10-27 22:54 . 2008-10-27 22:54 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-10-27 22:54 . 2008-10-27 23:00 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\CVS
2008-10-27 18:21 . 2008-10-27 18:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 18:21 . 2008-10-27 18:21 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Malwarebytes
2008-10-27 18:21 . 2008-10-27 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 18:21 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-27 18:21 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-25 18:42 . 2008-10-25 20:37 683 --a------ C:\WINDOWS\wininit.ini
2008-10-25 17:55 . 2008-10-25 17:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-25 17:55 . 2008-10-26 07:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-25 12:24 . 2008-10-25 12:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-24 17:46 . 2008-10-24 17:46 <DIR> d-------- C:\Documents and Settings\Administrator.OFFICE
2008-10-23 20:03 . 2008-10-15 12:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 22:58 . 2008-10-22 22:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-22 22:57 . 2008-10-22 22:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-22 22:57 . 2008-10-22 23:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-21 21:22 . 2008-10-21 21:22 <DIR> d-------- C:\Program Files\Astonsoft
2008-10-21 21:22 . 2008-10-21 22:12 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\DeepBurner
2008-10-21 20:16 . 2008-10-21 20:16 <DIR> d-------- C:\Program Files\ppcbooster
2008-10-21 19:17 . 2008-10-21 20:44 <DIR> d-------- C:\Program Files\321Studios
2008-10-16 21:32 . 2008-10-16 21:32 <DIR> d-------- C:\WINDOWS\Sun
2008-10-15 18:01 . 2008-08-14 06:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 18:01 . 2008-08-14 06:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 18:01 . 2008-08-14 05:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 18:01 . 2008-08-14 05:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 18:01 . 2008-09-15 08:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 18:01 . 2008-09-08 06:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-13 20:47 . 2008-10-13 20:47 40,096 --a------ C:\Documents and Settings\Dad\Application Data\GDIPFONTCACHEV1.DAT
2008-10-06 22:17 . 2008-10-21 20:33 <DIR> d-------- C:\Incomplete
2008-10-06 22:16 . 2008-10-21 20:33 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\LimeWire
2008-10-06 22:15 . 2008-10-06 22:15 <DIR> d-------- C:\Program Files\Java
2008-10-06 22:15 . 2008-10-06 22:15 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-06 22:15 . 2008-10-06 22:15 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-05 09:28 . 2008-10-23 21:49 <DIR> d-------- C:\music
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 01:14 27,262,976 ----a-w C:\VIRTPART.DAT
2008-09-27 12:47 --------- d-----w C:\Program Files\Symantec
2008-09-27 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-27 12:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-27 12:46 --------- d-----w C:\Documents and Settings\Dad\Application Data\Symantec
2008-09-16 02:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 02:35 --------- d-----w C:\Program Files\Creative
2008-09-16 02:17 --------- d-----r C:\Documents and Settings\Dad\Application Data\Brother
2008-09-16 02:12 --------- d-----w C:\Program Files\Brother
2008-09-16 02:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-16 02:09 --------- d-----w C:\Program Files\ScanSoft
2008-09-16 02:09 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-09-16 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-09-16 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-16 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Brother
2008-09-16 01:58 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-09-16 01:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 02:23 --------- d-----w C:\Documents and Settings\Dad\Application Data\Ulead Systems
2008-09-14 22:52 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-14 22:44 --------- d-----w C:\Program Files\Ulead Systems
2008-09-14 22:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-09-14 22:42 --------- d-----w C:\Program Files\Windows Media Components
2008-09-14 22:33 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-09-14 22:29 --------- d-----w C:\Program Files\Digital Line Detect
2008-09-14 22:28 --------- d-----w C:\Program Files\Dell Modem-On-Hold
2008-09-14 22:27 --------- d-----w C:\Program Files\UIU
2008-09-14 22:27 --------- d-----w C:\Program Files\CONEXANT
2008-09-14 22:05 --------- d-----w C:\Program Files\CyberLink
2008-09-14 21:57 --------- d-----w C:\Program Files\Sonic
2008-09-14 21:46 --------- d-----w C:\Program Files\MGI
2008-09-14 21:46 --------- d-----w C:\Program Files\Common Files\MGI Shared
2008-09-14 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGI
2008-09-14 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-09-14 20:37 57,344 ----a-w C:\WINDOWS\uneng.exe
2008-09-14 20:37 --------- d-----w C:\Program Files\Roxio
2008-09-14 20:37 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2008-09-14 19:46 --------- d-----w C:\Program Files\Alwil Software
2008-09-14 02:44 155,995 ----a-w C:\WINDOWS\java\Packages\KODB1J7V.ZIP
2008-09-14 02:31 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-25_11.51.26.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-14 22:53:19 167,936 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-10-28 16:11:53 167,936 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-09-14 22:53:19 2,560 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-10-28 16:11:53 2,560 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-09-14 22:53:19 34,304 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-10-28 16:11:53 34,304 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-09-14 22:53:20 8,192 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-10-28 16:11:53 8,192 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-09-14 22:53:20 3,584 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-10-28 16:11:53 3,584 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-09-14 22:53:20 114,688 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-10-28 16:11:53 114,688 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-09-14 22:53:19 16,384 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-10-28 16:11:53 16,384 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-09-14 22:53:19 30,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-10-28 16:11:53 30,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-09-14 22:53:20 22,528 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-10-28 16:11:53 22,528 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-09-14 22:53:19 45,056 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-10-28 16:11:52 45,056 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-09-14 22:53:19 90,112 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-10-28 16:11:52 90,112 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-10-28 14:26:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4b8.dat
+ 2008-10-28 14:26:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 5058560]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-05-20 679936]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2003-12-17 94208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-06 140696]
"nwiz"="nwiz.exe" [2003-10-06 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\Dad\Start Menu\Programs\Startup\
ppcb_32.lnk - C:\Program Files\ppcbooster\ppcb_32.exe [2008-10-15 24576]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.dvsd"= dvc.dll
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2003-12-17 5632]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-06 152984]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-28 20:31:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-28 20:34:19
ComboFix-quarantined-files.txt 2008-10-29 00:34:15
ComboFix2.txt 2008-10-28 14:44:10
ComboFix3.txt 2008-10-28 14:02:38
ComboFix4.txt 2008-10-25 15:51:52
Pre-Run: 27,577,524,224 bytes free
Post-Run: 27,578,134,528 bytes free
185 --- E O F --- 2008-10-24 07:01:12
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 28, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 29, 2008 00:04:12
Records in database: 1354891
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 40815
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 00:58:15
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Program Files\GetModule\GetModule25.exe.vir Infected: Trojan.Win32.Agent.akgc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\g41.exe.vir Infected: Trojan-Clicker.Win32.Agent.bsu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gside.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ymu 1
The selected area was scanned.
Thanks