Logfile of HijackThis v1.99.1
Scan saved at 11:52:47 AM, on 9/9/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mattt\Desktop\HJT\Spyware.exe
C:\WINDOWS\system32\rundll32.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30764797-356F-44BA-864F-70A3969E8CC0} - C:\WINDOWS\System32\yayvu.dll (file missing)
O2 - BHO: 0 - {34FD58AF-15C2-426E-E0A6-AA60C7ED6FF1} - C:\Program Files\MSN\ladupafow712.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe"
O4 - HKLM\..\Run: [EPSON Stylus C61 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C61 Series" /O6 "USB001" /M "Stylus C61"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [hozyl] C:\Program Files\Windows NT\hozyl22011.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvdet.dll,startup
O4 - HKLM\..\Run: [gjchsfej] rundll32.exe "C:\Program Files\gjchsfej\ovsdwxod.dll",Init
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkkjhig - C:\WINDOWS\SYSTEM32\jkkjhig.dll
O20 - Winlogon Notify: winyxm32 - C:\WINDOWS\SYSTEM32\winyxm32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
____________________________________________________________________
ComboFix 07-09-08.7 - "mattt" 2007-09-09 11:39:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.236 [GMT 10:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\ctcjyvyn.dll
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\rebsjybu.dll
C:\DOCUME~1\mattt\Desktop\Find Spyware Remover.lnk
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Hxcerwib
C:\Program Files\Hxcerwib\zxetjhrw.dll
C:\Program Files\mnwripgj
C:\Program Files\mnwripgj\gtyzmzsz.dll
C:\Program Files\MSN\promydyxav.html
C:\Program Files\Qcxhgxrc
C:\Program Files\Qcxhgxrc\rdyftmhf.dll
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\SecCenter\scprot4.exe~
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\asjhhvtd.dll
C:\WINDOWS\system32\dpbdnodf.dll
C:\WINDOWS\system32\eipqbupj.ini
C:\WINDOWS\system32\f03WtR
C:\WINDOWS\system32\f03WtR\f03WtR1066.exe
C:\WINDOWS\system32\hdfwvckj.ini
C:\WINDOWS\system32\hdfwvckj.tmp
C:\WINDOWS\system32\hggfefc.dll
C:\WINDOWS\system32\iknpo.bak1
C:\WINDOWS\system32\iknpo.bak2
C:\WINDOWS\system32\iknpo.ini
C:\WINDOWS\system32\iknpo.ini2
C:\WINDOWS\system32\iknpo.tmp
C:\WINDOWS\system32\illbqadv.ini
C:\WINDOWS\system32\jkcvwfdh.dll
C:\WINDOWS\system32\jpubqpie.dll
C:\WINDOWS\system32\mljjiif.dll
C:\WINDOWS\system32\nnnnmkl.dll
C:\WINDOWS\system32\odqilrmw.exe
C:\WINDOWS\system32\okqipwgf
C:\WINDOWS\system32\okqipwgf\bg1.gif
C:\WINDOWS\system32\okqipwgf\bgtop.gif
C:\WINDOWS\system32\okqipwgf\bottom1.gif
C:\WINDOWS\system32\okqipwgf\essentials.gif
C:\WINDOWS\system32\okqipwgf\icon1.ico
C:\WINDOWS\system32\okqipwgf\install1.gif
C:\WINDOWS\system32\okqipwgf\left1.gif
C:\WINDOWS\system32\okqipwgf\li.gif
C:\WINDOWS\system32\okqipwgf\logo.gif
C:\WINDOWS\system32\okqipwgf\main.htm
C:\WINDOWS\system32\okqipwgf\mainframe.htm
C:\WINDOWS\system32\okqipwgf\okqipwgf1.exe
C:\WINDOWS\system32\okqipwgf\okqipwgf2.exe
C:\WINDOWS\system32\okqipwgf\okqipwgf3.exe
C:\WINDOWS\system32\okqipwgf\reinstall1.gif
C:\WINDOWS\system32\okqipwgf\right1.gif
C:\WINDOWS\system32\okqipwgf\s1.htm
C:\WINDOWS\system32\okqipwgf\s2.htm
C:\WINDOWS\system32\okqipwgf\s3.htm
C:\WINDOWS\system32\okqipwgf\SMTop1.gif
C:\WINDOWS\system32\okqipwgf\SMTop2.gif
C:\WINDOWS\system32\okqipwgf\SMTop3.gif
C:\WINDOWS\system32\okqipwgf\SMTop4.gif
C:\WINDOWS\system32\okqipwgf\soft1_off.gif
C:\WINDOWS\system32\okqipwgf\soft1_off_ext.gif
C:\WINDOWS\system32\okqipwgf\soft1_on.gif
C:\WINDOWS\system32\okqipwgf\soft1_on_ext.gif
C:\WINDOWS\system32\okqipwgf\soft2_off.gif
C:\WINDOWS\system32\okqipwgf\soft2_off_ext.gif
C:\WINDOWS\system32\okqipwgf\soft2_on.gif
C:\WINDOWS\system32\okqipwgf\soft2_on_ext.gif
C:\WINDOWS\system32\okqipwgf\soft3_off.gif
C:\WINDOWS\system32\okqipwgf\soft3_off_ext.gif
C:\WINDOWS\system32\okqipwgf\soft3_on.gif
C:\WINDOWS\system32\okqipwgf\soft3_on_ext.gif
C:\WINDOWS\system32\okqipwgf\softbottom_off.gif
C:\WINDOWS\system32\okqipwgf\softbottom_on.gif
C:\WINDOWS\system32\okqipwgf\softleft_off.gif
C:\WINDOWS\system32\okqipwgf\softleft_on.gif
C:\WINDOWS\system32\okqipwgf\top1.gif
C:\WINDOWS\system32\okqipwgf\top2.gif
C:\WINDOWS\system32\okqipwgf\turnoff1.gif
C:\WINDOWS\system32\okqipwgf\turnon1.gif
C:\WINDOWS\system32\opnki.dll
C:\WINDOWS\system32\psmlfylq.ini
C:\WINDOWS\system32\qbsdutyk.dll
C:\WINDOWS\system32\qlyflmsp.dll
C:\WINDOWS\system32\qmopt.dll
C:\WINDOWS\system32\qomjhed.dll
C:\WINDOWS\system32\rwxuntub.dll
C:\WINDOWS\system32\swkpqueb.dll
C:\WINDOWS\system32\takvvqpg.dll
C:\WINDOWS\system32\ucxfwmyk.dll
C:\WINDOWS\system32\urqqrpp.dll
C:\WINDOWS\system32\vdaqblli.dll
C:\WINDOWS\system32\wqbldybt.dll
C:\WINDOWS\system32\xpdx.sys
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_LANMANDRV
-------\DomainService
-------\lanmandrv
-------\xpdx
((((((((((((((((((((((((( Files Created from 2007-08-09 to 2007-09-09 )))))))))))))))))))))))))))))))
.
2007-09-09 10:58 94,208 --a------ C:\WINDOWS\system32\drvdip.dll
2007-09-09 10:58 15,360 --a------ C:\WINDOWS\system32\drvdipr.dll
2007-09-09 01:39 160,768 --a------ C:\WINDOWS\NirCmd.exe
2007-09-08 19:43 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-08 19:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-08 13:33 19 --a------ C:\WINDOWS\system32\iexchg.dll
2007-09-08 01:08 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-09-08 01:04 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-08 01:04 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-09-08 01:04 <DIR> d-------- C:\DOCUME~1\mattt\APPLIC~1\PC Tools
2007-09-08 00:21 76,089 --a------ C:\Program Files\setup.exe
2007-09-08 00:20 10,240 --a------ C:\Program Files\hlpsrv.exe
2007-09-08 00:18 93,696 --a------ C:\WINDOWS\system32\drvjuz.dll
2007-09-08 00:18 15,360 --a------ C:\WINDOWS\system32\drvjuzr.dll
2007-09-08 00:17 122,900 --a------ C:\WINDOWS\system32\itkanirk.exe
2007-09-08 00:08 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-07 22:53 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2007-09-07 22:53 <DIR> d-------- C:\Program Files\CyberLink
2007-09-07 22:52 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2007-09-07 22:50 74,752 --a------ C:\WINDOWS\system32\unam4ie.exe
2007-09-07 22:49 678,498 --a------ C:\WINDOWS\system32\center.exe
2007-09-07 22:49 50,208 --a------ C:\WINDOWS\system32\win321.exe
2007-09-07 22:49 31,094 --a------ C:\WINDOWS\system32\center2.exe
2007-09-07 22:49 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2007-09-07 22:49 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2007-09-07 22:48 20,992 --a------ C:\WINDOWS\system32\winyxm32.dll
2007-09-07 22:48 <DIR> d-------- C:\WINDOWS\system32\Ztmp2
2007-09-07 22:48 <DIR> d-------- C:\WINDOWS\system32\csnx1
2007-09-07 21:21 155,668 --a------ C:\WINDOWS\system32\ddugkhgq.exe
2007-09-07 21:18 90,132 --a------ C:\WINDOWS\system32\xafmdgts.exe
2007-09-06 21:18 90,132 --a------ C:\WINDOWS\system32\aqukqcyk.exe
2007-09-06 15:48 155,156 --a------ C:\WINDOWS\system32\erivrftp.exe
2007-09-05 15:48 90,132 --a------ C:\WINDOWS\system32\sqmqesix.exe
2007-09-05 15:44 90,132 --a------ C:\WINDOWS\system32\iykfvpvr.exe
2007-09-05 08:09 122,900 --a------ C:\WINDOWS\system32\ygtogumu.exe
2007-09-05 07:39 90,132 --a------ C:\WINDOWS\system32\qjuydxxb.exe
2007-09-04 19:20 <DIR> d-------- C:\Program Files\World of Warcraft
2007-09-04 18:44 90,132 --a------ C:\WINDOWS\system32\yvervptn.exe
2007-09-04 18:40 122,388 --a------ C:\WINDOWS\system32\eijcnfam.exe
2007-09-03 19:18 <DIR> d-------- C:\Program Files\Winamp
2007-09-03 18:39 122,900 --a------ C:\WINDOWS\system32\xawnjeev.exe
2007-09-03 16:00 155,668 --a------ C:\WINDOWS\system32\ifchnmfg.exe
2007-09-03 07:56 90,132 --a------ C:\WINDOWS\system32\jywlmdeb.exe
2007-09-02 23:12 90,132 --a------ C:\WINDOWS\system32\ucokswpu.exe
2007-09-02 15:29 89,620 --a------ C:\WINDOWS\system32\pwminuxi.exe
2007-09-01 15:29 122,900 --a------ C:\WINDOWS\system32\taehfdne.exe
2007-09-01 13:57 90,132 --a------ C:\WINDOWS\system32\ctrfdrtp.exe
2007-08-31 20:25 90,132 --a------ C:\WINDOWS\system32\lqjrqpxs.exe
2007-08-30 20:25 122,900 --a------ C:\WINDOWS\system32\kwjqgwbr.exe
2007-08-30 16:36 122,900 --a------ C:\WINDOWS\system32\xbbnthxl.exe
2007-08-29 16:33 90,132 --a------ C:\WINDOWS\system32\vrgajwyt.exe
2007-08-29 16:31 122,388 --a------ C:\WINDOWS\system32\eedpcyry.exe
2007-08-29 16:26 122,900 --a------ C:\WINDOWS\system32\pouyxjmq.exe
2007-08-27 21:23 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-23 15:17 <DIR> d-------- C:\Program Files\GNU
2007-08-22 00:12 <DIR> d-------- C:\DOCUME~1\mattt\Shared
2007-08-18 22:14 <DIR> d-------- C:\Program Files\Windows Live
2007-08-16 20:54 90,132 --a------ C:\WINDOWS\system32\opostumr.exe
2007-08-16 16:47 90,132 --a------ C:\WINDOWS\system32\wditepol.exe
2007-08-15 16:45 89,620 --a------ C:\WINDOWS\system32\evfsejnu.exe
2007-08-14 23:49 <DIR> d-------- C:\DOCUME~1\mattt\APPLIC~1\LimeWire
2007-08-14 22:57 122,900 --a------ C:\WINDOWS\system32\wajyjbvh.exe
2007-08-13 22:55 90,132 --a------ C:\WINDOWS\system32\ifeoxibn.exe
2007-08-13 13:00 90,132 --a------ C:\WINDOWS\system32\lgsbswdt.exe
2007-08-13 06:43 <DIR> d-------- C:\Program Files\TGTSoft
2007-08-12 13:00 90,132 --a------ C:\WINDOWS\system32\dmdqwwhc.exe
2007-08-10 22:20 90,132 --a------ C:\WINDOWS\system32\usmvsmdc.exe
2007-08-09 22:20 122,900 --a------ C:\WINDOWS\system32\eiddgjxe.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-09 11:48 --------- d-------- C:\Program Files\Steam
2007-09-09 11:38 --------- d-------- C:\Program Files\HLSW
2007-09-08 19:42 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-08 00:28 --------- d-------- C:\Program Files\PartyGaming
2007-09-07 22:53 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-07 22:52 --------- d-------- C:\Program Files\mIRC
2007-09-04 19:56 --------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-09-04 19:19 --------- d-------- C:\Program Files\Warcraft III
2007-08-18 22:14 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-08-07 22:22 --------- d-------- C:\Program Files\LimeWire
2007-08-07 22:18 110100 --a------ C:\WINDOWS\system32\bscgqtnh.exe
2007-08-07 22:17 618004 --a------ C:\WINDOWS\system32\kehywtok.exe
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-06 17:49 77844 --a------ C:\WINDOWS\system32\whultqtk.exe
2007-08-05 17:49 241684 --a------ C:\WINDOWS\system32\fnjnpkdy.exe
2007-08-04 17:48 110612 --a------ C:\WINDOWS\system32\muexwqvv.exe
2007-08-03 17:46 77844 --a------ C:\WINDOWS\system32\oiqkpajf.exe
2007-08-02 17:45 77844 --a------ C:\WINDOWS\system32\uwjhmqqo.exe
2007-08-01 17:45 143380 --a------ C:\WINDOWS\system32\qtheugei.exe
2007-07-31 17:45 77844 --a------ C:\WINDOWS\system32\fsrebjuk.exe
2007-07-30 17:45 77844 --a------ C:\WINDOWS\system32\jtqaccqy.exe
2007-07-29 17:45 143380 --a------ C:\WINDOWS\system32\ajahhpap.exe
2007-07-28 22:16 77844 --a------ C:\WINDOWS\system32\fxdkpjfx.exe
2007-07-28 13:34 --------- d-------- C:\DOCUME~1\mattt\APPLIC~1\Media Player Classic
2007-07-26 22:13 143380 --a------ C:\WINDOWS\system32\jacvrhlr.exe
2007-07-25 22:13 77844 --a------ C:\WINDOWS\system32\aerbmkjs.exe
2007-07-24 22:13 307220 --a------ C:\WINDOWS\system32\ylkrwxeo.exe
2007-07-23 22:11 77844 --a------ C:\WINDOWS\system32\wocmrueg.exe
2007-07-22 22:11 77844 --a------ C:\WINDOWS\system32\uljwgian.exe
2007-07-21 22:11 143380 --a------ C:\WINDOWS\system32\detdnvir.exe
2007-07-20 23:28 --------- d-------- C:\Program Files\Ahead
2007-07-20 22:15 --------- d-------- C:\DOCUME~1\mattt\APPLIC~1\Ashampoo
2007-07-20 22:15 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ashampoo
2007-07-20 22:14 --------- d-------- C:\Program Files\Ashampoo
2007-07-20 22:09 77844 --a------ C:\WINDOWS\system32\hgovbbwr.exe
2007-07-19 22:08 77844 --a------ C:\WINDOWS\system32\ibmynxvv.exe
2007-07-18 22:08 77844 --a------ C:\WINDOWS\system32\rhiumwjx.exe
2007-07-17 22:08 110612 --a------ C:\WINDOWS\system32\ddgnfibj.exe
2007-07-15 22:05 77844 --a------ C:\WINDOWS\system32\opgphgvj.exe
2007-07-15 12:30 --------- d-------- C:\DOCUME~1\mattt\APPLIC~1\Google
2007-07-15 12:29 --------- d-------- C:\Program Files\Google
2007-07-14 22:04 77844 --a------ C:\WINDOWS\system32\vyfehthb.exe
2007-07-13 22:05 110612 --a------ C:\WINDOWS\system32\ylnmlttm.exe
2007-07-11 22:02 77844 --a------ C:\WINDOWS\system32\lbybyppv.exe
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-11 10:55 --------- d-------- C:\Program Files\Real Alternative
2007-07-11 10:55 --------- d-------- C:\Program Files\Media Player Classic
2007-07-11 10:55 --------- d-------- C:\DOCUME~1\mattt\APPLIC~1\Real
2007-07-11 10:55 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-07-11 10:51 --------- d-------- C:\Program Files\VIDEOzilla
2007-07-11 10:51 --------- d-------- C:\DOCUME~1\mattt\APPLIC~1\Help
2007-07-10 22:02 143380 --a------ C:\WINDOWS\system32\xvjfjtrn.exe
2007-07-07 22:00 65556 --a------ C:\WINDOWS\system32\cqqebaiy.exe
2007-07-06 22:00 65044 --a------ C:\WINDOWS\system32\ptdrxsfx.exe
2007-07-05 21:57 135188 --a------ C:\WINDOWS\system32\rhsjhoug.exe
2007-07-04 21:57 135188 --a------ C:\WINDOWS\system32\hgompksf.exe
2007-07-02 21:58 135188 --a------ C:\WINDOWS\system32\qelynleo.exe
2007-07-02 19:46 167956 --a------ C:\WINDOWS\system32\qvpwnygm.exe
2007-07-01 19:35 266260 --a------ C:\WINDOWS\system32\donhdnkj.exe
2007-06-29 09:04 167956 --a------ C:\WINDOWS\system32\odfgwdjl.exe
2007-06-28 07:53 167956 --a------ C:\WINDOWS\system32\jpapdjyb.exe
2007-06-27 07:51 135188 --a------ C:\WINDOWS\system32\eerxullp.exe
2007-06-26 07:51 167956 --a------ C:\WINDOWS\system32\llvqkmcm.exe
2007-06-25 07:49 135188 --a------ C:\WINDOWS\system32\ifsldjoc.exe
2007-06-24 23:40 200724 --a------ C:\WINDOWS\system32\rdagwlyc.exe
2007-06-23 23:44 135188 --a------ C:\WINDOWS\system32\ajtcowms.exe
2007-06-23 23:41 15892 --a------ C:\WINDOWS\system32\jptlpvqg.exe
2007-06-22 23:38 135188 --a------ C:\WINDOWS\system32\ooucvlqq.exe
2007-06-21 23:39 135188 --a------ C:\WINDOWS\system32\rbxowyor.exe
2007-06-20 23:38 167956 --a------ C:\WINDOWS\system32\dnwtwxft.exe
2007-06-19 23:38 13844 --a------ C:\WINDOWS\system32\xlpwnaom.exe
2007-06-13 17:44 106496 --a------ C:\WINDOWS\system32\qttask.exe
2006-12-03 11:05 2522 --a------ C:\Program Files\func.js
2006-11-25 17:57 482 --a------ C:\Program Files\Del.js
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30764797-356F-44BA-864F-70A3969E8CC0}]
C:\WINDOWS\System32\yayvu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34FD58AF-15C2-426E-E0A6-AA60C7ED6FF1}]
C:\Program Files\MSN\ladupafow712.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 14:49 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 15:29]
"Cmaudio"="cmicnfg.cpl" []
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 15:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"TosGbWatcher"="C:\Program Files\TOSHIBA\gigabeat room 3.0\TosGbWatcher.exe" [2005-11-07 03:00]
"EPSON Stylus C61 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 13:05]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-11-26 23:42]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"hozyl"="C:\Program Files\Windows NT\hozyl22011.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-08 13:52]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Steam"="c:\program files\steam\steam.exe" [2007-06-28 15:03]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-25 04:31]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winyxm32]
winyxm32.dll 2007-09-07 22:48 20992 C:\WINDOWS\system32\winyxm32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL
R0 Spssys;Toshiba SPS Service;C:\WINDOWS\System32\drivers\spssys.sys
R3 ovt519;EyeToy;C:\WINDOWS\System32\Drivers\ov519vid.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\System32\DRIVERS\loop.sys
S3 SiS7018;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\System32\drivers\ac97sis.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-09-07 17:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-09-09 11:47:18
Windows 5.1.2600 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\asc3550o]
.
Completion time: 2007-09-09 11:49:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-09 11:49
.
--- E O F ---