ComboFix 08-03-22.1 - Rob 2008-03-23 10:38:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.614 [GMT -4:00]
Running from: C:\Documents and Settings\Rob\Desktop\Tools\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rob\Desktop\Tools\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\cysdos.exe
C:\ffdcahl.exe
C:\fsavfpk.exe
C:\onhtp.exe
C:\p2hhr.bat
C:\WINDOWS\system32\iphelp.dll
C:\WINDOWS\system32\jfiehayd.dll
C:\WINDOWS\system32\kbdsdf.dll
C:\WINDOWS\system32\mscert.dll
C:\WINDOWS\system32\rsh.dll
C:\WINDOWS\system32\winsoft.nls
C:\WINDOWS\system32\yatool.dll
.
TimedOut: progfile.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cysdos.exe
C:\ffdcahl.exe
C:\fsavfpk.exe
C:\onhtp.exe
C:\p2hhr.bat
C:\WINDOWS\system32\iphelp.dll
C:\WINDOWS\system32\jfiehayd.dll
C:\WINDOWS\system32\kbdsdf.dll
C:\WINDOWS\system32\mscert.dll
C:\WINDOWS\system32\rsh.dll
C:\WINDOWS\system32\winsoft.nls
C:\WINDOWS\system32\yatool.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.
2008-03-23 10:02 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-23 09:47 . 2008-03-23 10:02 <DIR> d-------- C:\Program Files\Java
2008-03-23 09:47 . 2008-03-23 09:47 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-23 09:31 . 2008-03-23 09:31 <DIR> d-------- C:\Program Files\Sun
2008-03-22 14:01 . 2008-03-22 14:01 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Comodo
2008-03-22 14:01 . 2008-03-22 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-03-22 13:59 . 2008-03-22 13:59 <DIR> d-------- C:\Program Files\Comodo
2008-03-22 13:59 . 2008-03-21 10:50 211 --a------ C:\boot.ini.comodofirewall
2008-03-22 13:44 . 2008-03-22 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-03-22 13:13 . 2008-03-22 13:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-21 17:49 . 2008-03-21 17:50 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-21 17:49 . 2008-03-21 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-21 17:43 . 2008-03-21 17:44 <DIR> d-------- C:\Program Files\Index.dat Suite
2008-03-21 17:29 . 2008-03-21 17:29 <DIR> d-------- C:\VundoFix Backups
2008-03-20 17:11 . 2008-03-20 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-03-20 16:58 . 2008-03-20 18:34 <DIR> d-------- C:\Program Files\Buildalot
2008-03-16 08:04 . 2008-03-16 08:45 <DIR> d-------- C:\Program Files\Space Civilizations
2008-03-15 19:11 . 2008-03-15 19:11 <DIR> d-------- C:\Program Files\Funcom
2008-03-15 18:23 . 2008-03-15 22:35 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\FreeOrion
2008-02-25 19:01 . 2008-02-25 19:01 <DIR> d-------- C:\Program Files\iTunes
2008-02-25 19:01 . 2008-02-25 19:01 <DIR> d-------- C:\Program Files\iPod
2008-02-25 18:58 . 2008-02-25 18:59 <DIR> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 13:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-22 18:36 --------- d-----w C:\Program Files\PeerGuardian2
2008-03-22 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 17:44 --------- d-----w C:\Program Files\TomTom HOME 2
2008-03-21 15:31 --------- d-----w C:\Documents and Settings\Rob\Application Data\Ahead
2008-03-21 15:17 --------- d-----w C:\Program Files\Yahoo!
2008-03-21 15:17 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-21 13:45 --------- d-----w C:\Documents and Settings\Rob\Application Data\Azureus
2008-03-17 03:43 --------- d-----w C:\Program Files\Bit Che
2008-03-16 11:50 --------- d-----w C:\Program Files\World of Warcraft
2008-03-15 21:37 --------- d-----w C:\Program Files\Voyage Century Online
2008-03-14 15:25 --------- d-----w C:\Program Files\WowReader
2008-03-13 22:22 --------- d-----w C:\Documents and Settings\Rob\Application Data\Canon
2008-03-13 19:21 --------- d-----w C:\Program Files\Azureus
2008-03-13 18:59 --------- d-----w C:\Program Files\DivX
2008-02-28 00:43 --------- d-----w C:\Program Files\Google
2008-02-22 19:00 0 ----a-w C:\Program Files\pspbrwse.jbf
2008-02-22 18:30 --------- d-----w C:\Program Files\GameTop.com
2008-02-09 13:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-02-06 00:33 --------- d-----w C:\Documents and Settings\Rob\Application Data\VMware
2008-02-06 00:25 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2006-10-06 23:17 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-06-03 01:25 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-01-06 15:59 57,344 ----a-w C:\Program Files\SPWaW 8.403 Patch.doc
2006-01-06 15:59 37,376 ----a-w C:\Program Files\SPWaW OOB Editor vs. 5.0 Notes.doc
2006-01-06 15:59 35,840 ----a-w C:\Program Files\SPWaW OOB Notes.doc
2005-12-07 14:09 1,285,632 ----a-w C:\Program Files\SPWaW OOB Editor vs. 5.0.exe
2005-12-05 06:45 3,001,256 ----a-w C:\Program Files\mech.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-22_13.34.37.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-22 17:59:06 75,520 ----a-w C:\WINDOWS\system32\drivers\cmdmon.sys
+ 2008-03-22 17:59:06 51,328 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
- 2006-05-03 05:19:30 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 05:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-05-03 05:19:40 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 05:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-05-03 06:56:58 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 06:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-23 14:45:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 06:58 206184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Keyboard Manager"="C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe" [2000-10-24 13:10 569344]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 28160 C:\WINDOWS\KHALMNPR.Exe]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00 79224]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-03-22 13:59 1115728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [2003-06-24 02:31:35 442368]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-10-24 16:19:31 528384]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-03-01 19:43 90112 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 17:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I&F Viewer toolbar]
C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2005-07-22 23:25 28160 C:\WINDOWS\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 C:\WINDOWS\System32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\System32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
--a------ 2005-09-18 19:40 1421824 C:\Program Files\PeerGuardian2\pg2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-27 21:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
C:\Program Files\NCSoft\Launcher\NCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-07-22 19:00 81920 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-10-06 19:25 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-20 16:30 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3 (0x3)
"CLTNetCnService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 14:03]
R3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-23 15:16]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\9Dragons\GameGuard\dump_wmimmc.sys []
S3 MSSQL$MA3;MSSQL$MA3;C:\Program Files\Microsoft SQL Server\MSSQL$MA3\Binn\sqlservr.exe [2002-12-17 17:26]
S3 SQLAgent$MA3;SQLAgent$MA3;C:\Program Files\Microsoft SQL Server\MSSQL$MA3\Binn\sqlagent.EXE [2002-12-17 17:23]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f53f907-a9c0-11dc-82d3-00115b4c337c}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 19:36:19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-23 10:46:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Netropa\One-touch Multimedia Keyboard\KEYBDMGR.EXE
C:\PROGRA~1\Netropa\Onscre~1\OSD.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMUSBKB2.EXE
.
**************************************************************************
.
Completion time: 2008-03-23 10:52:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 14:51:56
ComboFix2.txt 2008-03-22 17:35:01
.
2008-03-12 07:02:06 --- E O F ---