ComboFix 08-11-26.01 - Administrator 2008-11-25 18:20:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.70 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt,.txt
* Created a new restore point
FILE ::
c:\documents and settings\Administrator\inetconfigs.dll
c:\windows\system32\AK083E209605E394C.lie
c:\windows\system32\drivers\pppapgge.sys
c:\windows\system32\jaahjaa.dll
c:\windows\system32\mejqoubv.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\inetconfigs.dll
c:\program files\NoAdware
c:\program files\NoAdware\noadware4_112408.na
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Manager\CPtask.xml
c:\program files\Viewpoint\Viewpoint Manager\VETscriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewCP.cpl
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
c:\program files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305001C.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\AtmoHWConfig.txt
c:\program files\Viewpoint\Viewpoint Media Player\Components\atmosphere.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\AvatarsDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\Components\BlueStreak.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\BookmarksDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\Components\DefaultAvatarIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\Components\DefaultWorldIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\Components\ExtremeShot.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\InternetChatHelp.url
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts2Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VETsdk.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\AtmoHWConfig.txt
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\AvatarsDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\BookmarksDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\DefaultAvatarIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\DefaultWorldIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\InternetChatHelp.url
c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AtmoHWConfig.txt
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AvatarsDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\BookmarksDefault.prf
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultAvatarIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultWorldIcon.jpg
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\InternetChatHelp.url
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
c:\program files\WebMediaViewer
c:\program files\WebMediaViewer\browseu.exe
c:\program files\WebMediaViewer\browseul.dll
c:\program files\WebMediaViewer\hpmun.dll
c:\program files\WebMediaViewer\hpmun.exe
c:\program files\WebMediaViewer\myd.ico
c:\program files\WebMediaViewer\mym.ico
c:\program files\WebMediaViewer\myp.ico
c:\program files\WebMediaViewer\myv.ico
c:\program files\WebMediaViewer\ot.ico
c:\program files\WebMediaViewer\qttasku.exe
c:\program files\WebMediaViewer\ts.ico
c:\windows\system32\512686
c:\windows\system32\AK083E209605E394C.lie
c:\windows\system32\drivers\pppapgge.sys
c:\windows\system32\jaahjaa.dll
c:\windows\system32\mejqoubv.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service
-------\Legacy_pppapgge
-------\Service_pppapgge
((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 )))))))))))))))))))))))))))))))
.
2008-11-25 17:11 . 2008-11-25 17:11
d----c--- C:\_OTMoveIt
2008-11-25 16:48 . 2008-11-25 16:48 250 --a------ c:\windows\gmer.ini
2008-11-25 08:31 . 2008-11-25 08:31 d-------- c:\program files\Common Files\Download Manager
2008-11-25 08:19 . 2008-11-25 08:27 d-------- c:\program files\Perfect Uninstaller
2008-11-25 08:19 . 2008-09-16 18:09 30,080 --a------ c:\windows\system32\drivers\RKHit.sys
2008-11-24 22:28 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx
2008-11-24 22:28 . 2004-03-09 16:45 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2008-11-24 22:28 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll
2008-11-24 20:11 . 2008-11-25 17:51 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-24 20:11 . 2008-11-24 20:11 1,409 --a------ c:\windows\QTFont.for
2008-11-24 11:43 . 2008-11-24 16:33 d-------- c:\program files\Spybot - Search & Destroy
2008-11-24 11:43 . 2008-11-24 19:12 d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-24 11:25 . 2008-11-24 11:25 0 --a------ c:\windows\nsreg.dat
2008-11-24 10:27 . 2008-11-24 10:27 d-------- c:\temp\google
2008-11-24 10:24 . 2008-11-25 12:34 d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-11-24 09:41 . 2008-11-24 11:45 d-------- c:\documents and settings\All Users\Application Data\SITEguard
2008-11-24 09:40 . 2008-11-24 09:40 d-------- c:\program files\Common Files\iS3
2008-11-24 09:40 . 2008-11-24 12:08 d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2008-11-24 09:19 . 2008-11-25 14:12 d-a------ c:\documents and settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 14:38 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-24 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-24 17:54 --------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop
2008-11-24 17:31 --------- d-----w c:\program files\Google
2008-10-04 16:37 --------- d-----w c:\program files\JumpStart
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-27 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="-" [X]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Mobile User VPN.lnk - c:\program files\WatchGuard\Mobile User VPN\SafeCfg.exe [2006-06-08 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\WatchGuard\\Mobile User VPN\\IreIKE.exe"=
"c:\program files\WatchGuard\Mobile User VPN\ViewLog.exe"= c:\program files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\WatchGuard\Mobile User VPN\CmonApp.exe"= c:\program files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\WatchGuard\Mobile User VPN\vpn.exe"= c:\program files\WatchGuard\Mobile User VPN\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"38750:TCP"= 38750:TCP:@xpsp2res.dll
"2552:TCP"= 2552:TCP:@xpsp2res.dll
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"36875:TCP"= 36875:TCP:@xpsp2res.dll
"49480:TCP"= 49480:TCP:@xpsp2res.dll
"7529:TCP"= 7529:TCP:@xpsp2res.dll
"5908:TCP"= 5908:TCP:@xpsp2res.dll
"60232:TCP"= 60232:TCP:@xpsp2res.dll,-22009
"58952:TCP"= 58952:TCP:@xpsp2res.dll,-22009
"60766:TCP"= 60766:TCP:@xpsp2res.dll,-22009
"33272:TCP"= 33272:TCP:@xpsp2res.dll,-22009
"32080:TCP"= 32080:TCP:@xpsp2res.dll,-22009
"36756:TCP"= 36756:TCP:@xpsp2res.dll,-22009
"62486:TCP"= 62486:TCP:@xpsp2res.dll,-22009
"2571:TCP"= 2571:TCP:@xpsp2res.dll,-22009
"50044:TCP"= 50044:TCP:@xpsp2res.dll,-22009
"63081:TCP"= 63081:TCP:@xpsp2res.dll,-22009
"49686:TCP"= 49686:TCP:@xpsp2res.dll,-22009
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2006-06-08 521786]
R2 IPSECDRV;SafeNet IPSec Plugin;\??\c:\windows\system32\Drivers\IPSECDRV.sys [2006-06-08 119864]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\DRIVERS\vap.sys [2006-06-08 36188]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\RKHit.sys [2008-11-25 30080]
*Newly Created Service* - PPPAPGGE
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 18:24:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WatchGuard\Mobile User VPN\IreIKE.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\WatchGuard\Mobile User VPN\IPSecMon.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lexmark X74-X75\lxbbbmon.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-25 18:27:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-26 00:26:56
ComboFix2.txt 2008-11-25 23:56:20
Pre-Run: 11,011,641,344 bytes free
Post-Run: 10,992,922,624 bytes free
235 --- E O F --- 2008-09-20 14:45:28