ComboFix 08-02-23.2 - Owner 2008-02-23 11:01:00.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.257 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.
2008-02-20 07:38 . 2008-02-20 07:38 <DIR> d-------- C:\_OTMoveIt
2008-02-19 15:24 . 2008-02-19 15:31 <DIR> d-------- C:\Program Files\SpyZooka
2008-02-19 15:13 . 2008-02-19 15:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert
2008-02-19 12:47 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 23:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-23 23:37 --------- d-----w C:\Program Files\Coloreal
2008-02-19 20:24 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-02-19 11:58 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-13 11:53 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-13 11:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-13 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-13 11:52 --------- d-----w C:\Program Files\Symantec
2008-01-04 21:37 --------- d-----w C:\Program Files\iTunes
2008-01-04 21:31 --------- d-----w C:\Program Files\QuickTime
2008-01-04 20:44 114,688 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-01-03 13:10 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-01 17:51 --------- d-----w C:\Program Files\WildTangent
2008-01-01 17:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\SpywareBot
2008-01-01 16:12 24,576 ----a-w C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-01 15:38 18,432 ----a-w C:\WINDOWS\fkwggshm.exe
2008-01-01 15:25 550,912 ----a-w C:\WINDOWS\system32\mwinsmdq.exe
2008-01-01 15:25 431,104 ----a-w C:\WINDOWS\system32\ps2.exe
2008-01-01 15:24 440,832 ----a-w C:\WINDOWS\UpdReg.EXE
2008-01-01 15:20 10 ----a-w C:\Program Files\.autoreg
2008-01-01 15:03 --------- d-----w C:\Program Files\AWS
2007-12-31 23:36 --------- d-----w C:\Program Files\iPod
2007-12-25 15:19 --------- d-----w C:\Program Files\Common Files\Sony Shared
2007-12-25 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-12-24 21:05 --------- d-----w C:\Program Files\WindSolutions
2007-12-23 23:56 --------- d-----w C:\Program Files\Picasa2
2007-12-21 04:11 81,920 ----a-w C:\WINDOWS\system32\IEDFix.exe
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-03 10:25 73,280 ----a-w C:\WINDOWS\system32\amwwukpa.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 61,440 2001-07-07 04:56:56 C:\hp\KBD\bak\KBD.EXE
----a-w 410,624 2008-01-01 15:24:55 C:\hp\KBD\KBD.EXE
----a-w 315,392 2003-01-25 01:00:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
----a-w 131,072 2002-11-27 01:14:24 C:\Program Files\Coloreal\bak\coloreal.exe
----a-w 131,072 2008-01-04 20:44:16 C:\Program Files\Coloreal\coloreal.exe
----a-w 151,597 2003-01-24 15:27:36 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 151,597 2008-01-04 18:01:38 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
----a-w 54,976 2002-11-15 10:29:06 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 59,072 2002-11-15 10:29:48 C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe
----a-w 6,731,312 2007-09-05 19:24:34 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe
----a-w 1,511,453 2002-08-21 06:08:38 C:\Program Files\Messenger\bak\msmsgs.exe
----a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\msmsgs.exe
----a-w 476,792 2002-11-15 15:08:08 C:\Program Files\Norton AntiVirus\bak\Cfgwiz.exe
----a-w 1,318,912 2007-06-21 18:06:28 C:\Program Files\SUPERAntiSpyware\bak\SUPERAntiSpyware.exe
----a-w 1,318,912 2008-01-04 20:44:23 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
----a-w 155,648 2002-06-18 15:01:00 C:\Program Files\VERITAS Software\Update Manager\bak\sgtray.exe
----a-w 155,648 2008-01-01 17:39:16 C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
----a-w 90,112 2000-05-11 05:00:00 C:\WINDOWS\bak\UpdReg.EXE
----a-w 440,832 2008-01-01 15:24:59 C:\WINDOWS\UpdReg.EXE
----a-w 212,992 2002-09-14 05:42:26 C:\WINDOWS\SMINST\bak\RECGUARD.EXE
----a-w 212,992 2002-09-14 05:42:26 C:\WINDOWS\SMINST\Recguard.exe
----a-w 182 2007-09-25 19:38:12 C:\WINDOWS\system\bak\hpsysdrv.DAT
----a-w 245 2008-01-01 15:19:47 C:\WINDOWS\system\hpsysdrv.dat
----a-w 52,736 1998-05-08 00:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe
----a-w 401,920 2008-01-01 15:24:54 C:\WINDOWS\system\hpsysdrv.exe
----a-w 114,688 2002-10-16 14:05:58 C:\WINDOWS\system32\bak\hkcmd.exe
----a-w 114,688 2008-01-04 20:44:15 C:\WINDOWS\system32\hkcmd.exe
----a-w 81,920 2002-08-01 03:28:38 C:\WINDOWS\system32\bak\ps2.exe
----a-w 431,104 2008-01-01 15:25:00 C:\WINDOWS\system32\ps2.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-04 15:44 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2008-01-04 15:44 114688]
"WCOLOREAL"="C:\Program Files\Coloreal\coloreal.exe" [2008-01-04 15:44 131072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-04 15:44 267048]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-08 07:33:12 124400]
HPAiODevice(hp officejet v series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe [2002-04-25 18:43:32 487487]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"=
S3 msCMTSrvc;Content Monitoring Tool;C:\WINDOWS\system32\msCMTSrvc.exe [2002-03-27 06:42]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 20:17:15 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-02-22 23:28:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-12 08:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot .ex
- C:\Program Files\SpywareBot
"2007-08-12 23:45:09 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-23 11:06:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-23 11:07:18
ComboFix-quarantined-files.txt 2008-02-23 16:07:03
ComboFix2.txt 2008-02-22 13:22:14
ComboFix3.txt 2008-01-04 21:43:55
.
2008-02-14 03:14:13 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09, on 2008-02-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 4498 bytes