ComboFix 07-12-24.7 - John 2007-12-23 15:08:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.121 [GMT -8:00]
Running from: C:\Documents and Settings\John\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\John\Application Data\install.dat
C:\Documents and Settings\John\Application Data\Sskuknwrd.dll
C:\Documents and Settings\John\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\John\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\John\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack11 .exe
C:\Program Files\QdrPack\QdrPack11.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\libbz2.dll
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini2
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cbxyawx.dll
C:\WINDOWS\system32\ezSP_Px .exe
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\vVX3000.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.
2007-12-23 11:37 . 2007-12-23 11:37 707,376 --a------ C:\WINDOWS\vVX3000 .exe
2007-12-23 11:37 . 2007-12-23 11:37 344,064 --a------ C:\WINDOWS\system32\RCX4B.tmp
2007-12-23 11:37 . 2007-12-23 11:37 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-23 11:36 . 2007-12-23 11:36 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-22 12:44 . 2007-12-24 15:09 344,064 --a------ C:\WINDOWS\system32\gebca.exe
2007-12-22 10:45 . 2007-12-23 11:37 385,024 --a------ C:\WINDOWS\mrofinu72.exe.tmp
2007-12-20 14:51 . 2007-12-20 14:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-20 14:51 . 2007-12-20 14:51 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-10 16:21 . 2007-12-20 18:03 <DIR> d-------- C:\Documents and Settings\John\Application Data\ZoomBrowser EX
2007-12-10 16:08 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-10 16:08 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-10 15:49 . 2007-12-20 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-12-09 15:31 . 2007-12-09 15:31 <DIR> d-------- C:\Documents and Settings\John\Application Data\FrimaStudio
2007-12-09 15:29 . 2007-12-10 15:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-24 17:55 . 2007-11-24 17:55 244 --ah----- C:\sqmnoopt09.sqm
2007-11-24 17:55 . 2007-11-24 17:55 232 --ah----- C:\sqmdata09.sqm
2007-11-24 17:53 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-11-24 17:53 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-11-24 17:53 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-11-24 17:53 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-11-24 17:53 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-11-24 17:53 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-11-24 17:53 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-11-24 17:53 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 23:16 --------- d-----w C:\Program Files\QuickTime
2007-12-24 23:16 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-12-24 23:16 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-12-10 23:50 --------- d-----w C:\Program Files\Canon
2007-11-22 21:14 --------- d-----w C:\Documents and Settings\John\Application Data\Image Zone Express
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-02-16 19:47 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-24 15:08]
"QdrModule11"="C:\Program Files\QdrModule\QdrModule11.exe" []
"QdrPack11"="C:\Program Files\QdrPack\QdrPack11.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SnoopFreeUI"="SnoopFreeUI.exe" [2006-09-30 18:36 C:\WINDOWS\SnoopFreeUI.exe]
"HTpatch"="C:\WINDOWS\htpatch.exe" []
"SiS Tray"="" []
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2002-10-18 11:07 C:\WINDOWS\AGRSMMSG.exe]
"CTHelper"="CTHELPER.EXE" [2002-11-08 10:46 C:\WINDOWS\system32\cthelper.exe]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" []
"vptray"="D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe" [2003-05-21 00:21]
"iTunesHelper"="D:\apple\iTunesHelper.exe" [2005-12-20 20:54]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2002-02-28 16:45 C:\WINDOWS\mididef.exe]
"@"="C:\WINDOWS\SYSTEM\Rename.exe" [2002-05-16 12:17]
C:\Documents and Settings\John\Start Menu\Programs\Startup\
PowerReg SchedulerV2 .exe [2007-12-24 15:33:28]
PowerReg SchedulerV2 .exe [2007-12-24 15:08:33]
PowerReg SchedulerV2.exe [2007-12-24 15:08:33]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
America Online 8.0 Tray Icon.lnk - D:\America Online 8.0a\aoltray.exe [2003-10-17 09:45:16]
Forget Me Not.lnk - D:\Broderbund\AG CreataCard\AGRemind.exe [2004-01-26 13:10:23]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-07-23 08:26:34]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-09-19 09:36:08]
VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [2002-12-05 14:44:22]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-03-14 16:38:28]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\\WINDOWS\\system32\\gebca
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2004-01-27 18:34]
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys [2004-01-27 18:29]
R3 soma;SOMA Service;C:\WINDOWS\system32\DRIVERS\soma.sys [2002-11-27 14:36]
R3 SONYWBMS;Sony Memory Stick controller(WB);C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS [2002-11-19 00:12]
R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device;C:\WINDOWS\system32\drivers\yacxgc.sys [2002-09-19 19:19]
S3 ddxgb;ddxgb;C:\DOCUME~1\John\LOCALS~1\Temp\ddxgb.sys []
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys []
S3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys [2006-06-29 15:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d0832c8-6801-11d9-8c58-00038a000015}]
\Shell\AutoRun\command - H:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2003-06-17 20:35:55 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2003-06-17 20:35:55 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2003-06-17 20:35:55 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2005-06-18 18:07:18 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-12-24 15:34:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\SnoopFreeDll.dll
.
Completion time: 2007-12-24 15:37:41 - machine was rebooted
.
2007-12-23 00:01:39 --- E O F ---