Tech Support Forum - View Single Post

HoAfCr · 08-06-2007, 11:47 PM

1.) hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:44 PM, on 8/6/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - D:\Program Files\Bodog Poker\BPGame.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1175971104859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1175972679609
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: Google Advanced Search - http://www.google.com/advanced_search?hl=en

--
End of file - 8592 bytes

2.) Kaspersky Online scan...found no malware,etc...

3.) log.txt

ComboFix 07-08-07.5 - "Kevin" 08/06/2007 22:01:43.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.541 [GMT -7:00]
Command switches used :: D:\Program Files\$$$$$$$$$$$$$$$$\DSS LOG\CFScript.txt

FILE::
C:\Winnt\system32\morjysmf.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1704320493.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\250892612.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-140210881.mtz
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-299397824.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-882039367.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1054459834.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1624992797.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1991437604.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\373851225.mts
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\1859761695.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-107933152.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1850579979.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\670487064.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1148673767.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-299397824.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1054459834.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1282749521.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1624992797.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1991437604.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1290601034.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1695846852.mtz
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1859761695.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\407034558.ini
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1850579979.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-21412136.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-744169420.mts
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1070867519.swf
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305001C.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMgr.dll
C:\WINNT\system32\morjysmf.dll

((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))

2007-08-06 22:04 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_6ec.dat
2007-08-06 21:38 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-06 21:29 <DIR> d-------- C:\Deckard
2007-08-06 21:11 <DIR> d-a------ C:\WINNT\system32\ActiveScan
2007-08-06 15:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-05 16:08 <DIR> d-------- C:\Program Files\SopCast
2007-08-05 16:08 <DIR> d-------- C:\DOCUME~1\Kevin\APPLIC~1\SopCast
2007-08-05 12:33 <DIR> d-------- C:\DOCUME~1\Kevin\.housecall6.6
2007-08-05 11:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-26 13:38 <DIR> d-------- C:\DOCUME~1\Kevin\APPLIC~1\Stamps.com Internet Postage
2007-07-26 13:36 <DIR> d-a------ C:\Program Files\Stamps.com Internet Postage
2007-07-19 03:38 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-10 15:00 <DIR> d-------- C:\Program Files\iPod

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

99-12-07 05:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys
07-07-29 20:31 --------- d-------- C:\DOCUME~1\Kevin\APPLIC~1\LimeWire
07-07-26 13:41 --------- d-------- C:\Program Files\MySpace
07-07-26 00:38 --------- d-------- C:\DOCUME~1\Kevin\APPLIC~1\Yahoo!
07-07-10 14:57 --------- d-------- C:\Program Files\Apple Software Update
07-07-05 05:05 --------- d-------- C:\DOCUME~1\Kevin\APPLIC~1\ZoomBrowser EX
07-07-04 21:20 --------- d-------- C:\DOCUME~1\Kevin\APPLIC~1\MySpace
07-07-04 16:44 --------- d--h----- C:\Program Files\InstallShield Installation Information
07-07-04 16:44 --------- d-------- C:\Program Files\Canon
07-07-04 16:35 --------- d-------- C:\Program Files\Common Files\Canon
07-06-22 18:53 109753 --a------ C:\WINNT\hpoins11.dat
07-06-22 18:52 --------- d-------- C:\Program Files\HP
07-06-22 18:52 --------- d-------- C:\Program Files\Hewlett-Packard
07-06-22 18:52 --------- d-------- C:\Program Files\Common Files\Hewlett-Packard
07-06-11 23:32 --------- d-------- C:\Program Files\Common Files\InstallShield
07-06-10 17:57 --------- d-------- C:\Program Files\AIM6
07-06-07 22:32 --------- d-------- C:\DOCUME~1\Kevin\APPLIC~1\Apple Computer
07-06-07 22:31 --------- d-------- C:\Program Files\QuickTime
07-06-07 04:08 2914 --a------ C:\WINNT\mozver.dat
07-05-29 18:19 50176 --a------ C:\WINNT\system32\reg.exe
07-04-07 10:47 271 ---h----- C:\Program Files\desktop.ini
07-04-07 10:47 21952 ---h----- C:\Program Files\folder.htt

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe]
"SoundMan"="SOUNDMAN.EXE" [06-11-17 05:42 C:\WINNT\soundman.exe]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [03-09-29 07:10 ]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [03-09-10 03:11 ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-03-09 01:02 ]
"CTHelper"="CTHELPER.EXE" [06-08-11 14:56 C:\WINNT\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [06-08-11 14:56 C:\WINNT\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [07-03-09 18:53 ]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [07-04-25 08:44 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [01-02-20 13:09 C:\WINNT\system32\CTFMON.EXE]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [06-11-10 12:35 ]
"Aim6"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [07-03-12 13:49 ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [07-03-27 15:22 ]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [05-05-25 12:12 ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R1 StarOpen;StarOpen;C:\WINNT\system32\drivers\StarOpen.sys
R3 ctgame;Game Port;C:\WINNT\system32\DRIVERS\ctgame.sys
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys
S3 hap17v2k;Creative P17V HAL Driver;C:\WINNT\system32\drivers\hap17v2k.sys
S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINNT\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINNT\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINNT\system32\DRIVERS\ssm_mdm.sys
S3 usb_rndisy;USB RNDIS Adapter;C:\WINNT\system32\DRIVERS\usb8023y.sys
S3 XDva004;XDva004;\??\C:\WINNT\system32\XDva004.sys

Contents of the 'Scheduled Tasks' folder
2007-08-01 23:18:01 C:\WINNT\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 22:04:31
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINNT\system32\Perflib_Perfdata_420.dat

scan completed successfully
hidden files: 1

**************************************************************************

Completion time: 2007-08-06 22

54 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-06 22:05
C:\ComboFix2.txt ... 07-08-06 21:45

--- E O F ---

08-06-2007, 11:47 PM	#9 (permalink)
HoAfCr Registered User Join Date: Jun 2006 Posts: 30 OS: XP	Re: HJT help! 1.) hijackthis.log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:43:44 PM, on 8/6/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\system32\HPZipm12.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\SOUNDMAN.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\CTHELPER.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe D:\Program Files\Winamp\winampa.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINNT\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - D:\Program Files\Bodog Poker\BPGame.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1175971104859 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1175972679609 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 1: Google Advanced Search - http://www.google.com/advanced_search?hl=en -- End of file - 8592 bytes 2.) Kaspersky Online scan...found no malware,etc... 3.) log.txt ComboFix 07-08-07.5 - "Kevin" 08/06/2007 22:01:43.2 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.541 [GMT -7:00] Command switches used :: D:\Program Files\$$$$$$$$$$$$$$$$\DSS LOG\CFScript.txt FILE:: C:\Winnt\system32\morjysmf.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1704320493.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\250892612.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-140210881.mtz C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-299397824.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-882039367.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1054459834.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1624992797.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1991437604.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\373851225.mts C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\1859761695.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-107933152.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1850579979.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\670487064.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1148673767.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-299397824.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1054459834.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1282749521.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1624992797.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1991437604.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1290601034.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1695846852.mtz C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1859761695.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\407034558.ini C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1850579979.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-21412136.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-744169420.mts C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1070867519.swf C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini C:\DOCUME~1\Kevin\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx C:\Program Files\Viewpoint C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305001C.dll C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe C:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VMgr.dll C:\WINNT\system32\morjysmf.dll ((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 ))))))))))))))))))))))))))))))) 2007-08-06 22:04 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_6ec.dat 2007-08-06 21:38 51,200 --a------ C:\WINNT\nircmd.exe 2007-08-06 21:29 <DIR> d-------- C:\Deckard 2007-08-06 21:11 <DIR> d-a------ C:\WINNT\system32\ActiveScan 2007-08-06 15:25 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-05 16:08 <DIR> d-------- C:\Program Files\SopCast 2007-08-05 16:08 <DIR> d-------- C:\DOCUME~1\Kevin\APPLIC~1\SopCast 2007-08-05 12:33 <DIR> d-------- C:\DOCUME~1\Kevin\.housecall6.6 2007-08-05 11:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-07-26 13:38 <DIR> d-------- C:\DOCUME~1\Kevin\APPLIC~1\Stamps.com Internet Postage 2007-07-26 13:36 <DIR> d-a------ C:\Program Files\Stamps.com Internet Postage 2007-07-19 03:38 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-07-10 15:00 <DIR> d-------- C:\Program Files\iPod (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 99-12-07 05:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys 07-07-29 20:31 --------- d-------- C:\DOCUME~1\Kevin\APPLIC~1\LimeWire 07-07-26 13:41 --------- d-------- C:\Program Files\MySpace 07-07-26 00:38 --------- d-------- C:\DOCUME~1\Kevin\APPLIC~1\Yahoo! 07-07-10 14:57 --------- d-------- C:\Program Files\Apple Software Update 07-07-05 05:05 --------- d-------- C:\DOCUME~1\Kevin\APPLIC~1\ZoomBrowser EX 07-07-04 21:20 --------- d-------- C:\DOCUME~1\Kevin\APPLIC~1\MySpace 07-07-04 16:44 --------- d--h----- C:\Program Files\InstallShield Installation Information 07-07-04 16:44 --------- d-------- C:\Program Files\Canon 07-07-04 16:35 --------- d-------- C:\Program Files\Common Files\Canon 07-06-22 18:53 109753 --a------ C:\WINNT\hpoins11.dat 07-06-22 18:52 --------- d-------- C:\Program Files\HP 07-06-22 18:52 --------- d-------- C:\Program Files\Hewlett-Packard 07-06-22 18:52 --------- d-------- C:\Program Files\Common Files\Hewlett-Packard 07-06-11 23:32 --------- d-------- C:\Program Files\Common Files\InstallShield 07-06-10 17:57 --------- d-------- C:\Program Files\AIM6 07-06-07 22:32 --------- d-------- C:\DOCUME~1\Kevin\APPLIC~1\Apple Computer 07-06-07 22:31 --------- d-------- C:\Program Files\QuickTime 07-06-07 04:08 2914 --a------ C:\WINNT\mozver.dat 07-05-29 18:19 50176 --a------ C:\WINNT\system32\reg.exe 07-04-07 10:47 271 ---h----- C:\Program Files\desktop.ini 07-04-07 10:47 21952 ---h----- C:\Program Files\folder.htt ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe] "SoundMan"="SOUNDMAN.EXE" [06-11-17 05:42 C:\WINNT\soundman.exe] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [03-09-29 07:10 ] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [03-09-10 03:11 ] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-03-09 01:02 ] "CTHelper"="CTHELPER.EXE" [06-08-11 14:56 C:\WINNT\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [06-08-11 14:56 C:\WINNT\system32\CTXFIHLP.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 ] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [07-03-09 18:53 ] "WinampAgent"="D:\Program Files\Winamp\winampa.exe" [07-04-25 08:44 ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 ] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="ctfmon.exe" [01-02-20 13:09 C:\WINNT\system32\CTFMON.EXE] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [06-11-10 12:35 ] "Aim6"="" [] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [07-03-12 13:49 ] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [07-03-27 15:22 ] "AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [05-05-25 12:12 ] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" R1 StarOpen;StarOpen;C:\WINNT\system32\drivers\StarOpen.sys R3 ctgame;Game Port;C:\WINNT\system32\DRIVERS\ctgame.sys R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys S3 hap17v2k;Creative P17V HAL Driver;C:\WINNT\system32\drivers\hap17v2k.sys S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINNT\system32\DRIVERS\ssm_bus.sys S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINNT\system32\DRIVERS\ssm_mdfl.sys S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINNT\system32\DRIVERS\ssm_mdm.sys S3 usb_rndisy;USB RNDIS Adapter;C:\WINNT\system32\DRIVERS\usb8023y.sys S3 XDva004;XDva004;\??\C:\WINNT\system32\XDva004.sys Contents of the 'Scheduled Tasks' folder 2007-08-01 23:18:01 C:\WINNT\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-06 22:04:31 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... C:\WINNT\system32\Perflib_Perfdata_420.dat scan completed successfully hidden files: 1 ************************************************************************ Completion time: 2007-08-06 2254 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-08-06 22:05 C:\ComboFix2.txt ... 07-08-06 21:45 --- E O F ---