the combofix log
ComboFix 08-03-17.1 - Owner 2008-03-18 21:49:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.949.1.1033.18.293 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\Comp stuff\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\Comp stuff\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\system32\acloptdv.dll
C:\WINDOWS\system32\hxabcsum.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Mozilla Firefox\SmitfraudFix\
C:\Program Files\Mozilla Firefox\SmitfraudFix\\dumphive.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\exit.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\GenericRenosFix.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\HostsChk.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\Process.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\Reboot.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\restart.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\SmitfraudFix.cmd
C:\Program Files\Mozilla Firefox\SmitfraudFix\\SmiUpdate.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\SrchSTS.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\swreg.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\swsc.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\swxcacls.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\unzip.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\VCCLSID.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\WS2Fix.exe
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\system32\acloptdv.dll
C:\WINDOWS\system32\hxabcsum.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.
2008-03-18 19:32 . 2008-03-18 19:32 248 --a------ C:\WINDOWS\RomeTW.ini
2008-03-18 17:38 . 2008-03-18 17:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-18 17:38 . 2008-03-18 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-18 13:37 . 2008-03-18 13:37 <DIR> d-------- C:\Program Files\AIDA32 - Network System Information
2008-03-16 22:28 . 2008-03-16 22:28 <DIR> d-------- C:\Program Files\Activision
2008-03-14 19:45 . 2008-03-14 19:45 <DIR> d-------- C:\Program Files\Cat Daddy Games
2008-03-09 18:17 . 2008-03-10 11:22 <DIR> d-------- C:\Program Files\Playboy - The Mansion
2008-03-09 00:08 . 2008-03-14 19:42 <DIR> d-------- C:\Program Files\Political Tycoon
2008-03-05 23:21 . 2008-03-05 23:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\WeatherDPA
2008-03-05 23:21 . 2008-03-17 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZangoSA
2008-03-05 23:21 . 2008-03-05 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2008-03-04 00:38 . 2008-03-04 00:38 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\OZ Intermedia
2008-03-04 00:38 . 2008-03-04 00:38 80 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-03-04 00:37 . 2008-03-04 00:37 0 --a------ C:\WINDOWS\OZ.dat
2008-03-02 05:03 . 2008-03-04 00:45 <DIR> d-------- C:\Program Files\OZ Intermedia
2008-03-02 03:26 . 2007-10-12 16:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-02 03:26 . 2007-07-19 19:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-03-02 03:26 . 2007-10-12 16:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-02 03:26 . 2007-07-19 19:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-03-02 03:26 . 2007-10-02 10:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-02 03:26 . 2007-07-19 19:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-03-02 03:26 . 2007-10-22 04:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-02 03:26 . 2007-07-20 01:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-03-02 03:25 . 2008-03-02 03:25 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-03-02 03:25 . 2007-05-16 17:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-03-02 03:25 . 2007-05-16 17:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-03-02 03:25 . 2007-05-16 17:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-03-02 03:25 . 2007-06-20 21:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-03-02 03:25 . 2007-10-22 04:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-03-02 03:21 . 2008-03-02 03:21 <DIR> d-------- C:\Program Files\RedlightCenter
2008-03-01 23:55 . 2008-03-01 23:55 <DIR> d-------- C:\Program Files\SignGATE
2008-03-01 23:55 . 2003-07-09 16:22 94,208 --a------ C:\WINDOWS\system32\sgkey.dll
2008-03-01 23:55 . 2003-04-18 17:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-03-01 23:55 . 2003-07-09 16:22 73,728 --a------ C:\WINDOWS\system32\securek08.dll
2008-03-01 23:55 . 2003-08-21 10:40 61,440 --a------ C:\WINDOWS\system32\sgcard.dll
2008-03-01 23:55 . 2003-07-09 16:22 49,152 --a------ C:\WINDOWS\system32\sgmagerkey.dll
2008-03-01 23:55 . 2003-04-18 17:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-03-01 23:55 . 2003-07-09 16:22 21,990 --a------ C:\WINDOWS\system32\drivers\securkey.sys
2008-03-01 23:55 . 2003-07-09 16:22 20,780 --a------ C:\WINDOWS\system32\drivers\MagerKey.sys
2008-03-01 23:29 . 2008-03-02 00:33 300 --a------ C:\WINDOWS\system32\hancmd.enc
2008-03-01 23:28 . 2008-03-01 23:29 <DIR> d--h----- C:\Documents and Settings\Owner\Application Data\Hangame
2008-03-01 23:27 . 2007-03-22 14:32 956,112 --a------ C:\WINDOWS\system32\HanWebMsg1050.dll
2008-03-01 23:21 . 2007-07-26 18:28 1,314,901 --a------ C:\WINDOWS\system32\SCSK4.ocx
2008-03-01 23:21 . 2007-07-21 01:07 931,480 --a------ C:\WINDOWS\system32\SCSKAppLink.dll
2008-03-01 23:21 . 2008-03-01 23:31 169,109 --a------ C:\WINDOWS\system32\drivers\scskusbs.sys
2008-03-01 23:21 . 2007-07-13 18:16 128,488 --a------ C:\WINDOWS\system32\HGReport.dll
2008-03-01 23:21 . 2007-11-16 17:14 40,640 --a------ C:\WINDOWS\system32\HanGamePlugin19.dll
2008-03-01 23:21 . 2008-03-01 23:21 28,672 --a------ C:\WINDOWS\system32\UnSCSK.exe
2008-03-01 23:21 . 2008-03-01 23:31 11,385 --a------ C:\WINDOWS\system32\drivers\scskusbf.sys
2008-02-28 03:58 . 2008-02-28 03:58 1,536,000 -ra------ C:\WINDOWS\system32\clubbox.exe
2008-02-28 03:57 . 2008-02-28 03:57 155,648 -ra------ C:\WINDOWS\system32\downengine.dll
2008-02-25 09:24 . 2008-02-25 09:24 159,744 -ra------ C:\WINDOWS\system32\fscagent.exe
2008-02-23 07:12 . 2008-02-23 07:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\fltk.org
2008-02-19 03:15 . 2008-02-19 03:15 <DIR> d-------- C:\Program Files\Microsoft Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 04:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-03-19 04:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-03-19 03:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\Xfire
2008-03-19 02:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 20:46 --------- d-----w C:\Program Files\I-MEPS
2008-03-18 17:11 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-10 01:19 --------- d-----w C:\Program Files\Warcraft III
2008-03-07 17:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-03-05 21:30 --------- d-----w C:\Program Files\Starcraft
2008-03-02 11:48 --------- d-----w C:\Program Files\PandoraTVMini
2008-02-24 22:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
2008-02-19 03:32 --------- d-----w C:\Program Files\AOL Search
2008-02-19 03:32 --------- d-----w C:\Program Files\AIM6
2008-02-19 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-19 03:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-16 04:05 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-02-09 14:13 --------- d-----w C:\Program Files\Firaxis Games
2008-02-09 07:11 --------- d-----w C:\Program Files\Lionhead Studios Ltd
2008-02-09 00:25 --------- d-----w C:\Program Files\Xfire
2008-02-09 00:23 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-02-08 06:24 --------- d-----w C:\Program Files\NHN USA
2008-02-08 06:13 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-02-07 03:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lionhead Studios
2008-02-06 08:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\NHN Corporation
2008-02-06 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-02-04 21:04 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-02-03 01:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\Nexon
2008-01-30 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-29 22:40 --------- d-----w C:\Program Files\Brain Booster
2008-01-26 03:11 --------- d-----w C:\Program Files\AhnLab
2008-01-24 22:27 73,728 ----a-w C:\WINDOWS\system32\kdfapi.dll
2008-01-24 22:27 47,104 ----a-w C:\WINDOWS\system32\Kdfhok.dll
2008-01-24 22:27 159,744 ----a-w C:\WINDOWS\system32\kdfmgr.exe
2008-01-21 22:57 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-21 07:20 6,631 ----a-w C:\WINDOWS\system32\drivers\CDSpace5.cfg
2008-01-21 07:14 --------- d-----w C:\Program Files\DNA
2008-01-21 07:14 --------- d-----w C:\Program Files\BitTorrent
2008-01-16 23:25 679,936 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2008-01-06 12:03 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-26 23:06 308,760 ----a-w C:\WINDOWS\system32\NaverFDL.exe
2007-12-26 09:31 423,299 ----a-w C:\Program Files\BLEEDUS.SAV
2007-12-26 06:59 10,834 ---ha-w C:\Program Files\BLEEDUS.GID
2003-12-03 00:35 2,154,880 ------w C:\Program Files\ISF
2003-12-02 17:19 600 ------w C:\Program Files\BLEEDUS.CNT
2003-12-02 16:21 1,023,432 ------w C:\Program Files\BLEEDUS.HLP
2003-11-27 16:19 244,046,160 ------w C:\Program Files\GGD
2003-11-26 20:57 1,420,143 ------w C:\Program Files\BLEEDUS.EXE
2003-11-18 17:26 85 ------w C:\Program Files\BLEEDUS.SUF
2003-11-17 17:59 800,030 ------w C:\Program Files\MIDI
2003-11-17 17:59 352,974 ------w C:\Program Files\WMSC
2003-11-17 17:59 18,118 ------w C:\Program Files\DATA
2003-11-17 17:59 11,444,942 ------w C:\Program Files\SE
2003-11-17 17:58 179,246,838 ------w C:\Program Files\VOICE
2004-08-03 15:56 134,019 --sha-w C:\WINDOWS\system32\ProxyM.dll
2007-11-11 07:21 342,048 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
.
------- Sigcheck -------
2004-08-03 08:56 14336 bfee9f0b9c68f33c2966d528cba0afc7 C:\WINDOWS\system32\svchost.exe
2004-08-03 08:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-18 10:11 1481968]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 15:29 165784]
"Aim6"="" []
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-17 20:18 287040]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 11:11 3497984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-08-06 11:25:14 2713936]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
LCDPlayer.lnk - C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe [2000-01-18 03:59:36 323584]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 08:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 11:32 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 11:36 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 11:35 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 06:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 06:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 06:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 14:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 11:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\fscagent.exe"=
"C:\\WINDOWS\\system32\\clubbox.exe"=
"C:\\WINDOWS\\system32\\pdrtvsvr.exe"=
"C:\\WINDOWS\\system32\\grdmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Freechal\\Fileguri\\FileguriMain.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\PandoraTVMini\\MiniWB.exe"=
"C:\\Program Files\\PandoraTVMini\\MiniUpdate.exe"=
"C:\\Program Files\\Pandora.TV\\MiniLite\\MiniLite.exe"= C:\\Program Files\\pandora.tv\\minilite\\MiniLite.exe
"C:\\Program Files\\pandora.tv\\minilite\\MiniStream.exe"=
"C:\\Program Files\\PandoraTVMini\\addon\\LIVE\\VimViewer\\LiveRelay.exe"=
"C:\\Program Files\\PandoraTVMini\\addon\\LIVE\\VimViewer\\VimViewer.dll"=
"C:\\Program Files\\DNA\\btdna.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"29101:TCP"= 29101:TCP:파일전송 데몬
"21378:TCP"= 21378:TCP:BitComet 21378 TCP
"21378:UDP"= 21378:UDP:BitComet 21378 UDP
R1 XSPACEWG;XSPACEWG;C:\WINDOWS\system32\drivers\XSpaceWg.sys [2003-05-20 18:26]
R2 npkcmsvc;npkcmsvc;C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 13:33]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys [2005-01-20 15:37]
R3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys [2003-04-23 16:39]
S3 ezty2;ezty2;C:\WINDOWS\system32\ezty2.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Owner\Desktop\HackPack\asdf\IlvMoney1129.sys []
S3 pcwe;pcwe;C:\Program Files\PC Wizard 2006\pcw86-32.sys []
S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2008-03-01 23:31]
S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2008-03-01 23:31]
S3 VIROBOT;VIROBOT;C:\WINDOWS\system32\VIROBOT.SYS []
S3 XDva076;XDva076;C:\WINDOWS\system32\XDva076.sys []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Evilotus
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-18 21:50:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-18 21:51:30
ComboFix-quarantined-files.txt 2008-03-19 04:51:22
ComboFix2.txt 2008-03-19 04:19:35
.
2008-03-12 18:01:42 --- E O F ---
and the Hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 9:52:51, on 2008-03-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: LCDPlayer.lnk = C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) -
http://download.netm...NMStarter25.cabO16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) -
http://www.clubbox.c.../NowStarter.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {18709344-7656-46BA-96BD-ADC785B60EC7} (NamoWeCtl 6.0 for sjnamo_BrainUP) -
http://www.brainon.c...Wec/NamoWec.cabO16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) -
http://www.crezio.co...On/AlwaysOn.CABO16 - DPF: {386EDCD0-72B4-42F4-9942-049B8A92FC48} (FgAddOn Control) -
http://down.fileguri.com/FgAddOn.cabO16 - DPF: {522062F6-F635-486A-9ADD-8E12CF0A34D9} (EZYNKCtrl Class) -
http://www.ezf.co.kr...YNK_Control.cabO16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) -
http://avatar.mabino...eb.2007.4.4.cabO16 - DPF: {8218BB3D-2D62-4719-B6EC-FEBE7A079CBD} (PanLoader Class) -
http://imgcdn.pandor...2/FirstLoad.cabO16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) -
http://download.netm...tX/NMTransX.cabO16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) -
http://cafeimg.hanma...ersion=1,0,0,10O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) -
http://file.naver.co...x/NaverFile.cabO16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) -
http://ahnlabdownloa...cab/mkdplus.cabO16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) -
http://download.netm...kdfense8237.cabO16 - DPF: {BFBC3059-9C61-5BA1-2075-85C8B6ECFC07} ({BFBC3059-9C61-5BA1-2075-85C8B6ECFC07}) -
http://mabinogi.or.tp/etc/mwfre.2.cabO16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) -
http://cdn.hangame.c...anSetup1010.cabO16 - DPF: {DB1009C9-9555-43D5-97A6-02A844332146} (WebLauncher Control) -
http://202.9.107.13/...WebLauncher.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6017 bytes