ComboFix 08-07-21.2 - Sarah 2008-07-23 9:51:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512 [GMT 10:00]
Running from: C:\Documents and Settings\Sarah\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sarah\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
.
((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.
2008-07-23 00:46 . 2008-07-23 00:46 16,128,512 --a------ C:\WINDOWS\RTHDCPL.exe.kav
2008-07-23 00:46 . 2008-07-23 00:46 388,608 --a------ C:\WINDOWS\system32\CF3696.exe.kav
2008-07-23 00:46 . 2008-07-23 00:46 289,792 --a------ C:\WINDOWS\system32\vssvc.exe.kav
2008-07-22 23:55 . 2008-07-23 09:50 1,080 --ahs---- C:\WINDOWS\klif.spi
2008-07-22 23:20 . 2008-07-22 23:20 152,159 --a------ C:\WINDOWS\system32\g0.exe
2008-07-22 23:06 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-22 22:26 . 2008-07-22 22:26 90,922 --a------ C:\WINDOWS\system32\dbkxksakiuslmbp.dll-uninst.exe
2008-07-22 22:19 . 2008-07-22 22:19 <DIR> d-------- C:\WINDOWS\system32\wnet
2008-07-22 22:19 . 2008-07-22 22:19 <DIR> d-------- C:\WINDOWS\system32\vdf1
2008-07-22 22:19 . 2008-07-22 22:19 <DIR> d-------- C:\WINDOWS\system32\confg
2008-07-22 22:19 . 2008-07-22 22:19 <DIR> d-------- C:\WINDOWS\system32\carH04
2008-07-22 22:19 . 2008-07-22 22:19 <DIR> d-------- C:\Temp\btxv15
2008-07-22 22:19 . 2008-07-23 00:41 <DIR> d-------- C:\Temp
2008-07-22 22:19 . 2008-07-22 22:19 64,841 --a------ C:\WINDOWS\system32\entaddmlggaoim.exe
2008-07-22 19:40 . 2008-07-23 01:00 38,912 --a------ C:\WINDOWS\system32\1RcNmqyH.exe
2008-07-22 00:02 . 2008-07-22 00:21 <DIR> d-------- C:\Program Files\Proxy Switcher Standard
2008-07-20 22:42 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-07-20 22:42 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-07-20 13:35 . 2008-07-20 13:35 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\WNR
2008-07-15 07:30 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-15 07:30 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-15 07:26 . 2004-06-15 15:00 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL
2008-07-15 07:26 . 2004-06-15 15:00 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL
2008-07-15 07:25 . 2004-06-05 01:34 86,016 -ra------ C:\WINDOWS\system32\CNMCP61.exe
2008-07-15 07:23 . 2008-07-15 07:23 <DIR> d--h----- C:\BJPrinter
2008-07-11 09:26 . 2008-07-11 09:26 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-11 09:26 . 2008-07-11 09:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-11 03:50 . 2008-07-22 00:42 <DIR> d-------- C:\Program Files\uTorrent
2008-07-11 03:50 . 2008-07-22 00:28 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\uTorrent
2008-07-08 15:59 . 2008-07-19 17:39 <DIR> d-------- C:\Program Files\Cheat Engine
2008-07-08 15:59 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-07-08 15:59 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-07-08 14:18 . 2008-07-11 03:42 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Hamachi
2008-07-08 14:17 . 2008-07-08 14:18 <DIR> d-------- C:\Program Files\Hamachi
2008-07-08 14:17 . 2008-07-08 14:17 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-07-08 13:10 . 2008-07-21 15:45 19,456 --a------ C:\WINDOWS\system32\h0Y2JNV8.dll
2008-07-08 12:58 . 2008-07-08 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-07-08 12:56 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-07-08 12:56 . 2004-08-04 00:56 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2008-07-08 12:56 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-07-08 12:56 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-07-08 12:56 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-07-08 12:56 . 2004-08-03 23:10 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2008-07-08 12:56 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-07-08 12:56 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-07-08 12:55 . 2008-07-08 12:55 <DIR> d-------- C:\Program Files\IVT Corporation
2008-07-08 12:54 . 2008-07-08 12:54 <DIR> d-------- C:\Program Files\NCH Software
2008-07-08 12:52 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-07-08 12:51 . 2008-07-08 12:51 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-07-08 12:51 . 2008-07-08 12:51 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\NCH Swift Sound
2008-07-07 00:26 . 2008-07-07 00:26 <DIR> d-------- C:\Program Files\Netropa
2008-07-07 00:26 . 2000-06-08 03:09 28,672 --a------ C:\WINDOWS\system32\msiosd32.dll
2008-07-07 00:26 . 2001-12-20 10:02 6,656 --a------ C:\WINDOWS\system32\drivers\Msikbd2k.sys
2008-07-07 00:26 . 2008-07-23 09:52 245 --a------ C:\WINDOWS\MSIOSD.INI
2008-07-07 00:26 . 2008-07-07 00:26 0 --a------ C:\WINDOWS\WININIT.INI
2008-07-07 00:25 . 2008-07-07 00:25 <DIR> d-------- C:\Program Files\NASDAK
2008-07-07 00:25 . 2000-05-10 15:29 6,205 --a------ C:\WINDOWS\system32\LWBHMVXD.VXD
2008-07-07 00:00 . 2008-07-07 00:00 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-06 23:43 . 2008-07-06 23:43 <DIR> d-------- C:\Program Files\COMODO
2008-07-06 23:43 . 2008-07-06 23:43 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Comodo
2008-07-06 23:43 . 2008-07-08 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-07-06 23:43 . 2008-07-06 23:43 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-07-06 23:43 . 2008-07-06 23:43 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-07-06 23:43 . 2008-07-06 23:43 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-06 23:34 . 2008-07-06 23:34 <DIR> d-------- C:\Program Files\BigPond
2008-07-06 22:43 . 2008-07-11 21:34 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-06 22:43 . 2008-07-11 21:34 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-06 22:42 . 2008-07-06 22:42 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-06 22:42 . 2008-07-23 00:56 2,283,040 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-06 22:42 . 2008-07-23 09:52 507,936 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-06 22:42 . 2008-07-23 00:56 19,964 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-06 22:42 . 2008-07-23 09:52 3,864 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-06 22:40 . 2008-07-06 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-06 19:12 . 2008-07-20 17:28 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\LimeWire
2008-07-06 14:21 . 2008-07-06 14:21 <DIR> d-------- C:\WINDOWS\Sun
2008-07-06 14:16 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-06 14:15 . 2008-07-06 14:16 <DIR> d-------- C:\Program Files\Java
2008-07-06 14:13 . 2008-07-06 14:13 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-06 14:11 . 2008-07-12 19:42 <DIR> d-------- C:\Program Files\LimeWire
2008-07-05 17:13 . 2008-04-23 14:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-05 17:13 . 2007-04-17 19:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-05 17:13 . 2007-03-08 15:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-05 17:13 . 2008-04-23 14:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-05 17:13 . 2008-04-23 14:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-05 17:13 . 2008-04-23 14:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-05 17:13 . 2008-04-23 14:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-05 17:13 . 2008-04-23 14:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-05 17:13 . 2008-04-22 17:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-05 14:20 . 2008-07-05 14:20 0 --a------ C:\WINDOWS\system32\1RcNmqyH.exe.a_a
2008-07-05 11:31 . 2008-07-13 22:40 <DIR> d-------- C:\Documents and Settings\Sarah\Contacts
2008-07-05 11:15 . 2008-07-05 11:15 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-05 11:03 . 2008-07-05 16:45 <DIR> d-------- C:\WINDOWS\ie8updates
2008-07-05 10:42 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-05 10:42 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-05 10:42 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-05 10:40 . 2008-07-05 10:40 268 --ah----- C:\sqmdata01.sqm
2008-07-05 10:40 . 2008-07-05 10:40 244 --ah----- C:\sqmnoopt01.sqm
2008-07-05 02:37 . 2008-07-05 02:37 268 --ah----- C:\sqmdata00.sqm
2008-07-05 02:37 . 2008-07-05 02:37 244 --ah----- C:\sqmnoopt00.sqm
2008-07-05 02:32 . 2008-07-05 02:35 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-05 02:31 . 2008-07-05 02:36 <DIR> d-------- C:\Program Files\Windows Live
2008-07-05 02:31 . 2008-07-05 02:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 00:45 . 2008-07-04 00:45 364,544 --a------ C:\WINDOWS\system32\dbkxksakiuslmbp.dll
2008-07-04 00:11 . 2008-07-04 00:11 <DIR> d-------- C:\Deckard
2008-07-03 22:20 . 2008-07-03 22:20 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-03 22:20 . 2008-07-23 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-03 19:42 . 2008-07-20 05:31 <DIR> d-------- C:\Program Files\Paint Shop Pro 6
2008-07-03 19:42 . 1999-08-13 06:00 317,952 --a------ C:\WINDOWS\system32\Roboex32.dll
2008-07-03 19:42 . 1999-06-23 11:46 54,272 --a------ C:\WINDOWS\system32\Serial.ocx
2008-07-03 19:42 . 1999-06-23 11:46 53,760 --a------ C:\WINDOWS\system32\Infrared.ocx
2008-07-03 19:42 . 1999-06-23 11:46 51,712 --a------ C:\WINDOWS\system32\USB.ocx
2008-07-03 19:42 . 1999-08-13 06:00 47,104 --a------ C:\WINDOWS\system32\Wh2Robo.dll
2008-07-03 18:30 . 2008-06-13 23:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-03 18:30 . 2008-06-13 23:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-03 18:21 . 2008-07-03 18:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-03 18:19 . 2008-07-06 14:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-03 18:19 . 2008-07-03 18:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-03 18:19 . 2008-07-03 18:19 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\SUPERAntiSpyware.com
2008-07-03 18:19 . 2008-07-03 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-03 18:18 . 2008-07-22 23:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-03 18:18 . 2008-07-03 18:18 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-03 18:18 . 2008-07-03 18:18 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Malwarebytes
2008-07-03 18:18 . 2008-07-03 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 18:18 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-03 17:50 . 2008-07-03 17:50 <DIR> d-------- C:\d8b53d83b0c7c5ebb3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 14:46 23,552 ----a-w C:\WINDOWS\system32\sort.exe
2008-07-10 23:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-06 14:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 14:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-03 06:45 --------- d-----w C:\Program Files\Intel
2008-07-03 06:41 --------- d-----w C:\Program Files\Realtek
2008-07-03 06:40 327,680 ----a-w C:\WINDOWS\HideWin.exe
2008-07-03 06:31 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-25 08:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
------- Sigcheck -------
2008-04-14 10:12 26112 80e366761caa8338bc2f4056780d6765 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\ctfmon.exe
2004-08-04 22:00 26112 67d7c7e1cc9979d54d063c1a67858d38 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 22:00 26112 93f965ab17e83f1284147f0c4e724612 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-07-23_ 0.51.31.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-06-26 12:10:26 328,192 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2008-07-22 14:59:18 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2006-10-12 11:09:53 267,264 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2000-08-30 22:00:00 41,472 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-30 22:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-07-03 07:16:47 44,096 ----a-w C:\WINDOWS\system32\3Tj00v3Q.exe
+ 2008-07-22 15:00:01 33,280 ----a-w C:\WINDOWS\system32\3Tj00v3Q.exe
- 2004-08-04 12:00:00 98,304 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2004-08-04 12:00:00 143,360 ----a-w C:\WINDOWS\system32\cscript.exe
- 2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\fltmc.exe
+ 2006-08-21 09:14:58 33,792 ----a-w C:\WINDOWS\system32\fltmc.exe
- 2008-04-22 07:39:58 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 81,408 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 24,576 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2005-05-10 23:45:48 75,776 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2005-05-10 23:45:48 86,528 ----a-w C:\WINDOWS\system32\telnet.exe
- 2004-08-04 12:00:00 240,128 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
+ 2004-08-04 12:00:00 250,880 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
- 2000-08-30 22:00:00 65,092 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-30 22:00:00 97,860 ----a-w C:\WINDOWS\VFind.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d7d80ab-7333-21e7-82ba-bed96a50c916}]
2008-07-04 00:45 364544 --a------ C:\WINDOWS\system32\dbkxksakiuslmbp.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 26112]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"PSwitch"="C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe" [2008-07-23 00:46 1303552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-05 23:11 98304]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-05 23:10 204800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"LWBMOUSE"="C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE" [2001-11-09 16:47 399872]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-06-04 01:32 163840]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 17:28 16139264 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 19:22 1835008 C:\WINDOWS\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 22:00 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 26112]
C:\Documents and Settings\Sarah\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-06 14:06 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-06 14:06 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^Sarah^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Documents and Settings\Sarah\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2008-07-06 23:43 1655552 C:\Program Files\COMODO\Firewall\cfp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-07-22 23:56 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-07-06 14:06 1518832 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\english\\setup.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-06 23:43]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-06 23:43]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 10:02]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 07:41]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 20:33]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 DBKDRVR54;DBKDRVR54;C:\Program Files\Cheat Engine\dbk32.sys [2007-12-27 05:45]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 14:37:01 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-21 23:00:01 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 00:00:01 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 01:00:01 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 02:00:01 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 03:00:01 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 04:00:02 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 05:00:01 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 06:00:02 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 07:00:02 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 08:00:02 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 15:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 09:00:01 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 10:00:01 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 11:00:02 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 12:00:02 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 13:00:02 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 14:46:07 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-22 15:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-21 16:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-21 17:00:00 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-21 18:00:00 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-21 16:00:03 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-21 19:00:00 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-21 20:00:00 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-21 21:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-21 22:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-21 23:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-22 00:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-22 01:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-22 02:00:00 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-22 03:00:00 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-22 04:00:00 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-21 17:00:02 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-22 05:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-22 06:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-22 07:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-22 08:00:00 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-22 09:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-22 10:00:10 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-22 11:00:10 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-22 12:00:10 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-22 13:54:48 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\1RcNmqyH.exe
"2008-07-21 18:00:01 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-21 19:00:01 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-21 20:00:01 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-21 21:00:03 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
"2008-07-21 22:00:02 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\3Tj00v3Q.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-23 09:52:42
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-23 9:54:21
ComboFix-quarantined-files.txt 2008-07-22 23:54:02
ComboFix2.txt 2008-07-22 14:52:05
Pre-Run: 56,284,135,424 bytes free
Post-Run: 56,284,303,360 bytes free
367 --- E O F --- 2008-07-06 00:51:12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:43 AM, on 23/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\system32\carH04\carH041066.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Sarah\Desktop\DXwnd.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\1RcNmqyH.exe
C:\WINDOWS\system32\3Tj00v3Q.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: mysidesearch search enhancer - {6d7d80ab-7333-21e7-82ba-bed96a50c916} - C:\WINDOWS\system32\dbkxksakiuslmbp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1215069195210O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://dl8-cdn-01.su...ows-i586-jc.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
--
End of file - 7498 bytes