PDA

View Full Version : smitfraud-c Virtumundo


kct101
2008-08-14, 19:14
I tried the SmitfraudFix as specified no luck also ran spybot and unplugged internet in safemode. here is log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:51, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [5c0ac506] rundll32.exe "C:\WINDOWS\system32\fpqcpsyg.dll",b
O4 - HKLM\..\Run: [BM5f39f69a] Rundll32.exe "C:\WINDOWS\system32\uymhuaie.dll",s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210292856515
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 3437 bytes
kct101
2008-08-14, 21:08
ComboFix 08-08-13.05 - wftibor 2008-08-14 14:36:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.118 [GMT -4:00]
Running from: C:\Documents and Settings\wftibor\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\wftibor\Application Data\macromedia\Flash Player\#SharedObjects\GMJ5L7YZ\interclick.com
C:\Documents and Settings\wftibor\Application Data\macromedia\Flash Player\#SharedObjects\GMJ5L7YZ\interclick.com\ud.sol
C:\Documents and Settings\wftibor\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\wftibor\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\wftibor\Cookies.\wftibor@ads.pointroll[1].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@ads.revsci[1].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@adtrgt[2].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@adtrgt[3].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@advertising[2].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@antispywaremaster[2].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@ehg-newscientist.hitbox[2].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@ehg-traderpublishing.hitbox[2].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@ehg.ripetv[2].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@flock[1].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@hotbar[2].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@hotbar[3].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@insightexpressai[1].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@interclick[1].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@realpatrol[2].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@revsci[2].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@trafficmp[1].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@trafficmp[2].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@web.nautilusinc[2].txt
C:\Documents and Settings\wftibor\Cookies.\wftibor@www1.tradekey[2].txt
C:\Program Files\Common Files\download
C:\Program Files\Common Files\download\3DEmoticons.zip
C:\Program Files\yahoo!\assist~1
C:\Program Files\yahoo!\assist~1\Assist\CoolBar\prodef.ini
C:\Program Files\yahoo!\assist~1\Assist\CoolBar\profile.ini
C:\Program Files\yahoo!\assist~1\Assist\Images\adkiller.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\alert.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\alertnew.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\anitvirus.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\assist.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\clear.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\custheme.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\hilight.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\iefix.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\logo.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\music.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\musiclink.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\musictop.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\picture.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\search.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\searchtop.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\settings.bmp
C:\Program Files\yahoo!\assist~1\Assist\Images\yphtb.bmp
C:\Program Files\yahoo!\assist~1\Assist\SearchBar\prodef.ini
C:\Program Files\yahoo!\assist~1\Assist\SearchBar\profile.ini
C:\Program Files\yahoo!\assist~1\Assist\SecurityBar\prodef.ini
C:\Program Files\yahoo!\assist~1\Assist\SecurityBar\profile.ini
C:\Program Files\yahoo!\assist~1\Assist\yadfilter.dll
C:\Program Files\yahoo!\assist~1\Assist\yadwreg.dll
C:\Program Files\yahoo!\assist~1\Assist\yangling.cab
C:\Program Files\yahoo!\assist~1\Assist\yasbar.dll
C:\Program Files\yahoo!\assist~1\Assist\yascenter.exe
C:\Program Files\yahoo!\assist~1\Assist\yasierres.cab
C:\Program Files\yahoo!\assist~1\Assist\yaskpsec.dat
C:\Program Files\yahoo!\assist~1\Assist\yasnoad.cab
C:\Program Files\yahoo!\assist~1\Assist\yassecblk.dll
C:\Program Files\yahoo!\assist~1\Assist\yassisres.dll
C:\Program Files\yahoo!\assist~1\Assist\yassist.dll
C:\Program Files\yahoo!\assist~1\Assist\yassistex.dll
C:\Program Files\yahoo!\assist~1\Assist\yassistn.ini
C:\Program Files\yahoo!\assist~1\Assist\yassistnsw.ini
C:\Program Files\yahoo!\assist~1\Assist\yaswiper.dll
C:\Program Files\yahoo!\assist~1\Assist\ydragsearch.dll
C:\Program Files\yahoo!\assist~1\Assist\yeheocx.dll
C:\Program Files\yahoo!\assist~1\Assist\yoptimum.dll
C:\Program Files\yahoo!\assist~1\Assist\yphishbrule.dat
C:\Program Files\yahoo!\assist~1\Assist\yphishrule.dat
C:\Program Files\yahoo!\assist~1\Assist\yphotoseasy.dll
C:\Program Files\yahoo!\assist~1\Assist\yphtb.dll
C:\Program Files\yahoo!\assist~1\Assist\yrepair.dll
C:\Program Files\yahoo!\assist~1\Assist\ysettings.dll
C:\Program Files\yahoo!\assist~1\Assist\yuninst.dll
C:\Program Files\yahoo!\assist~1\Assist\ywiper.cab
C:\Program Files\yahoo!\assist~1\Assist\yzsnetproto.dll
C:\Program Files\yahoo!\assist~1\Shell\yAsMenu.dll
C:\Program Files\yahoo!\assist~1\Shell\yAssecblk.dll
C:\Program Files\yahoo!\assist~1\Shell\yIEAngel.dll
C:\Program Files\yahoo!\assist~1\Shell\yMenuInfo.dll
C:\Program Files\yahoo!\assist~1\yal01.dat
C:\Program Files\yahoo!\assist~1\YAlive.dll
C:\Program Files\yahoo!\assist~1\yalive.ini
C:\Program Files\yahoo!\assist~1\yalvsw.ini
C:\Program Files\yahoo!\assist~1\yassistse.exe
C:\Program Files\yahoo!\assist~1\yhelper.dll
C:\Program Files\yahoo!\assist~1\ylive.exe
C:\Program Files\yahoo!\assist~1\ynotifier.dll
C:\Program Files\yahoo!\assist~1\yscrblock.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\BM5f39f69a.txt
C:\WINDOWS\BM5f39f69a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\rasptii.sys
C:\WINDOWS\system32\egPqWvut.ini
C:\WINDOWS\system32\egPqWvut.ini2
C:\WINDOWS\system32\fpqcpsyg.dll
C:\WINDOWS\system32\gyspcqpf.ini
C:\WINDOWS\system32\loceaocf.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nqclgc.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\slyajg.dll
C:\WINDOWS\system32\tuvWqPge.dll
C:\WINDOWS\system32\xtcydslg.dll
C:\WINDOWS\system32\xyqltjcu.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_RASPTII
-------\Legacy_TNIDRIVER
-------\Service_rasptii
-------\Service_TnIDriver


((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-14 13:05 . 2008-08-14 13:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-14 11:34 . 2008-08-14 12:06 1,526 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-14 10:52 . 2008-08-14 10:52 <DIR> d-------- C:\Program Files\Safer Networking
2008-08-14 09:19 . 2008-08-14 09:19 <DIR> d-------- C:\Program Files\Panda Security
2008-08-14 09:19 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-13 23:52 . 2008-08-14 12:45 409 --a------ C:\WINDOWS\wininit.ini
2008-08-13 19:56 . 2008-08-14 01:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-13 18:16 . 2008-08-13 18:16 0 --a------ C:\W
2008-08-13 18:05 . 2008-08-13 18:05 2,048 --a------ C:\WINDOWS\system32\imilqcxp.exe
2008-08-13 16:11 . 2008-08-14 08:59 <DIR> d-------- C:\Program Files\a-squared Free
2008-08-13 14:55 . 2008-08-14 01:31 <DIR> d--hs---- C:\WINDOWS\S2VycnkgVHlib3I
2008-08-13 14:54 . 2008-08-13 17:16 <DIR> d-------- C:\WINDOWS\system32\tp
2008-08-13 14:54 . 2008-08-14 01:31 <DIR> d-------- C:\WINDOWS\system32\kBin15
2008-08-13 14:54 . 2008-08-13 17:16 <DIR> d-------- C:\WINDOWS\system32\gps
2008-08-13 14:54 . 2008-08-13 17:16 <DIR> d-------- C:\WINDOWS\system32\fx
2008-08-13 14:54 . 2008-08-13 14:54 <DIR> d-------- C:\WINDOWS\system32\fin2
2008-08-13 14:54 . 2008-08-13 14:54 <DIR> d-------- C:\Temp\epr1
2008-08-03 13:37 . 2008-08-03 13:41 <DIR> d-------- C:\Documents and Settings\wftibor\Application Data\DivX
2008-08-02 21:52 . 2008-06-10 20:07 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-08-02 21:52 . 2008-06-10 20:07 120,056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-08-02 21:52 . 2008-06-10 20:07 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-08-02 21:51 . 2008-08-02 21:53 <DIR> d-------- C:\Program Files\DivX
2008-08-01 20:10 . 2008-08-01 20:10 <DIR> d-------- C:\SureSupply
2008-08-01 20:10 . 2008-08-01 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-08-01 20:06 . 2006-01-05 17:07 13,438 --------- C:\WINDOWS\hpbins01.dat.temp
2008-08-01 20:06 . 2006-01-05 17:07 1,977 --a------ C:\WINDOWS\hpbvnstp.hi2
2008-08-01 20:06 . 2004-04-08 08:39 1,380 --------- C:\WINDOWS\hpbmdl01.dat.temp
2008-08-01 20:06 . 2008-08-01 20:06 1,215 --a------ C:\WINDOWS\hpbvspst.his
2008-08-01 20:06 . 2006-01-05 17:07 750 --a------ C:\WINDOWS\hpbvnstp.bu2
2008-08-01 20:06 . 2008-08-01 20:06 576 --a------ C:\WINDOWS\hpbvspst.ini
2008-07-30 20:14 . 2008-07-30 20:14 <DIR> d-------- C:\New Folder
2008-07-29 09:23 . 2008-07-29 09:23 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-29 09:23 . 2008-07-29 09:23 <DIR> d-------- C:\Program Files\DIFX
2008-07-29 09:23 . 2008-05-30 16:29 84,992 --a------ C:\WINDOWS\system32\lmdimon8.dll
2008-07-29 09:21 . 2008-07-29 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Applications
2008-07-27 13:15 . 2008-08-08 23:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-27 13:15 . 2008-07-27 13:15 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 18:36 --------- d-----w C:\Program Files\Yahoo!
2008-08-14 18:17 --------- d-----w C:\Documents and Settings\wftibor\Application Data\LimeWire
2008-08-14 15:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-14 14:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-14 13:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-08-14 13:02 --------- d-----w C:\Program Files\Uniblue
2008-08-14 13:02 --------- d-----w C:\Documents and Settings\wftibor\Application Data\Uniblue
2008-08-13 21:17 --------- d-----w C:\Program Files\Viewpoint
2008-08-13 21:17 --------- d-----w C:\Program Files\QuickTime
2008-08-13 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-13 20:20 --------- d-----w C:\Documents and Settings\wftibor\Application Data\uTorrent
2008-08-13 17:19 10,552 ----a-w C:\Documents and Settings\wftibor\Application Data\wklnhst.dat
2008-08-02 16:21 74,944 ----a-w C:\Documents and Settings\wftibor\Application Data\GDIPFONTCACHEV1.DAT
2008-08-02 00:10 --------- d-----w C:\Program Files\hp
2008-08-01 16:30 --------- d-----w C:\Program Files\Google
2008-07-09 14:43 --------- d-----w C:\Documents and Settings\wftibor\Application Data\Apple Computer
2008-07-09 14:25 --------- d-----w C:\Program Files\LimeWire
2008-07-08 04:41 --------- d-----w C:\Program Files\VirtualDJ
2008-07-07 16:47 --------- d-----w C:\Program Files\Free Window Sweeper
2008-04-09 23:09 80 --sh--r C:\WINDOWS\system32\DD1896E406.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
--a------ 2003-02-17 17:00 86102 C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-12-05 16:41 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-18 12:58 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
--a------ 2006-01-05 17:12 98304 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-25 21:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
--a------ 2003-10-03 13:52 61440 C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-01 17:31 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
--a------ 2004-04-09 11:31 184320 C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-08-06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-04-08 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-04-08 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{57DF73C0-833C-48B7-9146-1E18930D57FF} - C:\WINDOWS\system32\jkkIcDVO.dll
BHO-{79141a23-8361-15cb-6d2a-bd92f11e3ae5} - C:\WINDOWS\system32\sdxtetyeuaodw.dll
HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-QuickTime Task - C:\Program Files\QuickTime\qttask.exe
HKLM-Run-5c0ac506 - C:\WINDOWS\system32\fpqcpsyg.dll
HKLM-Run-BM5f39f69a - C:\WINDOWS\system32\uymhuaie.dll
HKU-Default-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
ShellExecuteHooks-{57DF73C0-833C-48B7-9146-1E18930D57FF} - C:\WINDOWS\system32\jkkIcDVO.dll
Notify-jkkIcDVO - jkkIcDVO.dll
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-HostManager - C:\Program Files\Common Files\AOL\1126059407\ee\AOLHostManager.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\qttask.exe
MSConfigStartUp-Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 14:42:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-14 14:50:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 18:49:55

Pre-Run: 68,123,189,248 bytes free
Post-Run: 68,114,903,040 bytes free

282 --- E O F --- 2008-05-08 23:32:23