ComboFix 08-04-27.2 - Shannon Healy 2008-04-28 7:27:22.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.438 [GMT -4:00]
Running from: C:\Documents and Settings\Shannon Healy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shannon Healy\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ca4512c83f5e7a82508302
C:\ca4512c83f5e7a82508302\$shtdwn$.req
C:\ca4512c83f5e7a82508302\mrt.exe
C:\ca4512c83f5e7a82508302\mrtstub.exe
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\createtimes.cache
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\fileurns.bak
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\fileurns.cache
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\filters.props
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\installation.props
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\library.dat
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\limewire.props
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\mojito.props
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\questions.props
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\simpp.xml
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\tables.props
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme.lwtp
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\01_star.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\02_star.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\03_star.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\04_star.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\05_star.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\chat.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\forward_up.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\kill.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\kill_on.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\logo.png
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\notsearching.png
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\pause_up.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\play_dn.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\play_up.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\question.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\searching.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\stop_up.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\theme.txt
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\version.txt
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\warning.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\version.xml
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\xml\data\audio.sxml
C:\Program Files\LimeWire
C:\Program Files\LimeWire\aopalliance.jar.tmp
C:\Program Files\LimeWire\clink.jar.tmp
C:\Program Files\LimeWire\commons-httpclient.jar.tmp
C:\Program Files\LimeWire\commons-logging.jar.tmp
C:\Program Files\LimeWire\commons-net.jar.tmp
C:\Program Files\LimeWire\commons-pool.jar.tmp
C:\Program Files\LimeWire\daap.jar.tmp
C:\Program Files\LimeWire\forms.jar.tmp
C:\Program Files\LimeWire\foxtrot.jar.tmp
C:\Program Files\LimeWire\gettext-commons.jar.tmp
C:\Program Files\LimeWire\guice-1.0.jar.tmp
C:\Program Files\LimeWire\httpcore-nio.jar.tmp
C:\Program Files\LimeWire\httpcore.jar.tmp
C:\Program Files\LimeWire\icu4j.jar.tmp
C:\Program Files\LimeWire\id3v2.jar.tmp
C:\Program Files\LimeWire\jcraft.jar.tmp
C:\Program Files\LimeWire\jdic.jar.tmp
C:\Program Files\LimeWire\jdic_stub.jar.tmp
C:\Program Files\LimeWire\jflac.jar.tmp
C:\Program Files\LimeWire\jl.jar.tmp
C:\Program Files\LimeWire\jmdns.jar.tmp
C:\Program Files\LimeWire\jogg.jar.tmp
C:\Program Files\LimeWire\jorbis.jar.tmp
C:\Program Files\LimeWire\lib\aopalliance.jar
C:\Program Files\LimeWire\lib\clink.jar
C:\Program Files\LimeWire\lib\commons-httpclient.jar
C:\Program Files\LimeWire\lib\commons-logging.jar
C:\Program Files\LimeWire\lib\commons-net.jar
C:\Program Files\LimeWire\lib\commons-pool.jar
C:\Program Files\LimeWire\lib\daap.jar
C:\Program Files\LimeWire\lib\forms.jar
C:\Program Files\LimeWire\lib\foxtrot.jar
C:\Program Files\LimeWire\lib\gettext-commons.jar
C:\Program Files\LimeWire\lib\guice-1.0.jar
C:\Program Files\LimeWire\lib\httpcore-nio.jar
C:\Program Files\LimeWire\lib\httpcore.jar
C:\Program Files\LimeWire\lib\icu4j.jar
C:\Program Files\LimeWire\lib\id3v2.jar
C:\Program Files\LimeWire\lib\jcraft.jar
C:\Program Files\LimeWire\lib\jdic.dll
C:\Program Files\LimeWire\lib\jdic.jar
C:\Program Files\LimeWire\lib\jdic_stub.jar
C:\Program Files\LimeWire\lib\jflac.jar
C:\Program Files\LimeWire\lib\jl.jar
C:\Program Files\LimeWire\lib\jmdns.jar
C:\Program Files\LimeWire\lib\jogg.jar
C:\Program Files\LimeWire\lib\jorbis.jar
C:\Program Files\LimeWire\lib\LimeWire.jar
C:\Program Files\LimeWire\lib\log4j.jar
C:\Program Files\LimeWire\lib\looks.jar
C:\Program Files\LimeWire\lib\messages.jar
C:\Program Files\LimeWire\lib\mp3spi.jar
C:\Program Files\LimeWire\lib\ProgressTabs.jar
C:\Program Files\LimeWire\lib\swt.jar
C:\Program Files\LimeWire\lib\SystemUtilities.dll
C:\Program Files\LimeWire\lib\themes.jar
C:\Program Files\LimeWire\lib\tray.dll
C:\Program Files\LimeWire\lib\tritonus.jar
C:\Program Files\LimeWire\lib\vorbisspi.jar
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\LimeWire\LimeWire.jar.tmp
C:\Program Files\LimeWire\log4j.jar.tmp
C:\Program Files\LimeWire\looks.jar.tmp
C:\Program Files\LimeWire\messages.jar.tmp
C:\Program Files\LimeWire\mp3spi.jar.tmp
C:\Program Files\LimeWire\ProgressTabs.jar.tmp
C:\Program Files\LimeWire\swt.jar.tmp
C:\Program Files\LimeWire\themes.jar.tmp
C:\Program Files\LimeWire\tritonus.jar.tmp
C:\Program Files\LimeWire\vorbisspi.jar.tmp
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.
2008-04-21 17:51 . 2008-04-21 17:51 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 17:51 . 2008-04-21 17:51 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-21 17:51 . 2008-04-21 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-21 17:44 . 2008-04-21 17:44 <DIR> d-------- C:\Deckard
2008-04-20 12:07 . 2008-04-20 12:07 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-20 12:05 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-09 16:38 . 2008-04-09 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-09 16:30 . 2008-04-09 16:31 <DIR> d-------- C:\Program Files\Hijack
2008-04-08 20:02 . 2008-04-08 20:02 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-08 20:01 . 2008-04-08 20:03 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-08 18:20 . 2008-04-08 18:20 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-08 17:46 . 2005-02-16 11:06 218,112 --a------ C:\Program Files\HijackThis.exe
2008-04-08 17:25 . 2008-04-08 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-08 17:08 . 2008-04-08 17:08 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-08 17:08 . 2008-04-08 17:09 <DIR> d-------- C:\Program Files\CCleaner
2008-04-08 17:07 . 2008-04-08 18:05 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-04-08 17:03 . 2008-04-20 11:31 3,756 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-08 16:28 . 2008-04-08 16:31 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-06 15:04 . 2008-04-06 15:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 15:04 . 2008-04-06 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 12:14 . 2008-04-06 13:17 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-06 12:14 . 2008-04-06 13:17 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 17:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-21 11:09 --------- d-----w C:\Documents and Settings\Shannon Healy\Application Data\WTablet
2008-04-20 16:05 --------- d-----w C:\Program Files\Java
2008-04-20 15:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-04-08 22:08 --------- d-----w C:\Program Files\HP
2008-04-08 22:08 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-08 21:46 13,739 ----a-w C:\Program Files\hijackthis.log
2008-04-06 17:44 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-06 17:17 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-06 17:17 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-06 17:17 --------- d-----w C:\Program Files\Symantec
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2006-07-07 20:16 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot_2008-04-14_ 6.56.38.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 10:44:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-21 11:08:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-11-10 19:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-25 05:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 19:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 05:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 21:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 06:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-03-25 00:21:00 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 00:21:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-04-14 10:49:33 54,010 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-21 11:13:00 54,010 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-14 10:49:33 383,822 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-21 11:13:00 383,822 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 14:34 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-02 19:25 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-02 19:22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-02 19:26 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-22 15:55 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [2005-10-20 10:15 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 03:04 761945]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 12:30 503808]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 17:22 53096]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 15:39 94208]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 14:56 409600]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-05-18 14:29 233534]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 14:23 1187840]
"HostManager"="C:\Program Files\Common Files\AOL\1152635987\ee\AOLHostManager.exe" [2005-08-02 15:33 159832]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"zango"="c:\program files\zango\zango.exe" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 05:39:30 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1152635987\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 15:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 14:30]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-25 16:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-08 01:00:26 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Shannon Healy.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 07:30:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????q????|?`???? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-28 7:32:57
ComboFix-quarantined-files.txt 2008-04-28 11:32:53
ComboFix2.txt 2008-04-20 15:26:29
ComboFix3.txt 2008-04-14 10:56:59
ComboFix4.txt 2008-04-08 23:02:08
ComboFix5.txt 2008-04-08 21:58:09
Pre-Run: 37,671,854,080 bytes free
Post-Run: 37,908,369,408 bytes free
270 --- E O F --- 2008-04-09 00:03:39