Author Topic: My Log from ComboFix continuation (Read 115716 times)

haydee · « **on:** June 10, 2007, 09:54:35 PM »

I'm sorry, I have even lost track of what I was doing.
Too many interruptions has trouble my mind.
I hope this is what I was suppose to do.
Here I go again.

WinPFind3

WinPFind3 logfile created on: 6/10/2007 12:17:12 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Rosa Alonso.COQUI\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

223.48 Mb Total Physical Memory | 56.53 Mb Available Physical Memory | 25.30% Memory free
544.99 Mb Paging File | 163.84 Mb Available in Paging File | 30.06% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.27 Gb Total Space | 20.79 Gb Free Space | 76.24% Space Free
Drive D: | 9.99 Gb Total Space | 7.56 Gb Free Space | 75.73% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: COQUI
Current User Name: Rosa Alonso
Logged in as Administrator.
Current Boot Mode: Normal

haydee · « **Reply #1 on:** June 10, 2007, 09:56:18 PM »

[Processes - Non-Microsoft Only]
acrord32.exe -> %SystemDrive%\Acrobat3\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 3.0.000 | Size = 2318848 bytes | Modified Date = 6/16/1997 12:59:14 PM | Attr = ]
aexplore.exe -> %CommonProgramFiles%\AOL\1152373256\ee\aexplore.exe -> America Online, Inc. [Ver = 1.4.16.2 | Size = 75344 bytes | Modified Date = 4/27/2006 2:13:32 PM | Attr = ]
aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe -> America Online, Inc. [Ver = 9.2.0.1 | Size = 11352 bytes | Modified Date = 7/11/2005 4:35:18 PM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1152373256\ee\aolsoftware.exe -> America Online, Inc. [Ver = 1.4.16.3 | Size = 50792 bytes | Modified Date = 4/20/2006 12:10:14 PM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 1/15/2007 12:28:58 PM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 1/15/2007 12:28:32 PM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 1/15/2007 12:28:52 PM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 1/15/2007 12:27:52 PM | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 1/15/2007 12:18:24 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.37 | Size = 307200 bytes | Modified Date = 2/26/2004 8:55:20 AM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.37 | Size = 174592 bytes | Modified Date = 2/26/2004 8:55:50 AM | Attr = ]

haydee · « **Reply #2 on:** June 10, 2007, 09:57:15 PM »

qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 6/21/2004 11:50:30 AM | Attr = ]
smc.exe -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLAcsd.exe -> File not found
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 1/15/2007 12:18:24 PM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 1/15/2007 12:28:52 PM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 1/15/2007 12:28:32 PM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 1/15/2007 12:27:52 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]

haydee · « **Reply #3 on:** June 10, 2007, 09:59:25 PM »

(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.37 | Size = 307200 bytes | Modified Date = 2/26/2004 8:55:20 AM | Attr = ]
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 1/15/2007 12:28:58 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 6/21/2004 11:50:30 AM | Attr = ]
SmcService -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{08C134D3-087C-4139-A98C-3A078358DFDE} [HKLM] -> %System32%\byxurrr.dll [] -> [Ver = | Size = 33302 bytes | Modified Date = 6/6/2007 4:28:40 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
awtqp -> %System32%\awtqp.dll -> [Ver = | Size = 263220 bytes | Modified Date = 6/8/2007 7:52:40 PM | Attr = HS]
byxurrr -> %System32%\byxurrr.dll -> [Ver = | Size = 33302 bytes | Modified Date = 6/6/2007 4:28:40 PM | Attr = ]

haydee · « **Reply #4 on:** June 10, 2007, 10:13:38 PM »

< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->

haydee · « **Reply #5 on:** June 10, 2007, 10:14:40 PM »

< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.yahoo.com/ ->
HKLM: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.comcast.net ->
HKCU: SearchAssistant -> http://ie.search.msn.com/en-us/srchasst/srchasst.htm ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.0.2003051500 | Size = 50376 bytes | Modified Date = 5/14/2003 11:47:54 PM | Attr = ]
{08C134D3-087C-4139-A98C-3A078358DFDE} [HKLM] -> %System32%\byxurrr.dll [Reg Data - Value does not exist] -> [Ver = | Size = 33302 bytes | Modified Date = 6/6/2007 4:28:40 PM | Attr = ]
{4DDD747B-110B-4BBA-8A83-1B90ED65736F} [HKLM] -> %System32%\awtqp.dll [Reg Data - Value does not exist] -> [Ver = | Size = 263220 bytes | Modified Date = 6/8/2007 7:52:40 PM | Attr = HS]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKLM] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications. [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 2:21:58 PM | Attr = ]
{58CAD45F-1435-432C-3ABC-6E148B3BE658} [HKLM] -> %ProgramFiles%\Windows Media Player\lavufaw.dll [Reg Data - Value does not exist] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 1, 5, 1 | Size = 181752 bytes | Modified Date = 1/6/2006 11:52:14 AM | Attr = ]
{6F282B65-56BF-4BD1-A8B2-A4449A05863D} [HKLM] -> %ProgramFiles%\GamesBar\oberontb.dll [GamesBar] -> File not found
{7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} [HKLM] -> %ProgramFiles%\PeoplePC\Toolbar\ScamGrd.dll [PPCScamBHO Class] -> EarthLink, Inc. [Ver = 3.0.3.0 | Size = 176128 bytes | Modified Date = 1/19/2006 6:43:12 PM | Attr = ]
{B12B391A-A0A7-FB27-D97F-89ADA897299D} [HKLM] -> %System32%\dakv.dll [Reg Data - Value does not exist] -> File not found
{E12BFF69-38A7-406e-A8EF-2738107A7831} [HKLM] -> %System32%\xanjvlym.dll [Reg Data - Value does not exist] -> File not found
{F1CEB0E0-FB0E-4F79-8019-3031A22FCF7D} [HKLM] -> %ProgramFiles%\WindowsUpdate\hokel.dll [] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKLM] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications. [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 2:21:58 PM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKLM] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications. [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 2:21:58 PM | Attr = ]
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKLM] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications. [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 2:21:58 PM | Attr = ]
WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 6:07:38 PM | Attr = ]
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 6:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 6:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 5:43:00 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.mpeg -> %ProgramFiles%\Internet Explorer\PLUGINS\npqtplugin3.dll [QuickTime Plug-in 6.5] -> Apple Computer, Inc. [Ver = 6.5 | Size = 106496 bytes | Modified Date = 6/21/2004 11:50:24 AM | Attr = ]

haydee · « **Reply #6 on:** June 10, 2007, 10:15:30 PM »

< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{2A5E6B29-A553-4AC4-B600-CC7163D8A16A} -> () ->
{D4BC450B-465B-4BD1-8A55-F3375020F1A7} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{5C051655-FCD5-4969-9182-770EA5AA5565} -> Solitaire Showdown Class - CodeBase = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154116431296 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154448063656 ->
{89D75D39-5531-47BA-9E4F-B346BA9C362C} -> CWDL_DownLoadControl Class - CodeBase = http://www.callwave.com/include/cab/CWDL_DownLoad.CAB ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files/Folders - Created Within 30 days]
dnsbak.reg -> %SystemDrive%\dnsbak.reg -> [Ver = | Size = 8502 bytes | Created Date = 6/9/2007 1:53:00 PM | Attr = ]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 6/9/2007 1:52:26 PM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 6/8/2007 6:57:54 PM | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/21/2007 9:03:58 PM | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 232 bytes | Created Date = 6/5/2007 9:39:00 PM | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Created Date = 6/6/2007 8:03:16 AM | Attr = H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Created Date = 6/6/2007 8:10:37 PM | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Created Date = 6/6/2007 8:48:01 PM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/21/2007 9:03:58 PM | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 6/5/2007 9:39:00 PM | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Created Date = 6/6/2007 8:03:16 AM | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Created Date = 6/6/2007 8:10:37 PM | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Created Date = 6/6/2007 8:48:01 PM | Attr = H ]

haydee · « **Reply #7 on:** June 10, 2007, 10:16:15 PM »

haydee · « **Reply #8 on:** June 10, 2007, 10:17:05 PM »

swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/8/2007 7:48:51 PM | Attr = ]
uxtuneup.dll -> %System32%\uxtuneup.dll -> TuneUp Software GmbH [Ver = 2.0.0.7 | Size = 29704 bytes | Created Date = 5/15/2007 3:13:48 PM | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 6/8/2007 7:48:51 PM | Attr = ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.892.0 | Size = 31560 bytes | Created Date = 6/6/2007 8:46:41 PM | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.892.0 | Size = 85952 bytes | Created Date = 6/6/2007 8:46:31 PM | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.892.0 | Size = 94424 bytes | Created Date = 6/6/2007 8:46:31 PM | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.936.0 | Size = 23352 bytes | Created Date = 6/6/2007 8:46:41 PM | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.936.0 | Size = 43176 bytes | Created Date = 6/6/2007 8:46:41 PM | Attr = ]
AvgArCln.sys -> %System32%\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 6/7/2007 9:07:29 PM | Attr = ]
Teefer.sys -> %System32%\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Created Date = 6/8/2007 9:28:26 PM | Attr = ]
wg3n.sys -> %System32%\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 6/8/2007 9:28:27 PM | Attr = ]
wg4n.sys -> %System32%\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 6/8/2007 9:28:27 PM | Attr = ]
wg5n.sys -> %System32%\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 6/8/2007 9:28:27 PM | Attr = ]
wg6n.sys -> %System32%\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 6/8/2007 9:28:27 PM | Attr = ]
wpsdrvnt.sys -> %System32%\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Created Date = 6/8/2007 9:28:24 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
dnsbak.reg -> %SystemDrive%\dnsbak.reg -> [Ver = | Size = 8502 bytes | Modified Date = 6/9/2007 1:53:02 PM | Attr = ]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 6/9/2007 2:00:52 PM | Attr = ]
found.001 -> %SystemDrive%\found.001 -> [Folder | Modified Date = 5/17/2007 1:35:22 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/10/2007 8:07:38 AM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 6/8/2007 6:57:56 PM | Attr = ]
Recycled -> %SystemDrive%\Recycled -> [Folder | Modified Date = 6/8/2007 7:49:14 PM | Attr = HS]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/21/2007 9:04:00 PM | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 232 bytes | Modified Date = 6/5/2007 9:39:02 PM | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/6/2007 8:03:18 AM | Attr = H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/6/2007 8:10:38 PM | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/6/2007 8:48:02 PM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/21/2007 9:04:00 PM | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/5/2007 9:39:02 PM | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/6/2007 8:03:18 AM | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/6/2007 8:10:38 PM | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/6/2007 8:48:02 PM | Attr = H ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 6/9/2007 10:17:24 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/9/2007 10:17:22 AM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 6/9/2007 10:17:18 AM | Attr = ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/23/2007 9:29:58 PM | Attr = H ]
ACROREAD.INI -> %SystemRoot%\ACROREAD.INI -> [Ver = | Size = 2556 bytes | Modified Date = 6/9/2007 8:08:46 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/9/2007 1:54:54 PM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87040 bytes | Modified Date = 5/28/2007 4:23:12 AM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 6/7/2007 8:35:34 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/4/2007 3:50:06 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 6/8/2007 7:23:30 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6/7/2007 9:12:48 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/8/2007 4:09:34 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/8/2007 9:28:30 PM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 5/15/2007 3:23:58 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/9/2007 6:17:28 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6/6/2007 4:22:14 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/10/2007 12:17:20 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/8/2007 6:59:06 PM | Attr = S]
tcb.pmw -> %SystemRoot%\tcb.pmw -> [Ver = | Size = 45 bytes | Modified Date = 6/6/2007 4:32:16 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/10/2007 11:33:08 AM | Attr = ]
WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Modified Date = 5/25/2007 5:31:20 PM | Attr = ]
1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 402 bytes | Modified Date = 6/8/2007 5:15:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/9/2007 1:55:06 PM | Attr = H ]
awtqp.dll -> %System32%\awtqp.dll -> [Ver = | Size = 263220 bytes | Modified Date = 6/8/2007 7:52:40 PM | Attr = HS]
byxurrr.dll -> %System32%\byxurrr.dll -> [Ver = | Size = 33302 bytes | Modified Date = 6/6/2007 4:28:40 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 5/23/2007 7:43:30 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/8/2007 7:25:58 PM | Attr = ]
ClickToFindandFixErrors_Intl.ico -> %System32%\ClickToFindandFixErrors_Intl.ico -> [Ver = | Size = 2238 bytes | Modified Date = 6/6/2007 8:36:14 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 6/8/2007 7:23:52 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 6/6/2007 8:46:42 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/8/2007 7:26:04 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/8/2007 9:28:28 PM | Attr = ]
ecypdnan.ini -> %System32%\ecypdnan.ini -> [Ver = | Size = 982785 bytes | Modified Date = 6/7/2007 4:40:28 PM | Attr = HS]
fhoufhdx.ini -> %System32%\fhoufhdx.ini -> [Ver = | Size = 970985 bytes | Modified Date = 6/9/2007 8:29:36 PM | Attr = HS]
ipcmbhyk.ini -> %System32%\ipcmbhyk.ini -> [Ver = | Size = 1012333 bytes | Modified Date = 6/6/2007 8:15:24 PM | Attr = HS]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 5/27/2007 5:23:06 PM | Attr = ]
nmeywjhq.ini -> %System32%\nmeywjhq.ini -> [Ver = | Size = 970803 bytes | Modified Date = 6/8/2007 4:43:18 PM | Attr = HS]
pqtwa.bak1 -> %System32%\pqtwa.bak1 -> [Ver = | Size = 1808519 bytes | Modified Date = 6/8/2007 7:52:52 PM | Attr = HS]
pqtwa.ini -> %System32%\pqtwa.ini -> [Ver = | Size = 1813283 bytes | Modified Date = 6/10/2007 12:17:20 PM | Attr = HS]
stera.job -> %System32%\stera.job -> [Ver = | Size = 2 bytes | Modified Date = 6/6/2007 8:00:30 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 6/1/2007 8:52:42 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 6/8/2007 7:47:36 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.22 | Size = 14250496 bytes | Modified Date = 3/19/2004 9:44:32 AM | Attr = R ]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> [Ver = 4, 7, 936, 0 | Size = 689280 bytes | Modified Date = 1/15/2007 12:32:08 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >

haydee · « **Reply #9 on:** June 10, 2007, 10:20:40 PM »

COMBOFIX WORD PAD

"Rosa Alonso" - 2007-06-08 18:55:43 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\Documents and Settings\Rosa Alonso.COQUI\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\rtutv.bak2
C:\WINDOWS\system32\rtutv.ini
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\rtutv.bak2
C:\WINDOWS\system32\rtutv.ini
C:\WINDOWS\system32\rtutv.tmp
C:\WINDOWS\system32\vtutr.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

-- Purity Folders:
C:\DOCUME~1\ROSAAL~1.COQ\MYDOCU~1\CROSOF~1.NET
C:\DOCUME~1\ROSAAL~1.COQ\STARTM~1\Programs.\PornoPlayer
C:\DOCUME~1\ROSAAL~1.COQ\STARTM~1\Programs.\PornoPlayer\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Temp\0b9
C:\Temp\0b9\tmpTF.logHiJackthis log
C:\Temp\tn3
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\cfg32r.dll
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\rau001978.exe
C:\WINDOWS\system32\CROSOF~1.NET
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\kdaql.exe
C:\WINDOWS\system32\pog
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T4\amst5.exe
C:\WINDOWS\wr.txt

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CORE
-------\LEGACY_NET_AGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\core
-------\Net Agent
-------\Windows Overlay Components

((((((((((((((((((((((((( Files Created from 2007-05-08 to 2007-06-08 )))))))))))))))))))))))))))))))

haydee · « **Reply #10 on:** June 10, 2007, 10:21:49 PM »

2007-06-07 21:07   3,968   --a------   C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-06-07 16:46   58,420   --a------   C:\WINDOWS\system32\xanjvlym.dll
2007-06-06 20:46   94,424   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-06 20:46   90,112   --a------   C:\WINDOWS\system32\AVASTSS.scr
2007-06-06 20:46   85,952   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-06 20:46   689,280   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-06-06 20:46   43,176   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-06 20:46   31,560   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-06 20:46   23,352   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-06 16:51   <DIR>   d--hsc---   C:\UWA7P
2007-06-06 16:49   <DIR>   d--------   C:\DOCUME~1\ROSAAL~1.COQ\APPLIC~1\WinAntiVirus Pro 2007
2007-06-06 16:48   <DIR>   dr-------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor
2007-06-06 16:46   89,088   --a------   C:\WINDOWS\system32\atl71.dll
2007-06-06 16:46   8,704   --a------   C:\WINDOWS\system32\SpOrder.dll
2007-06-06 16:46   24,064   --a------   C:\WINDOWS\system32\msxml3a.dll
2007-06-06 16:46   <DIR>   d--------   C:\Program Files\Common Files\WinAntiVirus Pro 2007
2007-06-06 16:46   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
2007-06-06 16:45   2,580   --a------   C:\WINDOWS\system32\itidslmy.exe
2007-06-06 16:42   131,124   --a------   C:\WINDOWS\system32\kyhbmcpi.dll
2007-06-06 16:41   33,302   --a------   C:\WINDOWS\system32\opnmnmm.dll
2007-06-06 16:40   55,316   --a------   C:\WINDOWS\system32\nqquvbep.dll
2007-06-06 16:31   2   --a------   C:\WINDOWS\system32\wcpisvit.exe
2007-06-06 16:30   771,920   -r-hs----   C:\WINDOWS\oaftrobA.exe
2007-06-06 16:30   46,592   --a------   C:\WINDOWS\oaftrob.exe
2007-06-06 16:29   <DIR>   d--------   C:\WINDOWS\system32\TQ0
2007-06-06 16:29   <DIR>   d--------   C:\WINDOWS\system32\T6
2007-06-06 16:28   33,302   --a------   C:\WINDOWS\system32\byxurrr.dll
2007-06-06 16:28   <DIR>   d----c---   C:\Temp\x2b
2007-06-06 16:28   <DIR>   d----c---   C:\Temp
2007-06-06 16:28   <DIR>   d--------   C:\WINDOWS\system32\T1QaSQ
2007-05-22 09:24   <DIR>   d--------   C:\Program Files\GamesBar
2007-05-22 09:24   <DIR>   d--------   C:\Program Files\Comcast Play Games
2007-05-22 09:24   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tarma Installer
2007-05-22 09:24   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
2007-05-18 17:51   <DIR>   d--------   C:\DOCUME~1\ROSAAL~1.COQ\APPLIC~1\Talkback
2007-05-15 17:50   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-05-15 17:38   <DIR>   d--------   C:\Program Files\CCleaner
2007-05-15 15:13   29,704   --a------   C:\WINDOWS\system32\uxtuneup.dll
2007-05-15 15:13   <DIR>   d--------   C:\Program Files\TuneUp Utilities 2007
2007-05-15 15:13   <DIR>   d--------   C:\DOCUME~1\ROSAAL~1.COQ\APPLIC~1\TuneUp Software
2007-05-15 15:12   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-05-15 15:12   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
2007-05-09 21:22   59,264   --a------   C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-05-09 21:13   <DIR>   d--------   C:\Program Files\Common Files\logishrd
2007-05-09 21:11   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2007-05-08 17:17   <DIR>   d--------   C:\Program Files\Alwil Software
2007-05-08 17:04   <DIR>   d--------   C:\DOCUME~1\ROSAAL~1.COQ\APPLIC~1\Sammsoft
2007-05-08 14:50   <DIR>   d--------   C:\Program Files\RegistryPatrol3.0
2007-05-08 14:26   <DIR>   d--------   C:\Program Files\XPMedic

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-08 02:12:46   --------   d--h--w   C:\Program Files\WindowsUpdate
2007-06-06 21:22:02   --------   d-----w   C:\DOCUME~1\ROSAAL~1.COQ\APPLIC~1\ComcastToolbar
2007-05-15 22:38:49   --------   d-----w   C:\Program Files\Yahoo!
2007-05-15 20:23:40   --------   d-----w   C:\Program Files\RamBooster 2.0
2007-05-09 21:05:02   --------   d-----w   C:\DOCUME~1\ROSAAL~1.COQ\APPLIC~1\Yahoo!
2007-05-09 18:57:40   --------   d-----w   C:\Program Files\The Rise Of Atlantis
2007-04-18 16:12:23   2,854,400   ----a-w   C:\WINDOWS\system32\msi.dll
2007-04-18 12:35:55   --------   d-----w   C:\Program Files\ComcastToolbar
2007-04-17 03:47:36   33,624   ----a-w   C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54   1,710,936   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48   549,720   ----a-w   C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42   325,976   ----a-w   C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36   203,096   ----a-w   C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28   92,504   ----a-w   C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20   53,080   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20   43,352   ----a-w   C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20   271,224   ----a-w   C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18   208,248   ----a-w   C:\WINDOWS\system32\muweb.dll
2007-04-10 13:27:32   --------   d-----w   C:\Program Files\Common Files\InstallShield
2007-04-10 13:27:13   --------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-04-10 13:10:54   --------   d-----w   C:\Program Files\iWin Games
2007-04-09 15:52:50   --------   d-----w   C:\Program Files\iWin.com
2007-04-09 13:26:11   --------   d-----w   C:\Program Files\Oberon Media
2007-04-08 22:03:48   --------   d-----w   C:\Program Files\BFG
2007-03-17 13:43:01   292,864   ----a-w   C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28   577,536   ----a-w   C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28   40,960   ----a-w   C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28   281,600   ----a-w   C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48   1,843,584   ----a-w   C:\WINDOWS\system32\win32k.sys

haydee · « **Reply #11 on:** June 10, 2007, 10:22:50 PM »

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-14 23:47]
{08C134D3-087C-4139-A98C-3A078358DFDE}=C:\WINDOWS\system32\byxurrr.dll [2007-06-06 16:28]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}=C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 14:21]
{58CAD45F-1435-432C-3ABC-6E148B3BE658}=C:\Program Files\Windows Media Player\lavufaw.dll []
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-01-06 11:52]
{6F282B65-56BF-4BD1-A8B2-A4449A05863D}=C:\Program Files\GamesBar\oberontb.dll [2006-07-06 14:54]
{7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED}=C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll [2006-01-19 18:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{B12B391A-A0A7-FB27-D97F-89ADA897299D}=C:\WINDOWS\system32\dakv.dll []
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 15:04]
{E12BFF69-38A7-406e-A8EF-2738107A7831}=C:\WINDOWS\system32\xanjvlym.dll [2007-06-07 16:46]
{F1CEB0E0-FB0E-4F79-8019-3031A22FCF7D}=C:\Program Files\WindowsUpdate\hokel.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 12:28]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-21 11:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{08C134D3-087C-4139-A98C-3A078358DFDE}"="C:\WINDOWS\system32\byxurrr.dll" [2007-06-06 16:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxurrr]
byxurrr.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AOL"=C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe /d locale=en-US ee://aol/browserapp
"Crao"="C:\WINDOWS\system32\CROSOF~1.NET\dexplore.exe" -vt yazb
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" /AUTO
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HostManager"=C:\Program Files\Common Files\AOL\1152373256\ee\AOLSoftware.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"tgcmd"=C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"runner1"=C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
"VTPreset"=VTPreset.exe
"Configuration Manager"=C:\WINDOWS\cfg32.exe
"oaftrobA"=C:\WINDOWS\oaftrobA.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
UxTuneUp

Contents of the 'Scheduled Tasks' folder
2007-06-08 22:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job

**************************************************************************

haydee · « **Reply #12 on:** June 10, 2007, 10:23:45 PM »

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-08 19:47:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-08 19:48:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-08 19:48

--- E O F ---

haydee · « **Reply #13 on:** June 10, 2007, 10:25:26 PM »

MoveIt Result

C:\Program Files\GamesBar moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xdhfuohf.dll
C:\WINDOWS\system32\xdhfuohf.dll NOT unregistered.
C:\WINDOWS\system32\xdhfuohf.dll moved successfully.

Created on 06/09/2007 14:24:23

haydee · « **Reply #14 on:** June 10, 2007, 10:29:14 PM »

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 2:14:05 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolbar.msn.com/installsuccess.aspx&&FORM=TOOLBR&DI=2883&CM=MsgrInstall
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\xdhfuohf.dll",realset
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD6

Author Topic: My Log from ComboFix continuation (Read 115716 times)

haydee

My Log from ComboFix continuation

haydee

Re: My Log from ComboFix continuation

haydee

Re: My Log from ComboFix continuation

haydee

Re: My Log from ComboFix continuation

haydee

Re: My Log from ComboFix continuation

haydee

Re: My Log from ComboFix continuation

haydee

Re: My Log from ComboFix continuation

haydee

Re: My Log from ComboFix continuation

haydee

Re: My Log from ComboFix continuation

haydee

Re: My Log from ComboFix continuation

haydee

Re: My Log from ComboFix continuation

haydee

Re: My Log from ComboFix continuation

haydee

Re: My Log from ComboFix continuation

haydee

Re: My Log from ComboFix continuation

haydee

Re: My Log from ComboFix continuation