ComboFix 07-11-08.3 - dargry 2007-11-01 21:36:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.424 [GMT 0:00]
Running from: C:\Documents and Settings\dargry\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 12 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\006409FC.urr
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\Thumbs.db
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.
2007-11-20 10:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-20 07:58 6,058,496 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-20 07:58 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-20 07:58 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-20 07:58 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-20 07:58 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-20 07:58 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-20 07:58 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-20 07:58 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-20 07:35 33,792 --a–c— C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-20 07:31
2007-11-16 17:53
2007-11-16 17:53
2007-11-14 22:40
2007-11-14 13:41 16,008 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-11-14 09:19
2007-11-14 09:18 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2007-11-14 09:18 41,928 --a------ C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
2007-11-14 09:18 32,072 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys
2007-11-14 09:15
2007-11-14 09:15
2007-11-14 09:14
2007-11-07 13:16
2007-11-04 19:47
2007-11-04 19:47
2007-11-04 19:46 583,493 --a------ C:\WINDOWS\system32\TMSSReport.zip
2007-11-04 19:46 21,538 --a------ C:\WINDOWS\system32\TMSSUninstall.zip
2007-10-15 19:16
2007-10-15 19:15
2007-10-15 19:15
2007-10-15 19:15
2007-10-14 12:04
2007-10-13 21:33 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-20 07:38 --------- d-----w C:\Program Files\Spyware Doctor
2007-11-17 08:04 --------- d-----w C:\Documents and Settings\dargry\Application Data\Vidalia
2007-11-16 15:54 --------- d-----w C:\Documents and Settings\dargry\Application Data\OpenOffice.ux.pl2
2007-11-14 13:29 --------- d-----w C:\Program Files\Picasa2
2007-11-14 09:15 --------- d–h--w C:\Program Files\InstallShield Installation Information
2007-10-14 20:04 --------- d-----w C:\Program Files\BearShare Applications
2007-10-14 12:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-14 12:20 --------- d-----w C:\Documents and Settings\dargry\Application Data\Symantec
2007-10-14 12:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-14 12:18 --------- d-----w C:\Program Files\Symantec
2007-09-28 21:44 --------- d-----w C:\Program Files\SkanerOnline
2007-09-27 13:47 --------- d-----w C:\Documents and Settings\dargry\Application Data\BearShare
2007-09-27 06:41 --------- d-----w C:\Documents and Settings\dargry\Application Data\Ahead
2007-09-27 06:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2007-09-27 06:36 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-09-27 06:35 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-27 06:23 --------- d-----w C:\Program Files\Nero
2007-09-27 06:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-09-27 06:04 --------- d-----w C:\Program Files\FinePixViewer
2007-09-23 23:31 --------- d-----w C:\Documents and Settings\dargry\Application Data\PC Tools
2007-09-20 05:30 --------- d-----w C:\Program Files\Java
2007-09-16 20:56 --------- d-----w C:\Program Files\NASA
2007-09-15 07:40 --------- d-----w C:\Documents and Settings\dargry\Application Data\Image Zone Express
2007-09-14 20:54 --------- d-----w C:\Program Files\Common Files\AOL
2007-09-14 20:36 --------- d-----w C:\Program Files\Privoxy
2007-09-14 20:35 --------- d-----w C:\Program Files\Vidalia
2007-09-14 20:35 --------- d-----w C:\Program Files\TrueCrypt
2007-09-14 11:37 --------- d-----w C:\Documents and Settings\dargry\Application Data\Spamihilator
2007-09-14 11:01 --------- d-----w C:\Documents and Settings\dargry\Application Data\Tor
2007-09-11 15:04 --------- d-----w C:\Program Files\Common Files\Adobe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 17:30]
“SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-08-14 16:02]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-07-21 17:22]
[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t
“swg”=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
“Picasa Media Detector”=C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVKTray]
“C:\Program Files\G DATA AntiVirus Trial\AVKTray\AVKTray.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
“C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
“C:\Program Files\Norton Ghost\Agent\GhostTray.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
“C:\Program Files\Spyware Doctor\SDTrayApp.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 3]
“C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe” /Stationary
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
“C:\Program Files\Windows Defender\MSASCui.exe” -hide
R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys
R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
R2 AVKProxy;G DATA AntiVirus Proxy;“C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe”
R2 AVKService;G DATA Scheduler;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKService.exe
R2 AVKWCtl;AntiVirus Monitor;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe
R2 GDTdiInterceptor;GDTdiInterceptor;??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB
R3 GDMnIcpt;GDMnIcpt;??\C:\WINDOWS\system32\drivers\MiniIcpt.sys
R3 HookCentre;HookCentre;??\C:\WINDOWS\system32\drivers\HookCentre.sys
S3 commiwi;[CommView] Intel® PRO/Wireless 2200BG Network Connection Driver for Windows 2000;C:\WINDOWS\system32\DRIVERS\commiwi.sys
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{63ce1211-3d36-11dc-b10c-00166fa6fd60}]
\Shell\AutoRun\command - H:\USBNB.exe
.
Contents of the ‘Scheduled Tasks’ folder
“2007-11-08 21:48:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job”
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 21:46:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-08 21:50:30 - machine was rebooted
.
— E O F —