Background changed, pop up, task manager disabled, editting registry disabled

Posted 5/19/2008 5:01 AM
#62246
User avatar

Tissues Member

Date Joined Nov 2016
Total Posts: 3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:08 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
c:\mysql\bin\mysqld-nt.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\HJT\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210994531858
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - https://secure2.comned.com/signuptemplates/securelogin-devel.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - c:/mysql/bin/mysqld-nt.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsu!!!!a Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12307 bytes
















ComboFix 08-05-15.3 - Owner 2008-05-18 19:25:51.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\amdfvhve.dll
C:\WINDOWS\system32\arqpvepr.dll
C:\WINDOWS\system32\bacbddqb.dll
C:\WINDOWS\system32\bjlbqetn.dll
C:\WINDOWS\system32\bmkwamjj.ini
C:\WINDOWS\system32\bmqxjmjh.dll
C:\WINDOWS\system32\bupughoo.dll
C:\WINDOWS\system32\ceodqlfd.dll
C:\WINDOWS\system32\dfeyupdu.ini
C:\WINDOWS\system32\dflqdoec.ini
C:\WINDOWS\system32\dkfnajab.dll
C:\WINDOWS\system32\dlyrcqdi.dll
C:\WINDOWS\system32\DMnpAcdd.ini
C:\WINDOWS\system32\DMnpAcdd.ini2
C:\WINDOWS\system32\ebpnwecu.dll
C:\WINDOWS\system32\exmtihoi.ini
C:\WINDOWS\system32\eywvoqbe.dll
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\fMWwwyay.ini
C:\WINDOWS\system32\fMWwwyay.ini2
C:\WINDOWS\system32\fphnimnx.ini
C:\WINDOWS\system32\gaxhidnj.dll
C:\WINDOWS\system32\gblqahgw.dll
C:\WINDOWS\system32\ghhnfklb.dll
C:\WINDOWS\system32\gQYxwyay.ini
C:\WINDOWS\system32\gQYxwyay.ini2
C:\WINDOWS\system32\HikUBcdd.ini
C:\WINDOWS\system32\HikUBcdd.ini2
C:\WINDOWS\system32\hjmjxqmb.ini
C:\WINDOWS\system32\hvdhqgtv.ini
C:\WINDOWS\system32\iftivbdv.ini
C:\WINDOWS\system32\iscgbbqy.dll
C:\WINDOWS\system32\iteikofu.dll
C:\WINDOWS\system32\iuupjcsa.dll
C:\WINDOWS\system32\jmUuCJjl.ini
C:\WINDOWS\system32\jmUuCJjl.ini2
C:\WINDOWS\system32\kdfrukqq.dll
C:\WINDOWS\system32\khhcgdkg.dll
C:\WINDOWS\system32\kqsflnlk.dll
C:\WINDOWS\system32\ktdldxto.dll
C:\WINDOWS\system32\kumvrcdq.dll
C:\WINDOWS\system32\lblwmbcq.dll
C:\WINDOWS\system32\ldapnqox.dll
C:\WINDOWS\system32\ldrrwwwa.dll
C:\WINDOWS\system32\lfxydlnl.dll
C:\WINDOWS\system32\lmdfcpab.dll
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\lymdamwe.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdvxktid.dll
C:\WINDOWS\system32\mnWELkkj.ini
C:\WINDOWS\system32\mnWELkkj.ini2
C:\WINDOWS\system32\mraixvpx.ini
C:\WINDOWS\system32\mrnuymav.ini
C:\WINDOWS\system32\mtrmdqjn.dll
C:\WINDOWS\system32\njqdmrtm.ini
C:\WINDOWS\system32\npfaeuny.dll
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\pptmiihg.ini
C:\WINDOWS\system32\psbioqhf.dll
C:\WINDOWS\system32\qhytenue.ini
C:\WINDOWS\system32\qoidwyyh.dll
C:\WINDOWS\system32\qopnehgk.dll
C:\WINDOWS\system32\qvuwyqdr.dll
C:\WINDOWS\system32\qxqgnecu.ini
C:\WINDOWS\system32\rgqmgwjn.dll
C:\WINDOWS\system32\rictgmlb.dll
C:\WINDOWS\system32\rrskxnxw.ini
C:\WINDOWS\system32\SCIlnnpo.ini
C:\WINDOWS\system32\SCIlnnpo.ini2
C:\WINDOWS\system32\SDNUwyxx.ini
C:\WINDOWS\system32\SDNUwyxx.ini2
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\simmvits.ini
C:\WINDOWS\system32\tapdsecy.dll
C:\WINDOWS\system32\tlmpcxly.ini
C:\WINDOWS\system32\tmwtfhpf.ini
C:\WINDOWS\system32\tnqaoewa.dll
C:\WINDOWS\system32\toiamscc.dll
C:\WINDOWS\system32\ttxidvhq.dll
C:\WINDOWS\system32\tuvWolig.dll
C:\WINDOWS\system32\tvtckmpv.dll
C:\WINDOWS\system32\ucengqxq.dll
C:\WINDOWS\system32\uqbunnco.ini
C:\WINDOWS\system32\usltwkog.ini
C:\WINDOWS\system32\uyggnako.ini
C:\WINDOWS\system32\vhqouvqt.dll
C:\WINDOWS\system32\vspotnsu.dll
C:\WINDOWS\system32\vtUonkhF.dll
C:\WINDOWS\system32\vwcgbvkw.ini
C:\WINDOWS\system32\vwlfeade.dll
C:\WINDOWS\system32\weubbsgv.dll
C:\WINDOWS\system32\yaywwWMf.dll
C:\WINDOWS\system32\yotqmmil.dll
C:\WINDOWS\system32\yskymkwb.ini
C:\WINDOWS\system32\YxEOonmp.ini
C:\WINDOWS\system32\YxEOonmp.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-18 00:38 . 2008-05-18 10:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 00:38 . 2008-05-18 00:38 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-18 00:38 . 2008-05-18 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-16 23:58 . 2008-05-16 23:58 82,992 --a------ C:\WINDOWS\system32\vamyunrm.dll
2008-05-16 22:17 . 2008-05-16 22:17 82,992 --a------ C:\WINDOWS\system32\fphftwmt.dll
2008-05-16 21:22 . 2008-05-16 21:22 82,992 --a------ C:\WINDOWS\system32\stivmmis.dll
2008-05-16 20:45 . 2008-05-16 20:45 <DIR> d-------- C:\Program Files\CCleaner
2008-05-11 20:47 . 2008-05-11 20:47 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-11 20:46 . 2008-05-11 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-11 20:43 . 2008-05-18 00:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 11:23 . 2008-05-18 00:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-11 11:23 . 2008-05-18 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 11:09 . 2008-05-18 19:06 109,803 --a------ C:\WINDOWS\BMe7fb3687.xml
2008-05-11 00:42 . 2008-05-11 00:42 57,546 --a------ C:\WINDOWS\promogif3.gif
2008-05-11 00:42 . 2008-05-11 00:42 24,351 --a------ C:\WINDOWS\promogif1.gif
2008-05-11 00:42 . 2008-05-11 00:42 24,066 --a------ C:\WINDOWS\promogif2.gif
2008-05-11 00:42 . 2008-05-11 00:42 1,294 --a------ C:\WINDOWS\homepage.html
2008-05-11 00:42 . 2008-05-11 00:42 507 --a------ C:\WINDOWS\promo6.html
2008-05-11 00:42 . 2008-05-11 00:42 500 --a------ C:\WINDOWS\promo4.html
2008-05-11 00:42 . 2008-05-11 00:42 478 --a------ C:\WINDOWS\promo5.html
2008-05-11 00:42 . 2008-05-11 00:42 283 --a------ C:\WINDOWS\promo3.html
2008-05-11 00:42 . 2008-05-11 00:42 283 --a------ C:\WINDOWS\promo2.html
2008-05-11 00:42 . 2008-05-11 00:42 283 --a------ C:\WINDOWS\promo1.html
2008-05-11 00:40 . 2008-05-11 00:42 1,906 --a------ C:\WINDOWS\index.html
2008-05-11 00:39 . 2008-05-11 00:39 32,768 --a------ C:\WINDOWS\system32\sockins32.dll
2008-05-09 22:50 . 2008-05-18 17:43 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-26 21:53 . 2008-05-18 17:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-26 21:53 . 2008-04-26 21:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-20 17:51 . 2008-04-22 23:11 7,628 --a------ C:\WINDOWS\Aware40.mch
2008-04-20 15:16 . 2008-04-22 18:26 <DIR> d-------- C:\WINDOWS\A4W_DATA
2008-04-20 15:16 . 2008-04-22 18:26 35 --a------ C:\WINDOWS\A4W.INI
2008-04-20 15:14 . 2008-04-20 15:14 <DIR> d-------- C:\Program Files\SAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 23:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-05-17 02:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-05-11 22:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-11 20:32 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-05-06 05:31 4,128 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-04-12 00:52 --------- d-----w C:\Program Files\iTunes
2008-04-12 00:51 --------- d-----w C:\Program Files\iPod
2008-04-12 00:47 --------- d-----w C:\Program Files\QuickTime
2008-04-08 23:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 04:34 --------- d-----w C:\Program Files\uTorrent
2008-03-22 06:00 --------- d-----w C:\Program Files\Java
2005-06-20 21:31 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49A48403-6BD0-4B36-BBB2-7FF357B560E5}]
C:\WINDOWS\system32\yaywxYQg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8C1400A-9587-4334-8C22-5FD745C71872}]
C:\WINDOWS\system32\ddcApnMD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAC33CED-BBD2-4947-BA0B-36552320BDCE}]
C:\WINDOWS\system32\ddcBUkiH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 13:45 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51 715888]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 13:42 212992]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 14:17 78960]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 09:47 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 09:47 688218]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-24 17:54 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-24 17:54 118784]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 09:00 1116920]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 02:21 217088]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 12:10 221184]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 01:07 102400]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 08:46 172032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 14:02 579584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-12 21:35 219136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-04-24 20:34:27 1742384]
U.S. Bancorp - VPN Client 4.6.03.lnk - C:\Program Files\USBancorp\USBancorp VPN Client\vpngui.exe [2006-02-16 06:19:04 1425424]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Danware Data\\NetOp Remote Control\\GUEST\\Ngstw32.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-01 20:06]
R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2007-08-23 14:59]
R2 PMJ151NM;Panasonic DVC Web Camera;C:\WINDOWS\system32\DRIVERS\PMJ151NM.sys [2002-03-19 11:33]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 ROCKEYNT;Feitian ROCKEY4 Device Service;C:\WINDOWS\system32\DRIVERS\Rockey4.sys [2007-08-23 14:59]
S3 MTDVC;Panasonic DVC USB-SERIAL Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ku1.sys [2002-04-12 10:14]
S3 MTDVC_ENUM;Panasonic DVC COM Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ks1.sys [2002-04-24 12:14]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;C:\WINDOWS\system32\DRIVERS\Rockey4USB.sys [2007-08-23 14:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6016f5a0-a1c9-11db-818e-00038a000015}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{becdf060-5f32-11db-8189-00038a000015}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f38a30c0-6040-11db-818c-00038a000015}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fda62bc0-4395-11dc-81dc-00038a000015}]
\Shell\AutoRun\command - F:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule
.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 21:46:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-22 21:13:41 C:\WINDOWS\Tasks\Registry Repair 5.job"
- C:\Program Files\Migo Software\RegistryRepair5\Registry Repair.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-05-18 19:39:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="c:/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="c:/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PMJ151LA]
"ImagePath"="%SystemRoot%\PMJ151LA.BIN"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-05-18 19:48:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-19 02:48:04

Pre-Run: 39,833,829,376 bytes free
Post-Run: 40,573,345,792 bytes free

298 --- E O F --- 2008-05-14 03:14:20
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, November 28, 2022, 6:34 AM (GMT +1)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
76 Guest(s), 0 Registered Member(s) are currently online.