Thread: "Attention [name]! Dangerous viruses detected in your system"
View Single Post
Old 11-10-2008, 06:52 PM   #5 (permalink)
phreak214
Registered User
 
Join Date: Jun 2008
Posts: 16
OS: windowsXP pro


Re: "Attention [name]! Dangerous viruses detected in your system"
ComboFix 08-11-09.04 - Andrew 2008-11-10 20:36:35.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.414 [GMT -5:00]
Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andrew\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\windows\system32\jofcsd.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\k.txt
c:\windows\system32\jofcsd.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-07 11:17 . 2008-11-10 17:53 250 --a------ c:\windows\gmer.ini
2008-11-07 11:15 . 2008-11-07 11:16 <DIR> d-------- C:\rsit
2008-11-07 11:15 . 2008-11-10 17:57 <DIR> d-------- c:\program files\trend micro
2008-11-07 02:13 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-11-07 02:13 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-11-07 02:12 . 2008-11-07 02:13 <DIR> d-------- c:\program files\Ahead
2008-11-05 23:49 . 2008-11-05 23:49 <DIR> d-------- c:\program files\AzSDK
2008-11-05 23:17 . 2008-11-05 23:17 <DIR> d-------- c:\program files\JezSoft
2008-11-05 23:08 . 2008-11-05 23:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\iTunesFolderWatch
2008-11-05 22:05 . 2008-11-05 22:05 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-05 22:05 . 2008-11-05 22:05 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-05 22:05 . 2008-11-05 22:05 <DIR> d-------- c:\program files\MSBuild
2008-11-05 22:03 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-11-05 22:03 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-11-05 22:03 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-11-05 22:03 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-11-05 22:03 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-11-05 22:03 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-11-05 22:03 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-10-27 18:58 . 2008-10-27 18:58 <DIR> dr------- c:\documents and settings\Andrew\Application Data\Brother
2008-10-27 18:41 . 2008-10-27 19:00 462 --a------ c:\windows\BRWMARK.INI
2008-10-27 18:41 . 2008-10-27 18:41 27 --a------ c:\windows\BRPP2KA.INI
2008-10-27 18:36 . 2008-10-27 18:36 212 --a------ c:\windows\Brpfx04a.ini
2008-10-27 18:36 . 2008-10-27 18:36 93 --a------ c:\windows\brpcfx.ini
2008-10-27 18:36 . 2008-10-27 18:36 50 --a------ c:\windows\system32\bridf06a.dat
2008-10-27 18:34 . 2006-02-24 17:27 1,492,480 --a------ c:\windows\system32\BrWia06a.dll
2008-10-27 18:34 . 2006-02-16 18:49 52,736 --a------ c:\windows\system32\brinsstr.dll
2008-10-27 18:34 . 2005-12-13 10:53 38,912 --a------ c:\windows\system32\BrUsi06a.dll
2008-10-27 18:34 . 2004-10-15 12:50 15,295 --a------ c:\windows\system32\drivers\BrScnUsb.sys
2008-10-27 18:33 . 2004-12-03 01:26 188,416 --a------ c:\windows\system32\PDRVINST.DLL
2008-10-27 18:33 . 2005-06-02 01:09 86,016 --a------ c:\windows\system32\BrWebIns.dll
2008-10-27 18:33 . 2005-06-02 01:08 69,632 --a------ c:\windows\system32\BRWEBUP.EXE
2008-10-27 18:32 . 2008-10-27 18:35 <DIR> d-------- c:\program files\Brother
2008-10-27 18:32 . 2004-12-10 16:35 147,456 --a------ c:\windows\brunin03.dll
2008-10-27 18:32 . 2006-01-17 01:03 126,976 --a------ c:\windows\system32\BrfxD05a.dll
2008-10-27 18:32 . 2001-11-15 01:00 6,224 --a------ c:\windows\CVRPAGE.BMP
2008-10-27 18:32 . 2003-11-28 18:57 0 --a------ c:\windows\brdfxspd.dat
2008-10-27 18:29 . 2008-10-27 18:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-10-27 18:29 . 2003-09-24 11:36 27,019 --a------ c:\windows\maxlink.ini
2008-10-27 18:28 . 2008-10-27 18:28 <DIR> d-------- c:\program files\ScanSoft
2008-10-27 18:28 . 2008-10-27 18:28 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2008-10-27 18:28 . 2008-10-27 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ScanSoft
2008-10-27 18:26 . 2008-10-27 18:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Brother
2008-10-25 17:42 . 2008-10-25 17:46 <DIR> d-------- c:\program files\Nero 9
2008-10-25 15:02 . 2008-10-25 15:31 <DIR> d-------- c:\documents and settings\Andrew\Application Data\Nero
2008-10-25 13:38 . 2008-10-25 17:12 39 --a------ c:\windows\Irremote.ini
2008-10-25 13:15 . 2008-10-25 17:37 <DIR> d-------- c:\program files\Common Files\Nero
2008-10-25 13:15 . 2008-10-25 17:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-10-25 01:47 . 1998-02-09 02:00 1,455,736 --a------ c:\windows\system\VCL35.BPL
2008-10-25 01:47 . 1998-02-08 18:00 996,872 --a------ c:\windows\system\CP3240MT.DLL
2008-10-25 01:47 . 1998-05-18 09:52 458,752 --a------ c:\windows\system\COMCTL32.DLL
2008-10-25 01:47 . 1998-02-09 02:00 245,912 --a------ c:\windows\system\VCLX35.BPL
2008-10-25 01:47 . 1998-02-09 02:00 187,392 --a------ c:\windows\system\BCBSMP35.BPL
2008-10-25 01:47 . 1998-02-08 18:00 29,952 --a------ c:\windows\system\BORLNDMM.DLL
2008-10-25 01:45 . 2008-10-25 01:45 <DIR> d-------- c:\program files\ASUS
2008-10-25 01:45 . 1996-11-05 15:13 299,008 --a------ c:\windows\uninst.exe
2008-10-25 01:45 . 1997-04-22 09:16 6,272 --a------ c:\windows\system32\drivers\ASLM75.SYS
2008-10-15 21:21 . 2008-10-15 21:21 30,527 ---h----- c:\windows\system32\midwrap3402.deu
2008-10-15 21:16 . 2008-10-15 21:16 <DIR> d-------- c:\documents and settings\Andrew\Application Data\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 01:41 --------- d-----w c:\documents and settings\Andrew\Application Data\uTorrent
2008-11-10 23:20 --------- d-----w c:\program files\Warcraft III
2008-11-08 08:31 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-08 05:37 21,099,040 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-08 05:07 454,176 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-07 07:12 --------- d-----w c:\program files\Common Files\Ahead
2008-11-06 05:05 --------- d-----w c:\program files\DC++
2008-11-06 02:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-05 04:03 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-04 21:28 --------- d-----w c:\program files\uTorrent
2008-10-31 07:05 37,964 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-10-31 07:05 245,660 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-10-27 23:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 23:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-25 22:13 --------- d-----w c:\program files\Nero
2008-10-04 15:07 --------- d-----w c:\program files\iTunes
2008-10-04 15:07 --------- d-----w c:\program files\iPod
2008-10-04 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-02 04:01 --------- d-----w c:\program files\TVUPlayer
2008-09-25 22:59 --------- d-----w c:\documents and settings\Andrew\Application Data\GetRight Pro
2008-09-21 10:15 --------- d-----w c:\program files\EA SPORTS
2008-09-20 19:45 --------- d-----w c:\program files\Electronic Arts
2008-09-18 15:48 --------- d-----w c:\documents and settings\Andrew\Application Data\Skype
2008-09-17 22:49 --------- d-----w c:\documents and settings\Andrew\Application Data\TVU Networks
2008-09-17 22:49 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2008-09-17 22:24 --------- d-----w c:\program files\StationRipper
2008-09-17 01:19 --------- d-----w c:\documents and settings\Andrew\Application Data\skypePM
2008-09-12 18:12 --------- d-----w c:\program files\QuickTime
2008-09-12 18:07 --------- d-----w c:\program files\Common Files\Apple
2000-01-01 00:00 23 --sh--r c:\windows\mtlid64s2.dat
.

------- Sigcheck -------

2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtServicePackUninstall$\tcpip.sys
2007-11-30 17:18 361344 19ebda988da80f133dc9e28a50f606e8 c:\windows\ServicePackFiles\i386\TCPIP.SYS
2008-08-26 15:30 361344 da97330c797c542669416c4d2d11283f c:\windows\system32\dllcache\TCPIP.SYS
2008-08-26 15:30 361344 da97330c797c542669416c4d2d11283f c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot_2008-11-10_17.41.32.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 18:00:50 29,926 ----a-r c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-11-10 23:10:08 29,926 ----a-r c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-11-30 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-05-19 20480]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-06-27 5724184]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2008-05-30 1195051]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 335872]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CTHelper"="CTHELPER.EXE" [2003-10-06 c:\windows\system32\CTHELPER.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2007-11-30 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [5/19/2008 3:29:31 PM 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [5/19/2008 3:27:18 PM 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-06-16 22:22 229376 c:\program files\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 PfDetNT;PfDetNT;c:\windows\System32\drivers\PfModNT.sys [2003-03-05 15840]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]
.
Contents of the 'Scheduled Tasks' folder

2008-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 20:44:16
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-11-10 20:48:35
ComboFix-quarantined-files.txt 2008-11-11 01:48:27
ComboFix2.txt 2008-11-10 22:43:07
ComboFix3.txt 2008-06-22 02:52:12

Pre-Run: 4,604,170,240 bytes free
Post-Run: 4,584,984,576 bytes free

202




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50, on 10/11/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
c:\program files\itunes\itunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Andrew\Desktop\Apps\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1211173395514
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1211173378952
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7199 bytes
Attached Files
File Type: txt ComboFix.txt (14.0 KB, 2 views)
File Type: txt VirusTotal.txt (7.5 KB, 1 views)
Last edited by chemist; 11-10-2008 at 07:01 PM.
phreak214 is offline