Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.242 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Application Data\FunWebProducts
C:\Program Files\FunWebProducts
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aaroqqtj.dll
C:\WINDOWS\system32\aaycf.ini
C:\WINDOWS\system32\aaycf.ini2
C:\WINDOWS\system32\adkakaks.dll
C:\WINDOWS\system32\afpxjttx.ini
C:\WINDOWS\system32\ahcmjfvh.dll
C:\WINDOWS\system32\aihdjykt.dll
C:\WINDOWS\system32\bbsyyhnd.ini
C:\WINDOWS\system32\cdwqwvjo.ini
C:\WINDOWS\system32\ckjognue.dll
C:\WINDOWS\system32\ddomqdsn.dll
C:\WINDOWS\system32\diadgaud.dll
C:\WINDOWS\system32\dnpjxmqg.dll
C:\WINDOWS\system32\dytruept.dll
C:\WINDOWS\system32\ecaevfnu.dll
C:\WINDOWS\system32\exhniydf.dll
C:\WINDOWS\system32\feetgbbh.dll
C:\WINDOWS\system32\fmvfvrrj.dll
C:\WINDOWS\system32\fospocyx.dll
C:\WINDOWS\system32\fxrxvupq.dll
C:\WINDOWS\system32\gorgyorn.dll
C:\WINDOWS\system32\houlhmhe.dll
C:\WINDOWS\system32\hpjikbef.dll
C:\WINDOWS\system32\hvypwxnq.ini
C:\WINDOWS\system32\hxkqtfpp.dll
C:\WINDOWS\system32\iaqonvmt.dll
C:\WINDOWS\system32\iaqtiybs.dll
C:\WINDOWS\system32\ihhjl.ini
C:\WINDOWS\system32\ihhjl.ini2
C:\WINDOWS\system32\iiwrxqqy.dll
C:\WINDOWS\system32\isgxirpy.ini
C:\WINDOWS\system32\jdhouexg.dll
C:\WINDOWS\system32\jgxtyqdh.ini
C:\WINDOWS\system32\jmakosxv.ini
C:\WINDOWS\system32\jtfhnbyu.dll
C:\WINDOWS\system32\jyvrinnb.dll
C:\WINDOWS\system32\kaeiwqvk.dll
C:\WINDOWS\system32\kfiqaftq.dll
C:\WINDOWS\system32\kxrdsxwu.ini
C:\WINDOWS\system32\mcrbcfmw.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mmnoqjmd.ini
C:\WINDOWS\system32\mywfwdoy.dll
C:\WINDOWS\system32\nbcmhqoh.dll
C:\WINDOWS\system32\nffkloal.ini
C:\WINDOWS\system32\njcaeraf.ini
C:\WINDOWS\system32\nnhuirwa.ini
C:\WINDOWS\system32\nroygrog.ini
C:\WINDOWS\system32\nvghgijb.ini
C:\WINDOWS\system32\nwwntwau.ini
C:\WINDOWS\system32\nxaaxliu.dll
C:\WINDOWS\system32\oiitdslb.ini
C:\WINDOWS\system32\okotctvg.ini
C:\WINDOWS\system32\pbewsxrf.dll
C:\WINDOWS\system32\pjikirpo.ini
C:\WINDOWS\system32\prmftnnr.ini
C:\WINDOWS\system32\psasbqbe.ini
C:\WINDOWS\system32\puyqgtyn.dll
C:\WINDOWS\system32\qcumtuvq.dll
C:\WINDOWS\system32\qidcmgpd.dll
C:\WINDOWS\system32\qtfaqifk.ini
C:\WINDOWS\system32\qwuiqcus.dll
C:\WINDOWS\system32\rcuilpfi.ini
C:\WINDOWS\system32\reqhlrtj.ini
C:\WINDOWS\system32\rnxpawnv.ini
C:\WINDOWS\system32\slksmctm.dll
C:\WINDOWS\system32\sonhwqiy.ini
C:\WINDOWS\system32\soulakin.ini
C:\WINDOWS\system32\thylimst.ini
C:\WINDOWS\system32\tjqemhfw.ini
C:\WINDOWS\system32\uurcfbtq.ini
C:\WINDOWS\system32\uustkfxv.dll
C:\WINDOWS\system32\uvjlhkxq.ini
C:\WINDOWS\system32\uybnhftj.ini
C:\WINDOWS\system32\vgogpyab.ini
C:\WINDOWS\system32\vncdrwrb.ini
C:\WINDOWS\system32\vpekesah.ini
C:\WINDOWS\system32\vpqhfuop.ini
C:\WINDOWS\system32\vulxtegk.dll
C:\WINDOWS\system32\wlqxgbng.ini
C:\WINDOWS\system32\wmpqyvdm.ini
C:\WINDOWS\system32\xcreialo.dll
C:\WINDOWS\system32\xffoswuq.dll
C:\WINDOWS\system32\xoltuabu.dll
C:\WINDOWS\system32\xylrkkkp.dll
C:\WINDOWS\system32\yhgpjpbe.dll
C:\WINDOWS\system32\yiiwoplc.dll
C:\WINDOWS\system32\yqqxrwii.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SZKG5
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-13 11:59 . 2008-04-13 11:59 3,648 --a------ C:\WINDOWS\system32\epwjjall.dll
2008-04-12 18:06 . 2008-04-12 18:06 3,648 --a------ C:\WINDOWS\system32\fppptlna.dll
2008-04-12 14:41 . 2008-04-12 14:51 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-04-11 20:16 . 2008-04-11 20:16 3,648 --a------ C:\WINDOWS\system32\wvotlitt.dll
2008-04-10 15:14 . 2008-04-10 15:14 3,648 --a------ C:\WINDOWS\system32\kotiscoi.dll
2008-04-09 15:15 . 2008-04-09 15:15 3,648 --a------ C:\WINDOWS\system32\fljciqbm.dll
2008-04-08 18:50 . 2008-04-08 18:50 3,648 --a------ C:\WINDOWS\system32\mvfmgrhx.dll
2008-04-08 13:09 . 2008-04-11 20:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 13:09 . 2008-04-08 13:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-08 13:09 . 2008-04-08 13:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-04-08 10:50 . 2008-04-08 10:50 3,648 --a------ C:\WINDOWS\system32\rcrqnvat.dll
2008-04-02 19:19 . 2008-04-02 19:19 <DIR> d-------- C:\Program Files\MalwareAlarm
2008-04-02 16:18 . 2008-04-02 16:18 <DIR> d--hs---- C:\found.001
2008-04-01 18:54 . 2008-04-01 18:55 <DIR> d-------- C:\Program Files\ThreatFire
2008-04-01 18:54 . 2008-04-01 18:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2008-04-01 18:54 . 2008-02-15 10:20 51,520 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2008-04-01 18:54 . 2008-02-15 10:21 41,280 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys
2008-04-01 18:54 . 2008-02-15 10:21 33,088 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2008-04-01 18:54 . 2008-02-15 10:21 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-04-01 18:49 . 2008-04-03 03:26 1,025 --a------ C:\rollback.ini
2008-04-01 18:38 . 2008-04-08 21:42 1,089,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-01 18:38 . 2008-04-12 14:48 30,496 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-01 18:38 . 2008-04-02 23:49 2,612 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-01 18:38 . 2008-04-02 23:49 1,484 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-01 18:25 . 2008-04-01 18:25 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic Anti-Virus PLUS
2008-04-01 18:18 . 2008-04-01 18:21 <DIR> d-------- C:\Program Files\Easy SpyRemover
2008-04-01 18:00 . 2008-04-12 14:46 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-04-01 18:00 . 2008-04-01 18:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ParetoLogic
2008-04-01 18:00 . 2008-04-12 14:45 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
2008-04-01 17:58 . 2008-04-01 18:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
2008-04-01 11:24 . 2008-04-04 12:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SITEguard
2008-04-01 11:21 . 2008-04-01 11:21 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-04-01 11:21 . 2008-04-12 14:39 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2008-04-01 10:49 . 2008-04-01 10:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 19:07 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-03-30 19:07 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-03-30 12:32 . 2008-03-30 22:43 <DIR> d-------- C:\Program Files\ErrorSmart
2008-03-30 12:32 . 2008-03-30 13:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ErrorSmart
2008-03-30 11:12 . 2008-03-30 11:12 <DIR> d--hs---- C:\found.000
2008-03-28 15:12 . 2008-03-29 21:46 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SecureIE2004
2008-03-28 15:07 . 2008-03-28 15:07 <DIR> d-------- C:\Program Files\Winferno
2008-03-28 14:59 . 2008-03-30 20:39 <DIR> d-------- C:\Program Files\1st IEAssistant
2008-03-28 14:46 . 2008-03-28 20:23 <DIR> d-------- C:\Program Files\FilterGate
2008-03-24 13:48 . 2008-03-25 14:02 1,327,604 --ahs---- C:\WINDOWS\system32\gohylsms.ini
2008-03-20 14:41 . 2008-03-20 14:41 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-03-20 14:40 . 2008-03-30 22:10 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-03-18 20:08 . 2008-03-18 20:57 1,536,267 --ahs---- C:\WINDOWS\system32\cjnkpkns.ini
2008-03-17 21:12 . 2008-03-17 21:12 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-17 21:10 . 2008-03-30 20:39 <DIR> d-------- C:\Program Files\The Cleaner Free
2008-03-17 18:02 . 2008-03-19 09:20 238 --a------ C:\WINDOWS\mafosav.INI
2008-03-17 17:57 . 2008-03-18 21:08 <DIR> d-------- C:\Program Files\Mario Forever
2008-03-15 12:04 . 2008-03-16 08:10 1,314,869 --ahs---- C:\WINDOWS\system32\iyhrelpk.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 05:54 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-04-08 23:49 --------- d-----w C:\Program Files\Lx_cats
2008-04-08 03:56 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-08 01:51 --------- d-----w C:\Program Files\MSN Games
2008-04-08 01:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-04-07 12:54 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-03 05:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-03-31 03:25 --------- d-----w C:\Program Files\DivX
2008-03-26 04:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-22 22:01 --------- d-----w C:\Program Files\Google
2008-03-19 01:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\alot
2008-03-14 03:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-14 03:05 --------- d-----w C:\Program Files\Windows Live
2008-02-17 21:57 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-02-16 06:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-15 22:49 20,992 ----a-w C:\WINDOWS\jestertb.dll
2008-01-14 21:37 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
------- Sigcheck -------
2004-08-04 05:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2004-08-04 05:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe
2005-03-02 13:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 10:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 05:00 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 13:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 10:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
2007-03-08 10:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll
2004-08-04 05:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 05:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll
2006-03-03 22:58 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2007-06-26 09:35 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 07:55 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-08-20 05:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-10 18:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-06 21:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2006-03-03 22:33 658432 1c0979c7a489bee573cd0bf4ad94bb06 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 09:09 658944 184e47c8f7b331025e6dc92740db188f C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 08:12 658944 1901ad51da8be9f8b38d5d526e5d1788 C:\WINDOWS\ie7\wininet.dll
2007-08-13 21:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 05:04 824832 774435e499d8e9643ec961a6103c361f C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-10 18:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-06 21:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\system32\wininet.dll
2007-12-06 21:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\system32\dllcache\wininet.dll
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-04 05:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
2004-08-04 05:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-04 05:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-04 05:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 05:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-04 05:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-01 19:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-02-20 22:36 2057984 501c033d08ac37c4be751633ab02197c C:\WINDOWS\$hf_mig$\KB914882\SP2QFE\ntkrnlpa.exe
2005-03-29 20:01 2056832 9a06915a29434202e8d39456822b3a12 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-01 20:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-02-20 23:01 2180992 df4d09b676964646fa166a78c816b4c3 C:\WINDOWS\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
2005-03-29 20:23 2179584 255449e7f00e23d9b10ae8cdd5f73e56 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 05:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 05:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 05:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65F3B6F6-49E0-4016-B5C8-B6BDACC5DD2C}]
C:\WINDOWS\system32\fcyaa.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71C439E5-A474-4732-8D3C-9E459DB4EAEA}]
C:\WINDOWS\system32\ljhhi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8260C2B8-E0D1-448a-B062-33D12D468BF0}]
C:\Program Files\alot\bin\alot.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 14:54 5674352]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 19:43 4670704]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33 8720384]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 15:22 121640]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"HijackThis startup scan"="C:\Program Files\Hijackthis\HijackThis.exe" [2005-02-16 11:06 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 11:30 65536]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 18:19 129536]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-08 06:04 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33 8720384]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 13:04:38 54776]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\14009fd2]
C:\WINDOWS\system32\iiwrxqqy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 12:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2002-09-10 23:26 368706 C:\Program Files\BroadJump\Client Foundation\CFD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM1733ac4e]
C:\WINDOWS\system32\pbewsxrf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2004-03-23 17:07 294912 C:\Program Files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HijackThis startup scan]
--a------ 2005-02-16 11:06 218112 C:\Program Files\Hijackthis\HijackThis.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series]
--a------ 2004-03-25 08:30 57344 C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
--a------ 2008-01-22 20:43 67112 C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIE2004]
--a------ 2004-07-06 12:07 44032 C:\Program Files\Winferno\Secure IE\SIEPulse.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2003-12-31 19:39 40960 C:\WINDOWS\vsnpstd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard]
C:\Program Files\SPYWAREfighter\spftray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-06-08 09:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"ZeppelinService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"szserver"=2 (0x2)
"SPYWAREfighterRP"=3 (0x3)
"ose"=3 (0x3)
"OneCareMP"=2 (0x2)
"msfwsvc"=2 (0x2)
"lxbt_device"=3 (0x3)
"gusvc"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b14b9d0-d2a4-11dc-aac3-0050fc0ec1c8}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/...654336997753024
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 05:36:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-14 08:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-04-15 06:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-13 23:00:00 C:\WINDOWS\Tasks\ParetoLogic Registration.job"
- C:\WINDOWS\system32\rundll32.exe@
"2008-04-15 05:33:00 C:\WINDOWS\Tasks\ParetoLogic Update.job"
- C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
"2008-04-15 06:00:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{445A97B6-ADA9-4D21-9B06-E694EC2BFFE4}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 00:56:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-15 1:04:09
ComboFix-quarantined-files.txt 2008-04-15 06:04:03
Pre-Run: 6,600,036,352 bytes free
Post-Run: 8,396,328,960 bytes free
.
2008-03-13 22:57:22 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 1:13:16 AM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webkinz.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ZSIEBhoOne Class - {06A548B7-25F0-416E-88AB-A8F6C4DE325C} - C:\Program Files\1st IEAssistant\ZSIEBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {65F3B6F6-49E0-4016-B5C8-B6BDACC5DD2C} - C:\WINDOWS\system32\fcyaa.dll (file missing)
O2 - BHO: (no name) - {71C439E5-A474-4732-8D3C-9E459DB4EAEA} - C:\WINDOWS\system32\ljhhi.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Hijackthis\HijackThis.exe /startupscan
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinn...chess/chess.cab