Kaspersky Online Scanner Report
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, January 7, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, January 07, 2009 19:52:59
Records in database: 1580002
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 146349
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:55:42
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\hplvocqy.dll.vir Infected: Trojan.Win32.Monder.ajla 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuVMFWQj.dll.vir Infected: Trojan.Win32.Monder.agwe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wshamrnh.dll.vir Infected: Trojan.Win32.Monder.ahye 1
The selected area was scanned.
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:04 PM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.YOUR-190328E63E\Desktop\something.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=DTP&M=GT5220
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.h...s=DTP&M=GT5220
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 8046 bytes
ComboFix log:
ComboFix 09-01-07.01 - Owner 2009-01-07 12:30:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.511 [GMT -8:00]
Running from: c:\documents and settings\Owner.YOUR-190328E63E\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.YOUR-190328E63E\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090107-0] *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\system32\ffkuz.dll
c:\windows\system32\iIBQKdBu.dll
c:\windows\Tasks\nmblgxgd.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ffkuz.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.
2009-01-01 18:33 . 2009-01-01 18:37 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-01 18:33 . 2009-01-01 18:33 <DIR> d-------- c:\program files\Lavasoft
2009-01-01 18:33 . 2009-01-02 12:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-01 18:33 . 2009-01-01 18:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-29 22:03 . 2008-04-13 10:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-29 22:03 . 2008-04-13 10:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-29 21:50 . 2008-07-29 23:25 195,337 --a------ c:\windows\system32\nvapps.nvb
2008-12-29 21:49 . 2008-12-29 21:52 <DIR> d-------- c:\windows\NV24522448.TMP
2008-12-29 21:48 . 2009-01-01 12:59 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-29 21:48 . 2008-12-29 21:48 1,409 --a------ c:\windows\QTFont.for
2008-12-28 20:31 . 2008-12-28 20:31 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-28 20:00 . 2008-12-28 20:00 <DIR> d-------- C:\ProgramData
2008-12-28 20:00 . 2008-12-28 20:00 <DIR> d-------- c:\program files\Electronic Arts
2008-12-28 20:00 . 2008-12-28 20:00 6,302 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-12-28 19:11 . 2008-12-28 19:11 <DIR> d-------- c:\documents and settings\Owner.YOUR-190328E63E\Application Data\Hewlett-Packard
2008-12-28 12:58 . 2008-12-28 12:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-12-28 12:53 . 2005-08-11 15:29 73,728 --a------ c:\windows\system32\ISUSPM.cpl
2008-12-28 12:45 . 2008-12-28 13:02 <DIR> d-------- c:\program files\The Creative Assembly
2008-12-26 17:59 . 2008-12-28 20:12 <DIR> d-------- c:\program files\EA GAMES
2008-12-26 17:59 . 2007-04-04 14:39 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2008-12-26 17:56 . 2008-12-26 17:56 <DIR> d-------- c:\program files\Common Files\Microsoft Games
2008-12-26 17:46 . 2008-12-26 17:46 <DIR> d-------- c:\windows\Sun
2008-12-26 17:09 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-12-26 16:56 . 2008-12-26 16:56 <DIR> d-------- c:\program files\Microsoft Games
2008-12-21 14:00 . 2008-12-21 14:00 <DIR> d-------- c:\windows\system32\scripting
2008-12-21 14:00 . 2008-12-21 14:00 <DIR> d-------- c:\windows\system32\en
2008-12-21 14:00 . 2008-12-21 14:00 <DIR> d-------- c:\windows\system32\bits
2008-12-21 14:00 . 2008-12-21 14:00 <DIR> d-------- c:\windows\l2schemas
2008-12-21 13:57 . 2008-12-21 14:00 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-19 13:03 . 2008-04-13 16:12 1,737,856 --a------ c:\windows\system32\mtxparhd.dll
2008-12-19 13:02 . 2008-04-13 16:11 1,888,992 --a------ c:\windows\system32\ati3duag.dll
2008-12-19 00:07 . 2008-12-19 00:07 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-18 12:47 . 2008-12-18 12:47 <DIR> d---s---- c:\documents and settings\Owner.YOUR-190328E63E\UserData
2008-12-18 12:43 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-18 12:43 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-18 12:43 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-18 00:58 . 2008-12-18 00:58 268 --ah----- C:\sqmdata00.sqm
2008-12-18 00:58 . 2008-12-18 00:58 244 --ah----- C:\sqmnoopt00.sqm
2008-12-17 23:55 . 2008-12-17 23:55 <DIR> d-------- c:\program files\Alwil Software
2008-12-17 22:32 . 2008-12-18 12:47 <DIR> d-------- c:\documents and settings\Owner.YOUR-190328E63E\Contacts
2008-12-17 22:29 . 2008-12-17 22:51 <DIR> d-------- c:\program files\Windows Live
2008-12-17 22:29 . 2008-12-17 22:31 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-17 22:29 . 2008-12-17 22:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-17 18:25 . 2008-12-29 22:44 523 --a------ C:\hpfr3420.xml
2008-12-17 15:32 . 2008-12-17 15:32 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-12-17 15:31 . 2008-12-17 15:32 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-17 15:31 . 2008-12-17 15:33 19,558 --a------ c:\windows\hpoins01.dat
2008-12-17 15:31 . 2003-04-22 10:24 16,606 --------- c:\windows\hpomdl01.dat
2008-12-17 15:30 . 2008-12-17 15:31 <DIR> d-------- c:\temp\HP All-in-One Series Web Release
2008-12-17 15:30 . 2008-12-17 15:30 <DIR> d-------- C:\temp
2008-12-17 15:30 . 2008-12-17 15:30 <DIR> d-------- c:\documents and settings\OWNER~1~YOU\LOCALS~1
2008-12-17 15:30 . 2008-12-17 15:30 <DIR> d-------- c:\documents and settings\OWNER~1~YOU
2008-12-17 09:49 . 2008-12-17 09:49 <DIR> d-------- c:\program files\Ventrilo
2008-12-17 09:48 . 2009-01-01 18:33 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-17 09:46 . 2008-12-17 09:46 <DIR> d-------- c:\program files\Common Files\LogiShared
2008-12-17 09:46 . 2008-12-17 09:46 <DIR> d-------- c:\documents and settings\Owner.YOUR-190328E63E\Application Data\Logitech
2008-12-17 09:46 . 2008-12-17 09:46 <DIR> d-------- c:\documents and settings\Owner.YOUR-190328E63E\Application Data\Leadertech
2008-12-17 09:45 . 2008-12-17 09:45 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-17 09:45 . 2008-12-17 09:45 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-17 09:44 . 2008-12-17 09:49 <DIR> d-------- c:\program files\Logitech
2008-12-17 09:44 . 2008-12-17 09:44 <DIR> d-------- c:\program files\Common Files\Logitech
2008-12-17 09:44 . 2008-12-17 09:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-12-17 09:44 . 2007-04-11 15:33 1,419,024 --a------ c:\windows\system32\WdfCoInstaller01005.dll
2008-12-17 09:44 . 2007-04-23 04:00 163,840 --a------ c:\windows\system32\kemutb.dll
2008-12-17 09:44 . 2007-04-23 04:00 135,168 --a------ c:\windows\system32\KemUtil.dll
2008-12-17 09:44 . 2007-04-23 04:00 110,592 --a------ c:\windows\system32\KemWnd.dll
2008-12-17 09:44 . 2007-04-23 04:00 69,632 --a------ c:\windows\system32\KemXML.dll
2008-12-17 09:44 . 2007-04-11 15:32 56,080 --a------ c:\windows\KHALMNPR.Exe
2008-12-17 09:44 . 2007-04-11 15:32 36,112 --a------ c:\windows\system32\drivers\LMouFilt.Sys
2008-12-17 09:44 . 2007-04-11 15:32 34,832 --a------ c:\windows\system32\drivers\LHidFilt.Sys
2008-12-17 09:43 . 2008-12-17 09:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-12-17 09:43 . 2008-12-12 09:01 3,067,904 --a--c--- c:\windows\system32\dllcache\mshtml.dll
2008-12-17 09:43 . 2008-10-15 17:00 1,499,136 --a--c--- c:\windows\system32\dllcache\shdocvw.dll
2008-12-17 09:43 . 2008-10-15 17:00 666,112 --a--c--- c:\windows\system32\dllcache\wininet.dll
2008-12-17 09:43 . 2008-10-15 17:00 619,520 --a--c--- c:\windows\system32\dllcache\urlmon.dll
2008-12-17 09:42 . 2008-06-13 03:05 272,128 --a------ c:\windows\system32\drivers\bthport.sys
2008-12-17 09:42 . 2008-06-13 03:05 272,128 --a--c--- c:\windows\system32\dllcache\bthport.sys
2008-12-17 09:41 . 2008-08-14 02:11 2,189,184 --a--c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-17 09:41 . 2008-08-14 02:09 2,145,280 --a--c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-17 09:41 . 2008-08-14 01:33 2,066,048 --a--c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-17 09:41 . 2008-08-14 01:33 2,023,936 --a--c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-17 09:41 . 2008-09-15 04:12 1,846,400 --a--c--- c:\windows\system32\dllcache\win32k.sys
2008-12-17 09:41 . 2008-09-08 02:41 333,824 --a--c--- c:\windows\system32\dllcache\srv.sys
2008-12-17 09:39 . 2008-06-11 02:58 2,330,624 --a--c--- c:\windows\system32\dllcache\WMVCore.dll
2008-12-17 09:39 . 2008-09-04 09:15 1,106,944 --a--c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-17 09:39 . 2008-04-11 11:04 691,712 --a--c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-17 09:39 . 2008-10-24 03:21 455,296 --a--c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-17 09:39 . 2008-05-01 06:33 331,776 --a--c--- c:\windows\system32\dllcache\msadce.dll
2008-12-17 09:39 . 2008-05-08 06:02 203,136 --a--c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-17 09:38 . 2008-10-15 08:34 337,408 --a--c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-17 09:38 . 2008-10-03 02:02 247,326 --a--c--- c:\windows\system32\dllcache\strmdll.dll
2008-12-17 09:19 . 2008-12-17 22:01 <DIR> d-------- c:\documents and settings\Owner.YOUR-190328E63E\Application Data\U3
2008-12-17 00:19 . 2008-12-17 00:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-12-16 23:18 . 2008-12-16 23:18 <DIR> d-------- c:\documents and settings\Owner.YOUR-190328E63E\Application Data\AdobeUM
2008-12-16 22:38 . 2008-12-18 16:18 <DIR> d-------- c:\program files\World of Warcraft
2008-12-16 22:38 . 2008-12-16 22:38 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-12-16 22:24 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-16 22:23 . 2008-12-16 22:23 <DIR> d-------- c:\program files\MSBuild
2008-12-16 22:22 . 2008-12-16 22:22 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-16 22:20 . 2008-12-16 22:20 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-12-16 22:19 . 2008-12-16 22:22 <DIR> d-------- c:\windows\SHELLNEW
2008-12-16 22:19 . 2008-12-16 22:19 <DIR> dr-h----- C:\MSOCache
2008-12-16 22:19 . 2008-12-19 20:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-16 21:52 . 2008-12-16 22:17 <DIR> d-------- c:\program files\YPOPs
2008-12-16 21:43 . 2008-12-16 21:43 <DIR> d-------- c:\documents and settings\Owner.YOUR-190328E63E\Application Data\Thunderbird
2008-12-16 21:26 . 2009-01-07 10:39 186,591 --a------ c:\windows\system32\nvapps.xml
2008-12-16 21:25 . 2008-12-29 21:52 <DIR> d-------- c:\windows\nview
2008-12-16 21:25 . 2008-07-26 21:18 446,464 --a------ c:\windows\system32\nvudisp.exe
2008-12-16 21:25 . 2008-07-26 21:18 18,335 --a------ c:\windows\system32\nvdisp.nvu
2008-12-16 20:19 . 2008-12-16 20:19 <DIR> d-------- c:\program files\Dynex G Desktop Card Adapter
2008-12-16 20:19 . 2008-12-16 20:19 <DIR> d-------- c:\documents and settings\Owner.YOUR-190328E63E\Application Data\InstallShield
2008-12-16 20:08 . 2008-12-16 20:08 <DIR> d-------- c:\documents and settings\Owner.YOUR-190328E63E\Application Data\McAfee.com Personal Firewall
2008-12-16 20:07 . 2008-12-16 20:07 2 --a------ c:\windows\msoffice.ini
2008-12-16 20:04 . 2008-12-16 18:56 <DIR> d-------- c:\documents and settings\Owner.YOUR-190328E63E\WINDOWS
2008-12-16 20:04 . 2008-12-16 19:35 <DIR> d-------- c:\documents and settings\Owner.YOUR-190328E63E\Application Data\You've Got Pictures Screensaver
2008-12-16 20:04 . 2008-12-16 19:41 <DIR> d-------- c:\documents and settings\Owner.YOUR-190328E63E\Application Data\SampleView
2008-12-16 20:04 . 2008-12-29 21:51 <DIR> d-------- c:\documents and settings\Owner.YOUR-190328E63E
2008-12-16 20:03 . 2008-12-16 18:56 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2008-12-16 19:53 . 2008-12-16 19:53 8,192 --a------ c:\windows\REGLOCS.OLD
2008-12-16 19:50 . 2008-12-16 19:50 333 --a------ c:\windows\system32\$ncsp$.inf
2008-12-16 19:50 . 2008-12-16 19:50 0 --a------ c:\windows\system32\Gateway_GT5220__GCN6911008520.MRK
2008-12-16 19:49 . 2009-01-07 10:39 <DIR> d-------- c:\windows\system32\Lang
2008-12-16 19:49 . 2008-12-16 19:49 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2008-12-16 19:49 . 2008-12-16 19:49 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2008-12-16 19:48 . 2008-12-16 20:08 2,752 --a------ c:\windows\system32\Status.MPF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 09:18 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2008-12-28 09:18 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2008-12-17 03:35 8,552 ----a-w c:\windows\system32\drivers\asctrm.sys
2008-12-17 02:57 --------- d-----w c:\program files\Windows Plus
2008-12-17 02:57 --------- d-----w c:\program files\microsoft frontpage
2008-12-17 02:57 --------- d-----w c:\program files\Common Files\New Boundary
2008-12-17 02:56 --------- d-----w c:\documents and settings\All Users\Application Data\Prism Deploy
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2009-01-07_10.46.08.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-07 18:34:26 63,392 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-07 20:29:21 63,392 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-07 18:34:26 404,298 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-07 20:29:21 404,298 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-17 2094352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-16 98304]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]
"CHotkey"="zHotkey.exe" [2004-12-08 c:\windows\zHotkey.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-09 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-07-26 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
c:\documents and settings\Owner.YOUR-190328E63E\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-12-16 2168360]
Dynex Wireless Networking Utility.lnk - c:\program files\Dynex G Desktop Card Adapter\DynexWCUI.exe [2008-12-16 1454080]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-17 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-17 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-17 20560]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3f14c02-cc5e-11dd-b92d-001cdf0cc913}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-12-30 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1229567065.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5220
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5220
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.YOUR-190328E63E\Application Data\Mozilla\Firefox\Profiles\ucjpxy6w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 12:33:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-01-07 12:34:54
ComboFix-quarantined-files.txt 2009-01-07 20:34:34
ComboFix2.txt 2009-01-07 18:46:47
Pre-Run: 190,656,172,032 bytes free
Post-Run: 190,639,116,288 bytes free
273 --- E O F --- 2008-12-28 09:20:14
Also, a question...would Avast Anti-Virus be sufficient or should I switch to Kaspersky? I just want to make sure that something like this doesn't happen again.