ComboFix 07-09-08.8 - "Owner" 2007-09-10 13:49:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT -4:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\moveex.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\RegDACL.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\zip.exe
C:\SDFix\attrib.exe
C:\SDFix\backupreg\AppInit_DLLs.reg
C:\SDFix\backupreg\BackupSDRepairXP.reg
C:\SDFix\backupreg\bat_shell_open.reg
C:\SDFix\backupreg\BHO.reg
C:\SDFix\backupreg\CLSID.reg
C:\SDFix\backupreg\com_shell_open.reg
C:\SDFix\backupreg\ControlPanel_Load.reg
C:\SDFix\backupreg\ControlPanel_Load1.reg
C:\SDFix\backupreg\exe_shell_open.reg
C:\SDFix\backupreg\HKCUPolicy.reg
C:\SDFix\backupreg\HKCURun.reg
C:\SDFix\backupreg\HKCURunServices.reg
C:\SDFix\backupreg\HKLMPolicy.reg
C:\SDFix\backupreg\HKLMRun.reg
C:\SDFix\backupreg\HKLMRunServices.reg
C:\SDFix\backupreg\hta_shell_open.reg
C:\SDFix\backupreg\IEMain.reg
C:\SDFix\backupreg\Installed_Components.reg
C:\SDFix\backupreg\Legacy.reg
C:\SDFix\backupreg\pif_shell_open.reg
C:\SDFix\backupreg\reg_shell_open.reg
C:\SDFix\backupreg\Services.reg
C:\SDFix\backupreg\SharedTaskScheduler.reg
C:\SDFix\backupreg\ShellServiceObjectDelayLoad.reg
C:\SDFix\backupreg\txt_shell_open.reg
C:\SDFix\backupreg\Winlogon.reg
C:\SDFix\backupreg\WinlogonNotify.reg
C:\SDFix\backups_old1\capt.gif
C:\SDFix\backups_old1\danger.jpg
C:\SDFix\backups_old1\dat.txt
C:\SDFix\backups_old1\down.gif
C:\SDFix\backups_old1\index.htm
C:\SDFix\backups_old1\msmdev.dll
C:\SDFix\backups_old1\msmhost.dll
C:\SDFix\backups_old1\nsduo.dll
C:\SDFix\backups_old1\rs.txt
C:\SDFix\backups_old1\spacer.gif
C:\SDFix\backups_old1\wmpdev.dll
C:\SDFix\catchme.exe
C:\SDFix\dummy.sys
C:\SDFix\find.exe
C:\SDFix\Find.txt
C:\SDFix\FindMurlo.txt
C:\SDFix\Findrun.txt
C:\SDFix\Findrun2.txt
C:\SDFix\Findrun3.txt
C:\SDFix\Findrun66.txt
C:\SDFix\Findrun67.txt
C:\SDFix\findstr.exe
C:\SDFix\HOSTS
C:\SDFix\kill.txt
C:\SDFix\ndloc.txt
C:\SDFix\regedit.exe
C:\SDFix\Report.txt
C:\SDFix\Report_old_1.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.
2007-09-10 00:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-09 23:44 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
2007-09-09 23:44 <DIR> d-------- C:\WINDOWS\cache
2007-09-09 23:44 <DIR> d-------- C:\VundoFix Backups
2007-09-09 23:44 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-09 23:44 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-09-09 23:44 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-09-09 23:40 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-09 12:22 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-09 12:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 10:54 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-09 10:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-08 13:42 <DIR> d-------- C:\DOCUME~1\Owner\.housecall6.6
2007-09-08 13:29 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ntr
2007-09-07 07:55 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-09-07 07:55 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\PCSecureSystem
2007-09-06 10:33 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-06 10:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-20 09:35 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\CyberLink
2007-08-19 17:25 <DIR> d-------- C:\Program Files\Synaptics
2007-08-19 17:15 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-08-19 17:15 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-08-19 17:15 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-08-19 16:56 12,292,303 --------- C:\avg7qt.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-09 23:44 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-09-09 23:38 --------- d-------- C:\Program Files\Google
2007-08-24 08:37 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-24 08:37 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-20 09:19 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Google
2007-08-05 01:07 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 01:07 --------- d-------- C:\Program Files\CyberLink
2007-08-04 23:55 --------- d-------- C:\Program Files\Windows Messaging
2007-08-04 23:34 --------- d-------- C:\Program Files\Lavasoft
2007-08-04 23:34 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-04 23:33 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-04 22:49 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-04 22:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-04 21:34 --------- d-------- C:\Program Files\SigmaTel
2007-08-04 21:32 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\ATI
2007-08-04 21:30 5 --a------ C:\WINDOWS\system32\drivers\DELL_INS_1501.MRK
2007-08-04 21:30 5 --a------ C:\WINDOWS\system32\drivers\1028_DELL_INS_1501.MRK
2007-08-04 21:30 --------- d-------- C:\Program Files\ATI Technologies
2007-08-04 21:29 --------- d-------- C:\Program Files\Dell
2007-08-04 21:26 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-04 21:24 --------- d-------- C:\Program Files\Broadcom
2007-08-04 21:23 --------- d-------- C:\Program Files\DIFX
2007-08-04 21:23 --------- d-------- C:\Program Files\CONEXANT
2007-08-04 21:22 --------- d-------- C:\Program Files\AMD
2007-08-04 20:56 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot_2007-09-09_123105.32 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 39,424 2006-10-04 14:05:26 C:\WINDOWS\AppPatch\acadproc.dll
----a-w 141,424 2006-08-24 12:28:54 C:\WINDOWS\Downloaded Program Files\asinst.dll
----a-w 1,683,456 2007-09-10 01:22:19 C:\WINDOWS\ERUNT\SDFIX\Users 000001\NTUSER.DAT
----a-w 143,360 2007-09-10 01:22:19 C:\WINDOWS\ERUNT\SDFIX\Users 000002\UsrClass.dat
----a-w 73,728 2006-08-02 16:39:06 C:\WINDOWS\system32\asuninst.exe
----a-w 47,104 2007-09-10 17:53:45 C:\WINDOWS\system32\rpcnet.dll
----a-w 16,896 2007-09-10 17:53:52 C:\WINDOWS\system32\Rpcnetp.exe
----a-w 11,776 2003-03-25 22:53:50 C:\WINDOWS\system32\ZPORT4AS.dll
----a-w 110,592 2007-03-29 13:20:50 C:\WINDOWS\system32\ActiveScan\as.dll
----a-w 233,472 2006-10-05 20:15:26 C:\WINDOWS\system32\ActiveScan\ascontrol.dll
----a-w 96,256 2005-06-03 18:03:18 C:\WINDOWS\system32\ActiveScan\asmdat.dll
----a-w 36,864 2003-08-01 15:00:16 C:\WINDOWS\system32\ActiveScan\certdll.dll
----a-w 86,016 2005-05-20 17:42:44 C:\WINDOWS\system32\ActiveScan\instlsp.dll
----a-w 4,608 2006-02-16 22:20:20 C:\WINDOWS\system32\ActiveScan\memvfile.dll
----a-w 348,160 2005-10-25 22:08:32 C:\WINDOWS\system32\ActiveScan\msvcr71.dll
----a-w 139,264 2004-05-04 19:01:02 C:\WINDOWS\system32\ActiveScan\pavaleas.dll
----a-w 45,056 2006-07-14 17:04:10 C:\WINDOWS\system32\ActiveScan\pavdr.exe
----a-w 159,832 2006-04-10 14:50:02 C:\WINDOWS\system32\ActiveScan\pavexcom.dll
----a-w 94,208 2006-02-14 17:05:38 C:\WINDOWS\system32\ActiveScan\pavinas.dll
----a-w 180,224 2006-02-16 22:35:38 C:\WINDOWS\system32\ActiveScan\pavoe.dll
----a-w 122,880 2006-10-05 20:15:38 C:\WINDOWS\system32\ActiveScan\pavpz.dll
----a-w 8,704 2006-06-30 18:13:38 C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
----a-w 49,152 2004-02-04 18:08:42 C:\WINDOWS\system32\ActiveScan\port32.dll
----a-w 69,632 2006-08-01 17:23:10 C:\WINDOWS\system32\ActiveScan\pscpu.dll
----a-w 1,388,544 2006-08-23 17:06:08 C:\WINDOWS\system32\ActiveScan\pskahk.dll
----a-w 10,752 2006-08-17 15:38:14 C:\WINDOWS\system32\ActiveScan\pskalloc.dll
----a-w 61,440 2006-09-04 15:49:54 C:\WINDOWS\system32\ActiveScan\pskas.dll
----a-w 779,264 2006-08-18 12:46:18 C:\WINDOWS\system32\ActiveScan\pskavs.dll
----a-w 417,792 2007-03-26 18:25:34 C:\WINDOWS\system32\ActiveScan\pskcmp.dll
----a-w 90,112 2006-08-09 14:42:24 C:\WINDOWS\system32\ActiveScan\pskfss.dll
----a-w 208,896 2006-07-19 14:55:58 C:\WINDOWS\system32\ActiveScan\pskhtml.dll
----a-w 9,728 2006-01-20 20:57:00 C:\WINDOWS\system32\ActiveScan\pskmas.dll
----a-w 14,336 2006-05-17 13:50:12 C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
----a-w 33,280 2006-08-16 14:58:12 C:\WINDOWS\system32\ActiveScan\pskpack.dll
----a-w 266,240 2006-06-30 18:42:36 C:\WINDOWS\system32\ActiveScan\pskscs.dll
----a-w 62,976 2006-08-17 18:33:14 C:\WINDOWS\system32\ActiveScan\pskutil.dll
----a-w 13,312 2006-08-08 17:13:10 C:\WINDOWS\system32\ActiveScan\pskvfile.dll
----a-w 69,632 2006-08-18 12:53:08 C:\WINDOWS\system32\ActiveScan\pskvfs.dll
----a-w 167,936 2006-08-18 12:49:50 C:\WINDOWS\system32\ActiveScan\pskvm.dll
----a-w 353,840 2007-04-18 21:16:04 C:\WINDOWS\system32\ActiveScan\psscan.dll
----a-w 35,328 2007-01-22 18:42:48 C:\WINDOWS\system32\ActiveScan\rawvfile.dll
----a-w 9,488 1997-09-18 10:12:32 C:\WINDOWS\system32\ActiveScan\sporder.dll
----a-w 69,632 2006-02-28 21:23:40 C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
----a-r 190,696 2007-06-11 17:04:38 C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
----a-w 1,714,036 2007-09-10 03:44:42 C:\WINDOWS\system32\Restore\rstrlog.dat
--sha-w 16,384 2007-09-10 17:53:54 C:\WINDOWS\temp\Cookies\index.dat
--sha-w 16,384 2007-09-10 17:53:54 C:\WINDOWS\temp\History\History.IE5\index.dat
--sha-w 32,768 2007-09-10 17:53:54 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat
.
------w 39,424 2006-10-04 14:05:26 C:\WINDOWS\AppPatch\acadproc.dll
----a-w 372,736 2007-09-09 16:23:20 C:\WINDOWS\ERUNT\SDFIX\Users 000001\NTUSER.DAT
----a-w 8,192 2007-09-09 16:23:21 C:\WINDOWS\ERUNT\SDFIX\Users 000002\UsrClass.dat
----a-w 47,104 2007-09-09 16:27:44 C:\WINDOWS\system32\rpcnet.dll
----a-w 16,896 2007-09-09 16:28:07 C:\WINDOWS\system32\Rpcnetp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 14:19 C:\WINDOWS\stsystra.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-19 17:04]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-07-11]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11]
R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-09-10 13:54:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-10 13:55:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-10 13:55
C:\ComboFix2.txt ... 2007-09-09 12:31
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 3:07:16 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\JOE\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, September 10, 2007 3:05:49 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 9/09/2007
Kaspersky Anti-Virus database records: 410621
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 29065
Number of viruses found: 6
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 00:23:50
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\BITCA7.tmp.bac_a07840/ac8zt2/duocore.dll Infected: not-a-virus:AdWare.Win32.Agent.el skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\BITCA7.tmp.bac_a07840/ac8zt2/edi.exe Infected: Trojan-Downloader.Win32.Zlob.cdd skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\BITCA7.tmp.bac_a07840/ac8zt2/wmpconf.dll Infected: not-a-virus:AdWare.Win32.Agent.fr skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\BITCA7.tmp.bac_a07840/ac8zt2/wmpenv.dll Infected: not-a-virus:AdWare.Win32.Agent.fg skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\BITCA7.tmp.bac_a07840 ZIP: infected - 4 skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\BITCA7.tmp.bac_a07840 CryptFF.b: infected - 4 skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\BITCAF.tmp.bac_a07840/ac8zt2/duocore.dll Infected: not-a-virus:AdWare.Win32.Agent.el skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\BITCAF.tmp.bac_a07840/ac8zt2/edi.exe Infected: Trojan-Downloader.Win32.Zlob.cdd skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\BITCAF.tmp.bac_a07840/ac8zt2/wmpconf.dll Infected: not-a-virus:AdWare.Win32.Agent.fr skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\BITCAF.tmp.bac_a07840/ac8zt2/wmpenv.dll Infected: not-a-virus:AdWare.Win32.Agent.fg skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\BITCAF.tmp.bac_a07840 ZIP: infected - 4 skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\BITCAF.tmp.bac_a07840 CryptFF.b: infected - 4 skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_234.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_aa0.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF92FC.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{DE2D026A-F7AF-4887-A898-2733F722913D}\RP33\A0010504.dll Infected: not-a-virus:AdWare.Win32.HotBar.cc skipped
C:\System Volume Information\_restore{DE2D026A-F7AF-4887-A898-2733F722913D}\RP34\A0010571.dll Infected: not-a-virus:AdWare.Win32.Agent.fr skipped
C:\System Volume Information\_restore{DE2D026A-F7AF-4887-A898-2733F722913D}\RP34\A0010587.exe Infected: not-a-virus:AdWare.Win32.Agent.gy skipped
C:\System Volume Information\_restore{DE2D026A-F7AF-4887-A898-2733F722913D}\RP34\A0010595.exe Infected: not-a-virus:AdWare.Win32.Agent.gy skipped
C:\System Volume Information\_restore{DE2D026A-F7AF-4887-A898-2733F722913D}\RP40\A0010998.exe Object is locked skipped
C:\System Volume Information\_restore{DE2D026A-F7AF-4887-A898-2733F722913D}\RP41\A0011166.exe Object is locked skipped
C:\System Volume Information\_restore{DE2D026A-F7AF-4887-A898-2733F722913D}\RP42\A0011790.exe Object is locked skipped
C:\System Volume Information\_restore{DE2D026A-F7AF-4887-A898-2733F722913D}\RP42\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E3D77804-09F5-498C-984A-EF1842C8C376}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.