Thread: Hijack This Log
View Single Post
Old 08-13-2008, 12:35 PM   #4 (permalink)
jt9435
Registered User
 
Join Date: Jul 2008
Posts: 23
OS: XP


Re: Hijack This Log
Ok Ried here are the reports that you asked for.

Combo Fix:

ComboFix 08-08-12.01 - Josh and Angie 2008-08-13 14:11:55.1 - NTFSx86
Running from: C:\Documents and Settings\Josh and Angie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Josh and Angie\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Josh and Angie\Application Data\macromedia\Flash Player\#SharedObjects\RP2W6VQN\interclick.com
C:\Documents and Settings\Josh and Angie\Application Data\macromedia\Flash Player\#SharedObjects\RP2W6VQN\interclick.com\ud.sol
C:\Documents and Settings\Josh and Angie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Josh and Angie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Josh and Angie\services.exe
C:\WINDOWS\BMc3c7117e.txt
C:\WINDOWS\BMc3c7117e.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\pskt.ini
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\AacKmnmp.ini
C:\WINDOWS\SYSTEM32\AacKmnmp.ini2
C:\WINDOWS\SYSTEM32\AHiSvyay.ini
C:\WINDOWS\SYSTEM32\AHiSvyay.ini2
C:\WINDOWS\SYSTEM32\brvacekd.ini
C:\WINDOWS\SYSTEM32\CbJmWvut.ini
C:\WINDOWS\SYSTEM32\CbJmWvut.ini2
C:\WINDOWS\SYSTEM32\cfMpYcfe.ini
C:\WINDOWS\SYSTEM32\cfMpYcfe.ini2
C:\WINDOWS\system32\cohdbytf.ini
C:\WINDOWS\SYSTEM32\dMlUuBeg.ini
C:\WINDOWS\SYSTEM32\dMlUuBeg.ini2
C:\WINDOWS\SYSTEM32\eawrnasd.ini
C:\WINDOWS\system32\fgqlnseq.ini
C:\WINDOWS\system32\fqskvxar.ini
C:\WINDOWS\system32\fvjkdk.dll
C:\WINDOWS\system32\gdeanxhl.ini
C:\WINDOWS\SYSTEM32\GQrBKRqr.ini
C:\WINDOWS\SYSTEM32\GQrBKRqr.ini2
C:\WINDOWS\system32\gyljlrtg.dll
C:\WINDOWS\system32\hyrgqojk.dll
C:\WINDOWS\SYSTEM32\iOpYacdd.ini
C:\WINDOWS\SYSTEM32\iOpYacdd.ini2
C:\WINDOWS\system32\ityfpfno.dll
C:\WINDOWS\system32\jkblowmo.dll
C:\WINDOWS\system32\jsxspfpl.dll
C:\WINDOWS\SYSTEM32\knmtkiiy.ini
C:\WINDOWS\system32\KQYIOqru.ini
C:\WINDOWS\SYSTEM32\KQYIOqru.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ntqjsgpg.ini
C:\WINDOWS\system32\otkkqcmx.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\pnfqeluv.ini
C:\WINDOWS\system32\psflumxe.ini
C:\WINDOWS\system32\qfvcfxdb.ini
C:\WINDOWS\system32\qihgbqii.ini
C:\WINDOWS\system32\qkmqdcvx.ini
C:\WINDOWS\system32\qwnrhbnn.ini
C:\WINDOWS\system32\qxxximlr.ini
C:\WINDOWS\system32\qynvnc.dll
C:\WINDOWS\system32\rljmthxc.dll
C:\WINDOWS\system32\rrtgvdys.dll
C:\WINDOWS\SYSTEM32\sgmbuwcp.ini
C:\WINDOWS\system32\skuyiedc.ini
C:\WINDOWS\SYSTEM32\sydvgtrr.ini
C:\WINDOWS\system32\tdhxdkgv.ini
C:\WINDOWS\system32\tfrpqmud.ini
C:\WINDOWS\system32\tguirfbb.ini
C:\WINDOWS\system32\uaxmkbla.ini
C:\WINDOWS\system32\ubluxxgi.ini
C:\WINDOWS\system32\uigadyir.ini
C:\WINDOWS\SYSTEM32\ujoaqiif.ini
C:\WINDOWS\SYSTEM32\UxHOYcfe.ini
C:\WINDOWS\SYSTEM32\UxHOYcfe.ini2
C:\WINDOWS\system32\vhysrrid.ini
C:\WINDOWS\system32\wkxuayee.ini
C:\WINDOWS\system32\wxjwwpsy.dll
C:\WINDOWS\system32\xbmrnukc.ini
C:\WINDOWS\system32\xrkwetmm.ini
C:\WINDOWS\system32\xtwusyct.ini
C:\WINDOWS\system32\xxgxcuua.ini
C:\WINDOWS\system32\ycadjcwi.ini
C:\WINDOWS\system32\yomnpkbw.ini
C:\WINDOWS\system32\ztzhzr.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-11 21:02 . 2008-08-12 19:53 <DIR> d----c--- C:\BSTONE
2008-08-09 20:32 . 2008-08-09 20:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-09 20:29 . 2008-08-09 20:29 <DIR> d----c--- C:\Deckard
2008-08-09 20:20 . 2008-08-09 20:20 <DIR> d----c--- C:\ie-spyad_zo
2008-08-09 20:13 . 2008-08-09 20:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 18:43 . 2008-08-09 18:43 <DIR> d-------- C:\Program Files\Panda Security
2008-08-09 14:32 . 2008-08-09 18:25 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-08-09 14:26 . 2008-08-09 14:26 <DIR> d-------- C:\Program Files\RegSweep
2008-08-09 14:26 . 2008-08-09 14:27 <DIR> d-------- C:\Documents and Settings\Josh and Angie\Application Data\RegSweep
2008-08-09 14:24 . 2008-04-23 00:16 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-08-09 14:24 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-08-09 14:24 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-08-09 14:24 . 2008-04-23 00:16 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-08-09 14:24 . 2008-04-23 00:16 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-08-09 14:24 . 2008-04-23 00:16 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-08-09 14:24 . 2008-04-23 00:16 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-08-09 14:24 . 2008-04-23 00:16 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-08-09 14:24 . 2008-04-22 03:39 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-05 16:11 . 2008-08-05 16:11 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-05 16:11 . 2008-08-05 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-05 16:05 . 2008-08-05 16:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-04 18:53 . 2008-08-04 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-04 17:46 . 2008-08-04 17:49 <DIR> d-------- C:\Program Files\BySoft FreeRAM
2008-08-01 11:38 . 2008-08-01 11:37 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-08-01 11:36 . 2008-08-01 11:40 <DIR> d-------- C:\Documents and Settings\Josh and Angie\.housecall6.6
2008-07-29 15:07 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys
2008-07-28 16:59 . 2008-07-28 16:59 <DIR> d-------- C:\Program Files\Abexo
2008-07-26 20:08 . 2008-07-26 20:08 <DIR> d-------- C:\Documents and Settings\Josh and Angie\Application Data\CyberLink
2008-07-26 18:06 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\SYSTEM32\D3DX9_38.dll
2008-07-26 18:06 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\SYSTEM32\D3DCompiler_38.dll
2008-07-26 18:06 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\SYSTEM32\XAudio2_1.dll
2008-07-26 18:06 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\SYSTEM32\d3dx10_38.dll
2008-07-26 18:06 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\SYSTEM32\xactengine3_1.dll
2008-07-26 18:06 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\SYSTEM32\XAPOFX1_0.dll
2008-07-26 18:06 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\SYSTEM32\X3DAudio1_4.dll
2008-07-26 18:05 . 2008-07-26 18:05 <DIR> d-------- C:\WINDOWS\Logs
2008-07-26 17:59 . 2008-07-27 13:37 <DIR> d-------- C:\Program Files\Conduit
2008-07-26 16:33 . 2008-08-12 22:28 24 --a------ C:\Documents and Settings\Josh and Angie\jagex_runescape_preferences.dat
2008-07-26 16:32 . 2008-08-08 21:22 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-07-26 16:23 . 2008-07-27 13:20 <DIR> d-------- C:\Documents and Settings\Josh and Angie\Application Data\DMCache
2008-07-26 15:39 . 2008-07-26 15:39 <DIR> d-------- C:\WINDOWS\SYSTEM32\kBin02
2008-07-26 15:39 . 2008-07-26 15:39 77 --a------ C:\Documents and Settings\Josh and Angie\6752.bat
2008-07-26 15:24 . 2008-08-04 18:00 <DIR> d-------- C:\Documents and Settings\Josh and Angie\Application Data\LimeWire
2008-07-26 15:18 . 2008-07-26 15:18 108,336 --ahs---- C:\WINDOWS\SYSTEM32\MSWINSCK.OCX
2008-07-19 22:53 . 2008-07-19 22:53 <DIR> d-------- C:\Program Files\AVG
2008-07-19 19:33 . 2008-08-04 16:41 <DIR> d-------- C:\VundoFix Backups
2008-07-19 16:36 . 2008-07-19 16:42 <DIR> d-------- C:\Temp\ListDLLs
2008-07-19 16:36 . 2008-07-27 13:28 <DIR> d-------- C:\Temp
2008-07-19 13:09 . 2008-07-29 15:06 <DIR> d-------- C:\Program Files\Advanced Spyware Remover
2008-07-18 13:40 . 2008-07-18 13:40 7,499,056 --a--c--- C:\Firefox Setup 3.0.1.exe
2008-07-17 09:37 . 2005-04-02 11:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-17 09:37 . 2005-04-02 11:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-07-17 09:37 . 2008-08-04 18:53 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-17 09:08 . 2008-07-17 09:08 60,582,204 --a--c--- C:\SYM_REGISTRY_BACKUP.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-04 22:00 --------- d-----w C:\Documents and Settings\Josh and Angie\Application Data\FrostWire
2008-07-27 01:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-20 02:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-20 02:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-11 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-11 23:01 --------- d-----w C:\Program Files\twc
2008-07-11 22:24 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-07-11 22:23 --------- d-----w C:\Program Files\HERACTSTG
2008-07-10 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\GoBit Games
2008-07-09 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-07-08 01:15 1,788,250 --sha-w C:\WINDOWS\SYSTEM32\lhsbtcot.tmp
2008-07-07 19:34 --------- d-----w C:\Documents and Settings\Josh and Angie\Application Data\Move Networks
2008-07-05 16:32 --------- d-----w C:\Documents and Settings\Josh and Angie\Application Data\WeatherBug
2008-07-04 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-07-04 20:52 --------- d-----w C:\Documents and Settings\Josh and Angie\Application Data\Symantec
2008-06-30 02:13 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-27 01:22 --------- d-----w C:\Documents and Settings\Josh and Angie\Application Data\Ludia
2008-06-26 15:19 --------- d-----w C:\Documents and Settings\Josh and Angie\Application Data\PlayFirst
2008-06-26 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-23 14:51 --------- d-----w C:\Documents and Settings\Josh and Angie\Application Data\ViquaSoft
2008-06-23 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-21 18:50 147,456 ----a-w C:\WINDOWS\SYSTEM32\vbzip10.dll
2008-06-21 00:55 --------- d-----w C:\Documents and Settings\Josh and Angie\Application Data\funkitron
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-20 01:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ludia
2008-06-15 22:13 --------- d-----w C:\Program Files\Communities.com
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"BySoft FreeRAM"="C:\Program Files\BySoft FreeRAM\FreeRAM.exe" [2007-09-28 08:32 318976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42 1404928]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-02 11:32 98304]
"RegSweep"="C:\Program Files\RegSweep\RegSweep.exe" [2008-08-08 14:07 6751480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 07:00 53760 C:\WINDOWS\SYSTEM32\NARRATOR.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-04-02 11:18:45 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qynvnc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 09:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-27 03:02 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-10-12 18:54 57344 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\medicsp2]
--a------ 2007-03-07 11:53 198184 C:\Program Files\twc\medicsp2\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-04-02 11:32 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-11-29 14:51 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 11:54]
.
Contents of the 'Scheduled Tasks' folder

2005-04-10 C:\WINDOWS\Tasks\ISP signup reminder 1.job
- C:\WINDOWS\system32\OOBE\OOBEBALN.EXE [2004-08-04 07:00]

2008-08-12 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JTSPC-Josh Thompson).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2008-08-13 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job
- C:\Program Files\RegSweep\RegSweep.exe [2008-08-08 14:07]

2008-08-13 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job
- C:\Program Files\RegSweep [2008-08-09 14:26]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BMc3c7117e - C:\WINDOWS\system32\jkblowmo.dll
Notify-fccCTklJ - fccCTklJ.dll
Notify-ssqPiFvs - ssqPiFvs.dll
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Josh and Angie\Application Data\Mozilla\Firefox\Profiles\hx2mhba8.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 14:20:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\JOSHAN~1\LOCALS~1\Temp\tzk7.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\FXSSVC.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2008-08-13 14:30:11 - machine was rebooted [Josh and Angie]
ComboFix-quarantined-files.txt 2008-08-13 18:30:05

Pre-Run: 24,229,486,592 bytes free
Post-Run: 24,312,807,424 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

303 --- E O F --- 2008-08-10 07:02:23

And the Hijack This Log too:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:33 PM, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\RegSweep\RegSweep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onlineregister.com/bvg/?B...49&TMRT=LD0044
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegSweep] C:\Program Files\RegSweep\RegSweep.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: qynvnc.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

--
End of file - 5588 bytes


Thanks Again
jt9435 is offline