ComboFix 07-11-08.3 - makem 2007-11-18 13:54:48.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.636 [GMT 0:00]
Running from: F:\Documents and Settings\makem.HAL\Desktop\ComboFix.exe
Command switches used :: F:\Documents and Settings\makem.HAL\Desktop\CFScript.txt
* Created a new restore point
FILE
F:\Program Files\Common Files\Microsoft Shared\MSInfo\WinKernelUpd.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Program Files\Common Files\Microsoft Shared\MSInfo\WinKernelUpd.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-18 to 2007-11-18 )))))))))))))))))))))))))))))))
.
2007-11-17 01:45 <DIR> d-------- F:\WINDOWS\system32\Kaspersky Lab
2007-11-17 01:45 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-17 01:43 <DIR> d---s---- F:\Documents and Settings\makem.HAL\UserData
2007-11-15 23:29 51,200 --a------ F:\WINDOWS\NirCmd.exe
2007-11-13 13:10 <DIR> d-------- F:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-18 13:48 --------- d-----w F:\Documents and Settings\makem.HAL\Application Data\MailWasherPro
2007-11-15 14:52 --------- d-----w F:\Program Files\Steam
2007-10-23 13:32 --------- d-----w F:\Program Files\FlashFXP.v3.3.5.1110.BETA5
2007-10-16 11:24 --------- d-----w F:\Program Files\FlashGet
2007-10-16 11:02 1,422 ----a-w F:\Documents and Settings\makem.HAL\clean.reg
2007-10-16 10:24 --------- d-----w F:\Program Files\Executive Software
2007-10-16 10:24 --------- d-----w F:\Program Files\Diskeeper Corporation
2007-10-16 10:24 --------- d-----w F:\Documents and Settings\makem.HAL\Application Data\Leadertech
2007-10-16 10:19 --------- d-----w F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-15 23:45 --------- d-----w F:\Program Files\Dealio
2007-10-15 23:42 --------- d-----w F:\Program Files\Common Files\SWF Studio
2007-10-15 23:33 512,096 ----a-w F:\WINDOWS\system32\drivers\amon.sys
2007-10-15 23:33 298,104 ----a-w F:\WINDOWS\system32\imon.dll
2007-10-15 23:33 15,424 ----a-w F:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-15 22:57 --------- d-----w F:\Documents and Settings\All Users\Application Data\Avg7
2007-10-15 22:55 --------- d-----w F:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-05 20:45 --------- d-----w F:\Program Files\Microsoft Works
2007-10-04 22:10 --------- d-----w F:\Program Files\tz_mIRC
2007-10-04 22:10 --------- d-----w F:\Program Files\geordies_mIRC
2007-10-04 21:36 --------- d-----w F:\Program Files\GuildFTPd
2007-09-29 20:43 --------- d-----w F:\Program Files\Common Files\L&H
2007-09-27 09:07 --------- d-----w F:\Program Files\DigiGuide TV Guide
2007-09-27 09:00 --------- d-----w F:\Program Files\zone_mIRC
2007-09-25 21:19 --------- d-----w F:\Documents and Settings\makem.HAL\Application Data\Lavasoft
2007-09-24 16:53 --------- d-----w F:\Documents and Settings\makem.HAL\Application Data\FlashFXP
2007-09-23 10:53 --------- d-----w F:\Program Files\tbsg_mIRC
2007-09-23 10:51 --------- d-----w F:\Documents and Settings\makem.HAL\Application Data\mIRC
2007-09-23 10:49 --------- d-----w F:\Program Files\new_zone_mIRC
2007-09-21 18:01 --------- d-----w F:\Documents and Settings\makem.HAL\Application Data\ACD Systems
2007-09-21 14:07 --------- d-----w F:\Documents and Settings\makem.HAL\Application Data\.BitTornado
2007-08-21 06:15 683,520 ----a-w F:\WINDOWS\system32\inetcomm.dll
2006-03-11 17:55 457 ----a-w F:\Program Files\INSTALL.LOG
2001-11-23 12:08 712,704 ----a-w F:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot_2007-11-17_ 1.35.52.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-24 12:27:16 213,048 ----a-w F:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 15:47:20 94,208 ----a-w F:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 15:49:54 950,272 ----a-w F:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="-cmicnfg.cpl" []
"NeroFilterCheck"="-F:\WINDOWS\System32\NeroCheck.exe" []
"IMEKRMIG6.1"="-F:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" []
"SoundMan"="-SOUNDMAN.EXE" []
"QuickTime Task"="-F:\Program Files\QuickTime\qttask.exe" []
"!AVG Anti-Spyware"="-F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"nod32kui"="F:\Program Files\Eset\nod32kui.exe" [2007-10-15 23:33]
"DiskeeperSystray"="F:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 16:38]
"ICQ Lite"="-F:\Program Files\ICQLite\ICQLite.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"msnmsgr"="-F:\Program Files\MSN Messenger\msnmsgr.exe" []
"MailWasher"="F:\PROGRA~1\MAILWA~1\MAILWA~1.EXE" [2003-11-10 13:25]
F:\Documents and Settings\makem\Start Menu\Programs\Startup\
DigiGuide.lnk - F:\Program Files\DigiGuide TV Guide\Client.exe [2005-10-30 22:55:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"Norun"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableReistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Acronis Scheduler2 Service"="F:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"SunJavaUpdateSched"=F:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
R2 AsProbe;AsProbe;\??\F:\WINDOWS\System32\drivers\AsProbe.sys
R2 UxTuneUp;TuneUp Design Expansion;F:\WINDOWS\System32\svchost.exe -k netsvcs
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;F:\WINDOWS\system32\DRIVERS\AN983.sys
R3 HCW848NT;Hauppauge Win/TV;F:\WINDOWS\system32\DRIVERS\hcw848nt.sys
S3 AvFlt;Antivirus Filter Driver;F:\WINDOWS\system32\drivers\av5flt.sys
S3 HWACCESS;HWACCESS;\??\F:\WINDOWS\system32\HWACCESS.SYS
S3 LMImirr;LMImirr;F:\WINDOWS\system32\DRIVERS\LMImirr.sys
S3 mirrorv3;mirrorv3;F:\WINDOWS\system32\DRIVERS\rminiv3.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2007-10-26 16:15:00 F:\WINDOWS\Tasks\1-Click Maintenance.job"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 13:56:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MailWasher = F:\PROGRA~1\MAILWA~1\MAILWA~1.EXE?
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-18 13:57:30
F:\ComboFix2.txt ... 2007-11-17 01:36
F:\ComboFix3.txt ... 2007-11-15 23:41
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:18, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Eset\nod32krn.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Eset\nod32.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\logonui.exe
F:\WINDOWS\system32\rdpclip.exe
F:\Program Files\Eset\nod32kui.exe
F:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\notepad.exe
F:\WINDOWS\system32\logon.scr
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\iseeu.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - F:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Cmaudio] -RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] -F:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] -F:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SoundMan] -SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] -"F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] -"F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DiskeeperSystray] "F:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ICQ Lite] -"F:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] -"F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MailWasher] F:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - F:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - F:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - F:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0175246499
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0177533779
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: Adobe LM Service - Unknown owner - -"F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - -F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"F:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
--
End of file - 6682 bytes