ComboFix 07-11-19.3 - Thomas Bender 2007-11-22 23:40:16.10 - NTFSx86
Running from: C:\Documents and Settings\Thomas Bender\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.
2007-11-22 23:39 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll
2007-11-22 23:33 <DIR> d-------- C:\Documents and Settings\Thomas Bender\Application Data\Grisoft
2007-11-22 23:33 <DIR> d-------- C:\Documents and Settings\Thomas Bender\Application Data\Comodo
2007-11-22 13:35 14,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
2007-11-19 09:19 <DIR> d-------- C:\Documents and Settings\Dan Bender\Application Data\Grisoft
2007-11-19 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 09:18 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-11-18 21:37 <DIR> d-------- C:\Documents and Settings\Dan Bender\Application Data\MSN6
2007-11-11 03:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-10 20:50 1,197,294 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
2007-11-10 20:50 764,868 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
2007-11-10 20:50 217,118 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
2007-11-10 20:49 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-10 20:46 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-11-10 20:46 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-11-10 15:47 <DIR> d-------- C:\Documents and Settings\Dan Bender\Application Data\Ruckus Network
2007-11-10 15:40 <DIR> d-------- C:\Program Files\Bonjour
2007-11-10 15:39 <DIR> d-------- C:\Program Files\Ruckus Player
2007-11-09 20:17 139,536 --a------ C:\WINDOWS\SYSTEM32\javaee.dll
2007-11-09 20:17 53,520 --a------ C:\WINDOWS\setdebug.exe
2007-11-09 03:05 128,896 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltmgr.sys
2007-11-09 03:05 30,208 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltmc.exe
2007-11-09 03:05 16,896 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltlib.dll
2007-11-09 03:03 129,316 --a------ C:\WINDOWS\SYSTEM32\TZLog.log
2007-11-08 10:00 <DIR> d-------- C:\Program Files\iTunes
2007-11-08 09:56 <DIR> d-------- C:\Program Files\QuickTime
2007-11-08 07:20 584,192 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2007-11-07 20:16 <DIR> d-------- C:\Documents and Settings\Dan Bender\Application Data\Comodo
2007-11-07 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-07 20:12 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-07 20:11 <DIR> d-------- C:\Program Files\Comodo
2007-11-07 20:07 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-11-07 20:07 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2007-11-07 20:06 34,136 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll.mui
2007-11-07 20:06 25,944 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl.mui
2007-11-07 20:06 25,944 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll.mui
2007-11-07 20:06 20,312 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll.mui
2007-11-07 00:21 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-11-05 08:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-01 16:46 7,168 --a------ C:\WINDOWS\SYSTEM32\windows
2007-10-24 13:14 <DIR> d-------- C:\Documents and Settings\Dan Bender\Application Data\TrojanHunter
2007-10-24 08:45 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-10-23 18:38 694,201 ---hs---- C:\WINDOWS\SYSTEM32\iabpiorb.ini
2007-10-23 12:02 143 --a------ C:\WINDOWS\SYSTEM32\mcrh.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 15:59 --------- d-----w C:\Program Files\Picasa
2007-11-17 01:20 --------- d-----w C:\Program Files\WildTangent
2007-11-10 01:00 --------- d-----w C:\Documents and Settings\Dan Bender\Application Data\Apple Computer
2007-11-08 15:00 --------- d-----w C:\Program Files\iPod
2007-11-06 23:47 165,392 ----a-w C:\Documents and Settings\Dan Bender\Application Data\GDIPFONTCACHEV1.DAT
2007-11-06 19:44 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-06 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-05 17:38 --------- d-----w C:\Program Files\Pure Networks
2007-11-05 17:28 --------- d-----w C:\Documents and Settings\Dan Bender\Application Data\AOL
2007-10-22 18:25 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-22 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-22 13:34 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-10-22 01:53 164 ----a-w C:\install.dat
2007-10-21 22:53 --------- d-----w C:\Program Files\Webroot
2007-10-21 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-21 22:50 --------- d-----w C:\Documents and Settings\Dan Bender\Application Data\Webroot
2007-10-21 18:51 --------- d-----w C:\Documents and Settings\Dan Bender\Application Data\Error Safe Free
2007-10-20 23:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-17 15:01 --------- d-----w C:\Program Files\RegCure
2007-10-17 02:53 --------- d-----w C:\Documents and Settings\Dan Bender\Application Data\Talkback
2007-10-16 16:38 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2007-10-15 18:21 --------- d-----w C:\Program Files\Java
2007-10-09 03:29 --------- d-----w C:\Documents and Settings\Dan Bender\Application Data\AdobeUM
2007-10-09 03:28 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-01 20:40 1,526,072 ----a-w C:\WINDOWS\WRSetup.dll
2007-10-01 20:24 23,864 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2007-10-01 20:24 21,816 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2007-10-01 20:24 20,280 ----a-w C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-10-01 20:24 163,640 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2007-03-11 23:57 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2003-12-04 23:24 812 ----a-w C:\Program Files\INSTALL.LOG
2005-03-15 03:42 475 --sh--w C:\WINDOWS\SYSTEM32\wbpu.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"cw04RVb2U"="shrpmsg.exe" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-05-25 12:51]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 02:01]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 19:22]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44]
"pdfFactory Dispatcher v1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" [2002-10-30 16:59]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-02-11 17:10]
"LifeScape Media Detector"="C:\Program Files\Picasa\PicasaMediaDetector.exe" [2004-04-11 17:51]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-11 19:33]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"HostManager"="C:\Program Files\Common Files\AOL\1100820089\ee\AOLSoftware.exe" [2006-09-25 19:52]
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 18:36]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-17 14:48]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 15:40]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 22:59]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2002-12-17 02:44:07]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 18:06:54]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-12-27 17:47:22]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2003-12-24 15:46:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
S3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\System32\drivers\NMSCFG.SYS
S3 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys
*Newly Created Service* - HIDSERV
.
Contents of the 'Scheduled Tasks' folder
"2007-11-19 23:48:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-23 04:33:28 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-08 11:37:17 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-22 21:13:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 23:43:25
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-22 23:45:13
C:\ComboFix2.txt ... 2007-11-16 21:13
C:\ComboFix3.txt ... 2007-11-16 21:06
.
--- E O F ---