ComboFix Log:ComboFix 07-06-13.3
"Toby" - 2007-06-19 13:26:32 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))
2007-06-14 13:04 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-14 03:12 13 C:\DOCUME~1\ALLUSE~1\APPLIC~1\UYAŽ3113>.sys
2007-06-14 03:11 53,248 --a------ C:\WINDOWS\system32\ogg.dll
2007-06-14 03:11 36,864 --a------ C:\WINDOWS\system32\DGRip.dll
2007-06-14 03:11 36,352 --a------ C:\WINDOWS\system32\MP2enc.dll
2007-06-14 03:11 220,160 --a------ C:\WINDOWS\system32\WnASPI32.dll
2007-06-14 03:11 172,032 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-06-14 03:11 1,163,264 --a------ C:\WINDOWS\system32\vorbis.dll
2007-06-14 03:11 1,015,808 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-06-14 03:11 <DIR> d-------- C:\Program Files\CoffeeCup Software
2007-06-14 02:47 <DIR> d-------- C:\Program Files\Web Page Maker V2
2007-06-14 00:16 710 --a------ C:\repair.reg
2007-06-13 23:30 <DIR> d-------- C:\HijackThis
2007-06-13 18:34 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-13 18:34 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-13 18:34 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-13 18:33 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-13 18:32 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-13 18:32 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-13 18:32 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-13 18:31 <DIR> d-------- C:\Program Files\Alwil Software
2007-06-11 11:42 17,409 --a------ C:\WINDOWS\system32\regsrv.exe
2007-06-10 21:57 272,349 --a------ C:\WINDOWS\system32\hta.vbs
2007-06-10 14:03 2,268 --a------ C:\WINDOWS\system32\iwn.dat
2007-06-10 14:03 1,372 --a------ C:\WINDOWS\system32\iw.dat
2007-06-10 14:03 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-06-10 14:02 42,167 --a------ C:\WINDOWS\system32\pkzip.exe
2007-06-10 14:02 272,349 --a------ C:\WINDOWS\system32\Israfel.vbs
2007-06-10 14:02 272,349 --a------ C:\WINDOWS\system32\GEDZAC.vbs
2007-06-10 14:02 272,349 --a------ C:\WINDOWS\system32\File.vbs
2007-06-10 12:24 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-09 14:59 <DIR> d-------- C:\Program Files\Serif
2007-06-09 14:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Serif
2007-06-09 14:54 57,344 --a------ C:\WINDOWS\Unwash6.exe
2007-06-09 14:54 487,936 --a------ C:\WINDOWS\system32\wwSecure.exe
2007-06-09 14:54 <DIR> d-------- C:\Program Files\Webroot
2007-06-09 14:54 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2007-06-09 14:54 <DIR> d-------- C:\DOCUME~1\Toby\APPLIC~1\Webroot
2007-06-09 14:50 <DIR> d-------- C:\Program Files\JAP
2007-06-08 22:25 <DIR> d-------- C:\DOCUME~1\Toby\APPLIC~1\Free Download Manager
2007-06-08 13:52 <DIR> d-------- C:\Program Files\Opera
2007-06-08 13:52 <DIR> d-------- C:\DOCUME~1\Toby\APPLIC~1\Opera
2007-06-08 04:52 <DIR> d-------- C:\Program Files\Spamcc Pro
2007-06-07 18:32 <DIR> d--hs---- C:\DOCUME~1\Toby\Complete
2007-06-06 17:31 69 ---h----- C:\WINDOWS\popcreg.dat
2007-06-06 17:31 21 --a------ C:\WINDOWS\popcinfot.dat
2007-06-06 17:31 <DIR> d-------- C:\Program Files\PopCap Games
2007-06-04 14:33 880,694 --a------ C:\WINDOWS\system32\XaraDocG.dll
2007-06-04 14:33 253,952 --a------ C:\WINDOWS\system32\TemplOp.dll
2007-06-04 14:33 23,552 --a------ C:\WINDOWS\system32\XFontMan.dll
2007-06-04 14:33 139,264 --a------ C:\WINDOWS\system32\BmpImporter.dll
2007-06-04 14:33 126,976 --a------ C:\WINDOWS\system32\TemplMan.dll
2007-06-04 14:33 110,592 --a------ C:\WINDOWS\system32\tsccvid.dll
2007-06-04 14:33 <DIR> d-------- C:\WINDOWS\system32\Xara
2007-06-04 14:33 <DIR> d-------- C:\Program Files\Xara
2007-06-04 14:26 <DIR> d-------- C:\Program Files\JustNavBars
2007-05-30 20:04 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-05-30 20:04 <DIR> d-------- C:\DOCUME~1\Toby\APPLIC~1\MegauploadToolbar
2007-05-29 18:56 <DIR> d-------- C:\Program Files\eMule
2007-05-28 02:14 <DIR> d-------- C:\Program Files\DLDIrc
2007-05-27 04:34 <DIR> d-------- C:\DOCUME~1\Toby\dwhelper
2007-05-27 04:22 55 --a------ C:\WINDOWS\system32\adptrmyhelp.dll
2007-05-27 04:22 <DIR> d-------- C:\Program Files\Dream Flashsee
2007-05-27 02:06 8 --a------ C:\WINDOWS\system32\F73859.bin
2007-05-27 02:05 8 --a------ C:\WINDOWS\system32\e9243f.bin
2007-05-26 14:48 274,456 --a------ C:\WINDOWS\PC Icon Extractor Uninstaller.exe
2007-05-26 14:48 <DIR> d-------- C:\Program Files\PC Icon Extractor
2007-05-25 17:34 <DIR> d-------- C:\DOCUME~1\Toby\APPLIC~1\GetRightToGo
2007-05-25 15:46 <DIR> d-------- C:\Program Files\SourceTec
2007-05-25 15:46 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2007-05-23 22:49 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2007-05-23 22:49 <DIR> d-------- C:\Program Files\Common Files\GeoVid
2007-05-22 18:54 2,318,848 --a------ C:\WINDOWS\system32\kernel1.exe
2007-05-22 17:39 <DIR> d-------- C:\Program Files\ShadyTXT
2007-05-22 17:31 <DIR> d-------- C:\Program Files\TopDesk
2007-05-22 16:01 722,944 --a------ C:\WINDOWS\system32\Sea Storm 3D Screensaver.scr
2007-05-22 16:01 528,384 --a------ C:\WINDOWS\system32\Astro Gemini Screensaver Manager.scr
2007-05-22 16:01 <DIR> d-------- C:\Program Files\Astro Gemini Software
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-14 08:54:47 -------- d-----w C:\Program Files\LimeWire
2007-06-13 17:47:50 -------- d-----w C:\Program Files\Motorola Phone Tools
2007-06-13 17:16:05 -------- d-----w C:\Program Files\Free Download Manager
2007-06-13 16:36:44 -------- d-----w C:\Program Files\Flash MX
2007-06-13 16:36:38 -------- d-----w C:\Program Files\Fireworks MX
2007-06-13 16:36:36 -------- d-----w C:\Program Files\Easy RealMedia Tools
2007-06-13 04:50:31 -------- d-----w C:\Program Files\Dreamweaver MX
2007-06-13 04:34:49 -------- d-----w C:\Program Files\America Online 9.0a
2007-06-13 03:19:37 -------- d-----w C:\Program Files\AC3Filter
2007-06-11 02:56:03 272,349 -c--a-w C:\WINDOWS\system32\pubprn.vbs
2007-06-11 02:24:01 -------- d-----w C:\Program Files\Incomplete
2007-06-10 18:06:08 -------- d-----w C:\Program Files\iTunes
2007-06-09 18:56:45 -------- d-----w C:\Program Files\IrfanView
2007-06-08 23:54:51 226,776 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-06-08 18:22:00 33 -c--a-w C:\WINDOWS\popcinfo.dat
2007-06-04 18:33:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-31 01:32:37 -------- d-----w C:\Program Files\Trillian
2007-05-26 15:56:45 -------- d-----w C:\Program Files\YouTubeSpider
2007-05-25 23:15:14 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-25 23:15:06 -------- d-----w C:\DOCUME~1\Toby\APPLIC~1\AOL
2007-05-24 02:49:15 -------- d-----w C:\DOCUME~1\Toby\APPLIC~1\GeoVid
2007-05-24 02:49:07 -------- d-----w C:\Program Files\GeoVid
2007-05-22 22:28:32 -------- d-----w C:\Program Files\Games
2007-05-22 22:24:59 -------- d-----w C:\Program Files\River Past
2007-05-22 22:24:51 -------- d-----w C:\Program Files\Common Files\River Past
2007-05-22 22:23:58 -------- d-----w C:\Program Files\AutoGK
2007-05-22 22:23:48 -------- d-----w C:\Program Files\MagicISO
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 21:12:11 14,629 -c--a-w C:\WINDOWS\mozver.dat
2007-05-13 22:06:33 -------- d-----w C:\Program Files\Apple Software Update
2007-05-10 02:16:03 -------- d-----w C:\Program Files\TGTSoft
2007-05-02 20:42:01 -------- d-----w C:\Program Files\Common Files\L&H
2007-05-02 20:41:32 -------- d-----w C:\Program Files\Microsoft Works
2007-05-02 01:35:44 -------- d-----w C:\Program Files\Replay Converter
2007-05-02 01:31:26 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-04-29 20:23:46 -------- d-----w C:\Program Files\Alcohol Soft
2007-04-29 17:01:37 -------- d-----w C:\Program Files\MRConverter
2007-04-29 15:37:27 -------- d-----w C:\Program Files\Zortam Mp3 Media Studio
2007-04-29 15:11:38 -------- d-----w C:\Program Files\Create-Ringtone
2007-04-29 14:35:51 -------- d-----w C:\Program Files\Popims
2007-04-29 02:49:59 -------- d-----w C:\Program Files\Alchemy Mindworks
2007-04-29 02:29:40 -------- d-----w C:\Program Files\AVI-GIF
2007-04-29 02:24:56 -------- d-----w C:\Program Files\ApecSoft
2007-04-28 01:09:10 -------- d-----w C:\Program Files\GuiGenie
2007-04-27 22:39:28 -------- d-----w C:\Program Files\AviSynth 2.5
2007-04-27 21:40:20 -------- d-----w C:\Program Files\Common Files\Vbox
2007-04-27 21:35:56 -------- d-----w C:\DOCUME~1\Toby\APPLIC~1\Lavasoft
2007-04-27 21:35:48 -------- d-----w C:\Program Files\Lavasoft
2007-04-27 21:35:18 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-26 01:39:45 -------- d-----w C:\Program Files\VMLaunch
2007-04-26 01:31:22 -------- d-----w C:\Program Files\YAMIKUMO
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-24 23:24:20 -------- d-----w C:\Program Files\Spyware Doctor
2007-04-24 20:53:12 -------- d-----w C:\Program Files\Real
2007-04-24 20:45:01 -------- d-----w C:\Program Files\CinemaForge
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-04-07 00:03:06 168,570 ----a-w C:\WINDOWS\RealMedia Booster Pack Uninstaller.exe
2007-03-31 22:09:52 83 ----a-w C:\WINDOWS\system32\buyurl0501.dat
2007-02-18 04:07:53 152 --sh--r C:\WINDOWS\system32\786754FA22.sys
2005-07-14 19:31:20 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-22 05:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2007-02-20 21:27:45 5,018 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-06-01 04:45]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=C:\WINDOWS\system32\cejxiuhi.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{C333CF63-767F-4831-94AC-E683D962C63C}=C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-09 19:13]
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}=C:\Program Files\Free Download Manager\iefdmcks.dll [2006-08-20 19:55]
{CD292324-974F-4224-D074-CACA427AA030}=C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll [2006-11-17 17:27]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 21:42]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"WheelMouse"="Amoumain.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 02:27]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-31 19:21]
"TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-02-05 16:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-11 09:04]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 06:48]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-01-28 03:55]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 13:27]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 14:31]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2006-12-19 17:53]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2005-04-20 10:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Backup 1^Documents and Settings^Programs^Startup^Vista sidebar.lnk]
path=C:\Backup 1\Documents and Settings\Programs\Startup\Vista sidebar.lnk
backup=C:\WINDOWS\pss\Vista sidebar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway]
C:\Program Files\MediaGateway\MediaGateway.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HostManager"=C:\Program Files\Common Files\AOL\1154284552\ee\AOLSoftware.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d9ed577-e3a1-11db-b76f-00038a000015}]
AutoRun\command- J:\MINYANUST.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f18ac26-755f-11da-97e6-00038a000015}]
AutoRun\command- G:\GETMYPIX.EXE
Contents of the 'Scheduled Tasks' folder
2007-06-08 21:17:01 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-06-10 21:59:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.netRootkit scan 2007-06-19 13:59:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-06-19 14:04:39
C:\ComboFix-quarantined-files.txt ... 2007-06-19 14:04
C:\ComboFix2.txt ... 2007-06-14 13:31
--- E O F ---
Combofix Log of Quaratined Files:CODE
2006-02-09 20:17 210432 --a------ C:\Qoobox\Quarantine\C\Program Files\outlook\outlook.exe.vir
2007-06-07 18:32 202477 --a------ C:\Qoobox\Quarantine\C\Program Files\outlook\p.zip.vir
2007-06-07 20:31 33302 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iiffddd.dll.vir
2007-06-07 20:32 40960 --a------ C:\Qoobox\Quarantine\C\WINDOWS\retadpu1000137.exe.vir
2007-06-07 21:55 263220 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gebca.dll.vir
2007-06-07 21:58 1836459 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\acbeg.bak1.vir
2007-06-13 11:29 6560 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\acbeg.ini.vir
2007-06-13 19:53 6944 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\acbeg.tmp.vir
2007-06-13 21:04 1836151 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\acbeg.bak2.vir
2007-06-13 21:05 124436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jqrtykdn.dll.vir
2007-06-14 13:05 892443 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ndkytrqj.ini.vir
2007-06-14 13:19 13419 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\acbeg.ini2.vir
2007-06-14 13:22 104 --a------ C:\Qoobox\Quarantine\catchme.log
Folder PATH listing for volume Hard Drive
Volume serial number is 2887-5771
C:\QOOBOX
\---Quarantine
| catchme.log
|
+---C
| +---Program Files
| | \---outlook
| | outlook.exe.vir
| | p.zip.vir
| |
| \---WINDOWS
| | retadpu1000137.exe.vir
| |
| \---system32
| acbeg.bak1.vir
| acbeg.bak2.vir
| acbeg.ini.vir
| acbeg.ini2.vir
| acbeg.tmp.vir
| gebca.dll.vir
| iiffddd.dll.vir
| jqrtykdn.dll.vir
| ndkytrqj.ini.vir
|
\---Registry_backups
HiJackThis Log:Logfile of HijackThis v1.99.1
Scan saved at 10:23:36 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TopDesk\topdesk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Common Files\AOL\1154284552\ee\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Easy RealMedia Tools\Easy RealMedia Tools.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Easy RealMedia Tools\Easy RealMedia Tools.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\7-Zip\7-Zip.exe
C:\Program Files\Grisoft\AVG7\setup.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ogame.org/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\cejxiuhi.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &D&ownload &with BitComet - res://F:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://F:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://F:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm (file missing)
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -
http://aolcc.aol.com/computercheckup/qdiagcc.cabO16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) -
http://filelodge.bolt.com/ImageUploader3.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{822DA45A-192C-445B-B5AA-305FE7155B65}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe (file missing)