ComboFix 08-05-15.3 - Chris 2008-05-16 11:38:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.357 [GMT -6:00]
Running from: C:\Documents and Settings\Chris\Desktop\ComboFix.exe
* Created a new restore point[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dvuqsrxy.ini
C:\WINDOWS\system32\JSsYayay.ini
C:\WINDOWS\system32\JSsYayay.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pkjkejta.ini
.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.
2008-05-16 10:47 . 2008-05-16 10:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-16 09:08 . 2008-05-16 09:30 <DIR> d-------- C:\Program Files\SpyNoMore
2008-05-15 23:52 . 2008-05-15 23:52 <DIR> d-------- C:\Program Files\Avira
2008-05-15 23:22 . 2008-05-15 23:22 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-05-15 23:21 . 2008-05-15 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-05-15 23:20 . 2008-05-16 00:06 <DIR> d-------- C:\Program Files\CounterSpy
2008-05-15 21:41 . 2008-05-15 21:42 133,120 --a------ C:\WINDOWS\system32\feqbfrob.dll
2008-05-15 21:40 . 2008-05-15 21:40 0 --a------ C:\WINDOWS\BMc303b894.xml
2008-05-15 10:32 . 2008-05-15 10:59 <DIR> d-------- C:\Program Files\Cucusoft AVI To DVD Pro
2008-05-15 09:37 . 2008-05-15 09:37 370,176 --a------ C:\WINDOWS\system32\yayaYsSJ.dll
2008-05-15 09:32 . 2008-05-15 09:33 <DIR> d-------- C:\Program Files\Cucusoft Ultimate Video Converter
2008-05-15 09:32 . 2006-09-11 04:13 409,600 --a------ C:\WINDOWS\system32\vampd.ax
2008-05-15 09:32 . 2003-03-30 20:08 372,736 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-15 09:32 . 2008-01-25 21:06 364,544 --a------ C:\WINDOWS\system32\cdg.dll
2008-05-15 09:32 . 2006-09-27 17:46 348,160 --a------ C:\WINDOWS\system32\cdga.dll
2008-05-15 09:32 . 2006-07-08 04:07 114,688 --a------ C:\WINDOWS\system32\PropListCtrl.ocx
2008-05-15 09:32 . 2006-07-17 21:42 14,909 --a------ C:\WINDOWS\system32\A_reg.reg
2008-05-09 12:41 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\Synaptics
2008-05-09 12:41 . 2007-12-05 16:11 177,664 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-05-09 12:41 . 2007-12-05 16:12 110,592 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-05-09 12:41 . 2007-12-05 16:12 110,592 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-05-09 12:41 . 2007-12-05 17:10 77,824 --a------ C:\WINDOWS\system32\SynTPCoI.dll
2008-05-09 12:41 . 2007-12-05 16:12 73,728 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-05-09 12:41 . 2007-12-05 16:14 65,536 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2008-05-09 12:13 . 2007-03-21 13:33 1,257,566 -ra------ C:\WINDOWS\system32\dsa.dll
2008-05-09 12:13 . 2007-03-21 13:46 254,023 --a------ C:\WINDOWS\system32\wsfwDS.dll
2008-05-09 12:13 . 2007-03-21 13:46 249,925 --a------ C:\WINDOWS\system32\wsimd.dll
2008-05-09 12:13 . 2007-03-21 13:33 82,017 -ra------ C:\WINDOWS\system32\dsaNac.dll
2008-05-09 12:12 . 2008-05-09 12:12 <DIR> d-------- C:\Program Files\ThinkPad R51
2008-05-09 12:12 . 2007-10-26 01:20 549,184 --a------ C:\WINDOWS\system32\ar5211.sys
2008-05-09 12:12 . 2006-08-07 14:17 118,784 --a------ C:\WINDOWS\system32\ATHCFG10.DLL
2008-05-09 12:12 . 2007-10-26 01:20 100,996 --a------ C:\WINDOWS\system32\net5211.inf
2008-05-09 12:12 . 2007-07-03 18:46 57,344 --a------ C:\WINDOWS\system32\wsimd.sys
2008-05-09 12:12 . 2007-07-03 18:46 57,344 --------- C:\WINDOWS\system32\drivers\wsimd.sys
2008-05-09 12:12 . 2007-10-29 12:47 23,501 --a------ C:\WINDOWS\system32\net5211.cat
2008-05-09 12:12 . 2007-07-28 17:07 12,552 --a------ C:\WINDOWS\system32\wsimdp.cat
2008-05-09 12:12 . 2007-07-28 17:07 12,129 --a------ C:\WINDOWS\system32\wsimd.cat
2008-05-09 12:12 . 2007-07-03 18:46 5,361 --a------ C:\WINDOWS\system32\wsimdp.inf
2008-05-09 12:12 . 2007-07-03 18:46 2,179 --a------ C:\WINDOWS\system32\wsimd.inf
2008-05-09 11:56 . 2008-05-09 11:56 99,264 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-09 09:54 . 2008-05-09 09:57 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-09 09:53 . 2008-05-09 09:54 <DIR> d-------- C:\Program Files\Nero 7.8.5.0 Premium
2008-05-04 18:48 . 2008-05-06 10:24 <DIR> d-------- C:\Program Files\Spybot S&D
2008-05-04 18:48 . 2008-05-06 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-04 17:56 . 2008-05-04 17:56 <DIR> d-------- C:\Program Files\KillBox
2008-05-02 12:14 . 2008-05-02 12:17 <DIR> d-------- C:\Program Files\Kaspersky Antivirus 7
2008-05-01 18:12 . 2008-05-01 18:12 <DIR> d-------- C:\Program Files\ACW
2008-05-01 14:01 . 2008-05-01 14:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-05-01 12:31 . 2008-05-01 12:31 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-01 12:31 . 2008-05-01 12:31 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-01 12:22 . 2008-05-01 12:22 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Sunbelt Software
2008-05-01 11:54 . 2006-08-24 15:56 40,832 --a------ C:\WINDOWS\system32\drivers\apusbsnt.sys
2008-05-01 11:54 . 2005-03-15 11:11 17,920 --a------ C:\WINDOWS\system32\apintfnt.dll
2008-05-01 11:54 . 2006-08-24 15:57 11,776 --a------ C:\WINDOWS\system32\apusbdco.dll
2008-05-01 00:05 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-04-30 22:03 . 2008-04-30 22:17 <DIR> d-------- C:\Program Files\SpyZooka
2008-04-30 21:48 . 2008-04-30 21:50 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Mp3tag
2008-04-30 21:47 . 2008-04-30 21:47 <DIR> d-------- C:\Program Files\Mp3tag
2008-04-30 20:27 . 2008-05-03 08:28 <DIR> d-------- C:\Program Files\Virtual DJ Pro 5
2008-04-30 17:50 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-30 17:49 . 2008-04-30 17:50 <DIR> d-------- C:\Program Files\Java
2008-04-30 17:46 . 2008-04-30 17:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-30 13:49 . 2008-04-30 13:49 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-04-30 13:14 . 2008-04-30 13:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 01:49 . 2008-05-15 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-29 19:26 . 2008-04-29 19:26 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-04-29 19:18 . 2008-05-09 09:43 <DIR> d-------- C:\Program Files\Nero
2008-04-29 19:18 . 2008-05-02 03:31 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-29 19:18 . 2008-05-09 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-29 19:03 . 2008-04-29 19:03 <DIR> d-------- C:\Program Files\MagicISO
2008-04-28 19:29 . 2008-04-28 19:29 <DIR> d-------- C:\Program Files\CCleaner
2008-04-27 22:44 . 2008-04-30 21:02 <DIR> d-------- C:\WINDOWS\RegCure
2008-04-27 22:44 . 2008-04-30 21:02 <DIR> d-------- C:\Program Files\RegCure
2008-04-26 17:18 . 2008-04-26 17:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-24 12:05 . 2008-04-24 12:28 <DIR> d-------- C:\Program Files\QuickTax 2007
2008-04-24 12:05 . 2008-04-24 12:05 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-04-24 12:05 . 2008-04-24 12:05 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-04-24 12:05 . 2008-04-24 12:05 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Intuit Canada
2008-04-24 12:03 . 2008-04-24 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit Canada
2008-04-22 23:13 . 2008-04-22 23:13 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\GTek
2008-04-22 23:13 . 2008-04-22 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2008-04-22 23:13 . 2008-04-22 23:13 5,248 --a------ C:\WINDOWS\system32\OEMINFO.PNF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 20:12 --------- d-----w C:\Program Files\Azureus
2008-05-16 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-16 04:32 --------- d-----w C:\Program Files\XoftSpy SE
2008-05-16 00:12 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-15 16:34 --------- d-----w C:\Documents and Settings\Chris\Application Data\Azureus
2008-05-15 04:21 --------- d-----w C:\Program Files\AnyDVD
2008-05-09 18:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 18:01 --------- d-----w C:\Program Files\ThinkPad
2008-05-05 20:07 --------- d-----w C:\Program Files\Soulseek
2008-05-02 18:38 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd6637.sys
2008-05-01 22:02 --------- d-----w C:\Program Files\Power ISO
2008-04-30 19:17 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-30 19:16 --------- d-----w C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com
2008-04-29 22:34 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-04-25 05:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-15 22:15 --------- d-----w C:\Program Files\Native Instruments
2008-04-15 22:13 --------- d-----w C:\Program Files\Syncrosoft
2008-04-15 21:52 --------- d-----w C:\Program Files\Games
2008-04-14 18:02 --------- d-----w C:\Program Files\DivX
2008-04-09 05:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-06 11:27 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-04-04 04:39 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-03 05:41 3,532 ----a-w C:\drmHeader.bin
2008-04-03 04:18 --------- d-----w C:\Program Files\Windows Live
2008-04-03 04:16 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-03 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-07-23 18:50 39,832 ----a-w C:\Documents and Settings\Chris\Application Data\GDIPFONTCACHEV1.DAT
2007-02-06 00:11 87,608 ----a-w C:\Documents and Settings\Chris\Application Data\ezpinst.exe
2007-02-06 00:11 47,360 ----a-w C:\Documents and Settings\Chris\Application Data\pcouffin.sys
2006-10-10 13:25 14 ----a-w C:\Documents and Settings\Chris\getfile.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14370F76-7676-44A2-AD11-93A31C5FC9FC}]
C:\WINDOWS\system32\ljJARkKA.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA07D05F-5465-41ED-A457-3516E108D6BC}]
2008-05-15 09:37 370176 --a------ C:\WINDOWS\system32\yayaYsSJ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f591201f-dc78-4126-8875-ce6b8b2117cd}]
2008-05-15 21:42 133120 --a------ C:\WINDOWS\system32\feqbfrob.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P2kAutostart"="" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"AnyDVD"="C:\Program Files\AnyDVD\AnyDVDtray.exe" [2008-05-13 12:41 2091968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"TotalRecorderScheduler"="C:\Program Files\Total Recorder Professional 6\TotRecSched.exe" [2006-05-12 02:32 86016]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 16:14 122880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 16:14 524288]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SBCSTray"="C:\Program Files\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 02:50 204800]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 02:38 110592]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-16 01:37 262401]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-06 21:00 344064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
"{14370F76-7676-44A2-AD11-93A31C5FC9FC}"= C:\WINDOWS\system32\ljJARkKA.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJARkKA]
ljJARkKA.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-06-16 23:23 24576 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"VIDC.ZMBV"= zmbv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Games\\Kyodai Mahjongg 2006\\kmj.exe"=
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"C:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:LimeWire UDP
"6881:TCP"= 6881:TCP:Azureus TCP
"6881:UDP"= 6881:UDP:Azureus UDP
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-05-15 23:22]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2005-04-20 02:38]
R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-09-26 11:43]
R2 SwiWiFiComm;SwiWiFiComm;C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe [2007-03-16 15:50]
R3 apusbsnt;Sierra Wireless USB Modem Device Driver;C:\WINDOWS\system32\DRIVERS\apusbsnt.sys [2006-08-24 15:56]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 18:46]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinysxx.sys [2005-01-25 20:36]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;C:\WINDOWS\system32\DRIVERS\atinyvxx.sys [2005-01-25 20:36]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;C:\WINDOWS\system32\DRIVERS\atinyuxx.sys [2005-01-25 20:37]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;C:\WINDOWS\system32\Drivers\ATIUTD.sys [2005-01-25 20:37]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 17:41]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-26 11:43]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-26 11:43]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;C:\WINDOWS\system32\DRIVERS\atinyttx.sys [2005-01-25 20:33]
.
Contents of the 'Scheduled Tasks' folder
"2006-03-11 10:42:52 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
"2008-05-16 17:54:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-16 17:51:33 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-15 09:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2005-06-06 04:59:37 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy 4\XoftSpy.exe
"2008-05-16 17:51:33 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpy SE\XoftSpy.exe
"2008-05-10 10:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpy SE\XoftSpy.exe
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-16 11:58:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 17:58:52
ComboFix2.txt 2008-05-01 00:15:51
Pre-Run: 5,194,858,496 bytes free
Post-Run: 5,618,933,760 bytes free
276 --- E O F --- 2008-05-12 16:11:25
__________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:06 PM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Total Recorder Professional 6\TotRecSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CounterSpy\SBCSTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {14370F76-7676-44A2-AD11-93A31C5FC9FC} - C:\WINDOWS\system32\ljJARkKA.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA07D05F-5465-41ED-A457-3516E108D6BC} - C:\WINDOWS\system32\yayaYsSJ.dll
O2 - BHO: {dc7112b8-b6ec-5788-6214-87cdf102195f} - {f591201f-dc78-4126-8875-ce6b8b2117cd} - C:\WINDOWS\system32\feqbfrob.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\Total Recorder Professional 6\TotRecSched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107394181500
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///D:/components/wmvhdrating.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62EC955C-255C-405C-A396-1967C4580BEB}: NameServer = 204.174.120.45 204.174.120.46
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ljJARkKA - ljJARkKA.dll (file missing)
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\CounterSpy\SBCSSvc.exe
O23 - Service: SwiWiFiComm - Unknown owner - C:\Program Files\Sierra Wireless\AirCard 580\Generic\Components\swiwificomm.exe
--
End of file - 9671 bytes
