ComboFix 08-03-04.2 - KJL 2008-03-04 6:48:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.393 [GMT -9:00] Running from: C:\Documents and Settings\KJL\Local Settings\Temporary Internet Files\Content.IE5\RINFML54\ComboFix[1].exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Program Files\3721 C:\Program Files\3721\assist\asbar.dll C:\Program Files\3721\helper.dll C:\Program Files\Accoona C:\Program Files\Accoona\ASearchAssist.dll C:\Program Files\akl C:\Program Files\akl\akl.dll C:\Program Files\akl\akl.exe C:\Program Files\akl\curlog.htm C:\Program Files\akl\keylog.txt C:\Program Files\akl\readme.txt C:\Program Files\akl\uninstall.exe C:\Program Files\akl\unsetup.dat C:\Program Files\akl\unsetup.exe C:\Program Files\amsys C:\Program Files\amsys\awmsg.dat C:\Program Files\amsys\guid.dat C:\Program Files\amsys\ijl15.dll C:\Program Files\amsys\mfc42.dll C:\Program Files\amsys\msvcrt.dll C:\Program Files\amsys\unins000.dat C:\Program Files\amsys\unis000.exe C:\Program Files\amsys\winam.dat C:\Program Files\e-zshopper C:\Program Files\e-zshopper\BarLcher.dll C:\Program Files\p2pnetworks C:\Program Files\p2pnetworks\amp2pl.exe C:\Program Files\Windows NT\gunete777444.dll C:\WINDOWS\764.exe C:\WINDOWS\7search.dll C:\WINDOWS\absolute key logger.lnk C:\WINDOWS\aconti.exe C:\WINDOWS\aconti.ini C:\WINDOWS\aconti.log C:\WINDOWS\aconti.sdb C:\WINDOWS\acontidialer.txt C:\WINDOWS\adbar.dll C:\WINDOWS\cbinst$.exe C:\WINDOWS\daxtime.dll C:\WINDOWS\default.htm C:\WINDOWS\dp0.dll C:\WINDOWS\eventlowg.dll C:\WINDOWS\flt.dll C:\WINDOWS\hotporn.exe C:\WINDOWS\ie_32.exe C:\WINDOWS\iexplorr23.dll C:\WINDOWS\jd2002.dll C:\WINDOWS\kkcomp$.exe C:\WINDOWS\kvnab$.exe C:\WINDOWS\liqad$.exe C:\WINDOWS\ngd.dll C:\WINDOWS\pbar.dll C:\WINDOWS\spredirect.dll C:\WINDOWS\system32\[u]0[/u]00070.exe C:\WINDOWS\system32\ace16win.dll C:\WINDOWS\system32\acespy C:\WINDOWS\system32\acespy\__acelog.ndx C:\WINDOWS\system32\acespy\systune.exe C:\WINDOWS\system32\version69ie7fix.dll C:\WINDOWS\system32\vxddsk.exe C:\WINDOWS\system32\wml.exe C:\WINDOWS\vxddsk.exe C:\WINDOWS\wbeInst$.exe C:\WINDOWS\wml.exe C:\WINDOWS\xxxvideo.exe ----- BITS: Possible infected sites ----- hxxp://80.93.48.74 hxxp://au.download.windowsupdate.cõj . ((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))) . 2008-03-03 10:05 . 2008-03-03 10:05 d-------- C:\WINDOWS\Google Toolbar 2008-03-02 23:10 . 2008-03-02 23:11 314,048,512 --a------ C:\B316.tmp 2008-03-02 20:39 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-03-02 20:38 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\ubjqhvfklayp.sys 2008-03-02 19:54 . 2008-03-03 05:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-03-02 19:54 . 2008-03-03 05:27 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-03-02 19:53 . 2008-03-03 06:51 d-------- C:\WINDOWS\system32\ActiveScan 2008-03-02 19:53 . 2008-03-03 05:27 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-03-02 16:53 . 2008-03-04 06:44 d-------- C:\Program Files\SUPERAntiSpyware 2008-03-02 16:53 . 2008-03-02 16:53 d-------- C:\Documents and Settings\KJL\Application Data\SUPERAntiSpyware.com 2008-03-02 16:53 . 2008-03-02 16:53 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-02 16:51 . 2008-03-02 16:51 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-02 14:59 . 2008-03-02 14:59 d-------- C:\Documents and Settings\KJL\Application Data\Grisoft 2008-03-02 14:59 . 2008-03-02 14:59 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-02 14:59 . 2007-05-30 03:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-02 08:38 . 2008-03-02 08:52 136,627 --a------ C:\WINDOWS\POTA777444.exe 2008-03-01 19:10 . 2008-03-01 19:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-03-01 16:02 . 2008-03-01 16:02 4 --a------ C:\WINDOWS\system32\winfrun32.bin 2008-03-01 07:49 . 2008-03-01 07:49 6,656 --a------ C:\WINDOWS\s.dll 2008-02-29 05:39 . 2008-03-01 15:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-29 05:39 . 2008-02-29 05:39 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-24 17:49 . 2008-03-03 13:04 d-------- C:\TEMP\.deleted . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-03 19:07 --------- d-----w C:\Program Files\PhotoWorks 2008-03-03 19:05 --------- d-----w C:\Program Files\eGames 2008-03-03 16:26 --------- d-----w C:\Program Files\Trend Micro 2008-03-03 15:37 --------- d-----w C:\Program Files\NetWaiting 2008-03-03 15:32 --------- d-----w C:\Program Files\Google 2008-03-03 15:31 --------- d-----w C:\Program Files\Digital Line Detect 2008-03-03 15:31 --------- d-----w C:\Program Files\Dell Support 2008-03-03 15:29 --------- d-----w C:\Program Files\BAE 2008-03-02 01:01 --------- d-----w C:\Program Files\Windows Plus 2008-01-24 04:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell 2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll 2005-05-12 07:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll 2006-12-02 00:55 88 --sh--r C:\WINDOWS\system32\6D10D6E481.sys 2006-12-02 00:55 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00e7e722-1dd2-11b2-aff7-ac910f9327fe}] C:\WINDOWS\hmtixubk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{019AEC30-DD6D-47C4-8806-2260F5B3DCF3}] C:\Program Files\Windows Plus\vidy555077.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-09 23:24 20480] "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39 176201] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 18:57 395776] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 02:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 07:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 06:41 68856] "QdrModule13"="C:\Program Files\QdrModule\QdrModule13.exe" [ ] "QdrPack13"="C:\Program Files\QdrPack\QdrPack13.exe" [ ] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 06:44 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 11:01 67584] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 06:44 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 06:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 06:45 118784] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 15:48 761947] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 19:48 1392640] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 20:30 282624 C:\WINDOWS\stsystra.exe] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 15:51 1032192] "CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 12:57 57344] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 13:42 823362] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 02:20 122940] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 13:50 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 13:50 81920] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-11-23 11:38 169984] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 17:16 184320] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-23 11:34 98304] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 00:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 19:05:26 29696] Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 15:28:28 622653] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-23 11:30:29 24576] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 19:07:32 81920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-04 06:43 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe *Newly Created Service* - SASDIFSV . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-04 06:50:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-04 6:51:30 ComboFix-quarantined-files.txt 2008-03-04 15:51:22 . 2008-02-20 17:37:19 --- E O F ---