ComboFix 07-11-05.2 - carrie 2007-11-06 21:02:32.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.205 [GMT -8:00]
Running from: C:\Documents and Settings\carrie\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))
.
2007-11-06 19:48 <DIR> d-------- C:\Documents and Settings\carrie\Application Data\Grisoft
2007-11-02 18:29 <DIR> d-------- C:\Program Files\PCPitstop
2007-11-01 11:59 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-11-01 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-01 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-31 20:28 <DIR> d-------- C:\Program Files\CONEXANT
2007-10-31 20:17 60,968 --a------ C:\Documents and Settings\carrie\GoToAssistDownloadHelper.exe
2007-10-31 14:16 <DIR> d-------- C:\KAV
2007-10-31 11:47 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-30 10:31 <DIR> d-------- C:\Documents and Settings\chad\Application Data\Comodo
2007-10-29 19:27 <DIR> d-------- C:\Program Files\CrystalXP
2007-10-29 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-29 16:41 <DIR> d-------- C:\Program Files\themexp
2007-10-29 16:41 <DIR> d-------- C:\Program Files\OneStepSearch
2007-10-29 11:56 <DIR> d-------- C:\Program Files\Java
2007-10-29 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2007-10-29 11:54 <DIR> d-------- C:\Program Files\Citrix
2007-10-29 11:53 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-28 17:46 <DIR> d-------- C:\Program Files\Stardock
2007-10-28 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-28 12:26 <DIR> d-------- C:\Program Files\TGTSoft
2007-10-28 09:34 <DIR> d-------- C:\Program Files\Analogue Vista Clock
2007-10-28 09:17 <DIR> d-------- C:\Program Files\LClock
2007-10-27 18:43 <DIR> d-------- C:\Documents and Settings\carrie\Application Data\SpywareRemover
2007-10-26 17:45 <DIR> d-------- C:\Documents and Settings\carrie\Application Data\AdwareAlert
2007-10-26 05:30 <DIR> d-------- C:\Documents and Settings\carrie\Application Data\Canon
2007-10-26 05:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\espionServerData
2007-10-26 05:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-26 05:10 <DIR> d-------- C:\Program Files\Common Files\Canon
2007-10-26 05:10 <DIR> d-------- C:\Program Files\Canon
2007-10-25 06:33 <DIR> d-------- C:\Program Files\onOne Software
2007-10-25 06:33 <DIR> d-------- C:\Program Files\Common Files\onOne Software Shared
2007-10-24 10:51 <DIR> d-------- C:\Program Files\CCleaner
2007-10-24 10:20 <DIR> d-------- C:\Documents and Settings\carrie\Application Data\Comodo
2007-10-24 08:02 <DIR> d-------- C:\Program Files\Viewpoint
2007-10-24 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-24 08:01 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-10-24 08:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-24 08:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-10-22 11:57 <DIR> d-------- C:\Program Files\Pacific Heroes
2007-10-22 11:56 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-10-22 11:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-22 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-21 13:45 <DIR> dr-h----- C:\MSOCache
2007-10-21 13:34 <DIR> d-------- C:\Documents and Settings\carrie\Application Data\Yahoo!
2007-10-21 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-21 13:24 <DIR> d-------- C:\Documents and Settings\carrie\Application Data\Symantec
2007-10-21 13:19 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-21 13:10 <DIR> d-------- C:\Program Files\Comodo
2007-10-21 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2007-10-21 13:05 <DIR> d-------- C:\Program Files\Google
2007-10-21 13:05 <DIR> d---s---- C:\Documents and Settings\carrie\UserData
2007-10-21 12:57 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-21 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 05:04 45,600 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-07 05:04 2,842,144 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-07 03:56 5,204 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-07 03:56 38,948 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-01 20:05 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-11-01 20:05 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-11-01 04:25 5 ----a-w C:\WINDOWS\system32\drivers\DELL_INS_2200.MRK
2007-11-01 04:25 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_INS_2200.MRK
2007-11-01 04:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-28 20:28 2,320,768 ----a-w C:\WINDOWS\system32\kernel1.exe
2007-10-23 18:52 20,640 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-10-23 18:52 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-10-23 18:52 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-22 19:07 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-22 19:07 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
2007-10-22 19:07 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-22 19:07 216,576 ----a-w C:\WINDOWS\system32\monln.dll
2007-10-22 19:07 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
2007-10-21 22:50 --------- d-----w C:\Program Files\SigmaTel
2007-10-21 22:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-21 22:48 --------- d-----w C:\Program Files\Dell
2007-10-21 22:47 --------- d-----w C:\Program Files\Intel
2007-10-21 22:38 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-09 03:02 235,008 ----a-w C:\WINDOWS\UNBOC.EXE
.
((((((((((((((((((((((((((((( snapshot@2007-11-05_ 9.51.34.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-24 16:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
+ 2007-03-29 17:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-06 00:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 22:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 19:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 21:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2006-02-17 02:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-26 02:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2004-05-04 23:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 21:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 18:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 21:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-17 02:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-06 00:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2006-06-30 22:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 22:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2006-08-01 21:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2006-08-23 21:06:08 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2006-08-17 19:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 19:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 16:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 22:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 18:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 18:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-21 00:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 17:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 18:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 22:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 22:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 21:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 16:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 16:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-04-19 01:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 22:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 1997-09-18 14:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-03-01 01:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2006-08-02 20:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
- 2007-11-01 20:01:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-06 13:38:13 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-01 20:01:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-06 13:38:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-01 20:01:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-06 13:38:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-05-30 12:10:42 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
- 2006-01-09 17:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2006-11-30 01:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 13:20:34 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 13:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2003-03-26 02:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-08-08 18:49]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-06 16:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-06 16:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-06 16:10]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-10-26 14:53]
"PCPitstop Optimize Registration Reminder"="C:\Program Files\PCPitstop\Optimize\Reminder.exe" [2007-10-26 14:53]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 11:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Analogue Vista Clock"="C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe" [2007-09-25 15:26]
"CrystalXP"="C:\Program Files\CrystalXP\CrystalXP.exe" [2005-11-02 22:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-10-29 11:54 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Analogue Vista Clock]
C:\Program Files\Analogue Vista Clock\Analogue Vista Clock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425]
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cnfgCav]
"C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrystalXP]
C:\Program Files\CrystalXP\CrystalXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"ose"=3 (0x3)
"gusvc"=3 (0x3)
"GoToAssist"=3 (0x3)
"Comodo Anti-Virus and Anti-Spyware Service"=2 (0x2)
"BOCore"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-05 11:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-11-05 11:00:00 C:\WINDOWS\Tasks\SpywareRemover Scheduled Scan.job"
- C:\Program Files\SpywareRemover\SpywareRemover.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-06 21:05:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-06 21:06:30
C:\ComboFix2.txt ... 2007-11-05 09:52
.
--- E O F ---