-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 27, 2008 4:12:49 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/02/2008
Kaspersky Anti-Virus database records: 583627
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 200479
Number of viruses found: 10
Number of infected objects: 22
Number of suspicious objects: 0
Duration of the scan process: 02:04:14
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Al\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Al\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Al\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Al\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Al\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Al\Local Settings\History\History.IE5\MSHist012008022720080228\index.dat Object is locked skipped
C:\Documents and Settings\Al\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Al\ntuser.dat Object is locked skipped
C:\Documents and Settings\Al\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP1\A0000052.exe/data0008 Infected: not-a-virus:AdWare.Win32.CommonName.b skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP1\A0000052.exe/data0009 Infected: not-a-virus:AdWare.Win32.CommonName.d skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP1\A0000052.exe/data0010 Infected: not-a-virus:AdWare.Win32.CommonName.d skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP1\A0000052.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000454.exe/data0020/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000454.exe/data0020/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000454.exe/data0020/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000454.exe/data0020/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000454.exe/data0020/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000454.exe/data0020 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000454.exe/data0021 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000454.exe NSIS: infected - 7 skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000455.exe/data0002 Infected: not-a-virus:AdWare.Win32.Midadle.f skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000455.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000456.exe/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.d skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000456.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000457.exe/data0008 Infected: not-a-virus:AdWare.Win32.CommonName.b skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000457.exe/data0009 Infected: not-a-virus:AdWare.Win32.CommonName.d skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000457.exe/data0010 Infected: not-a-virus:AdWare.Win32.CommonName.d skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000457.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000458.pif Infected: Trojan-Downloader.BAT.Ftp.z skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\A0000550.pif Infected: Trojan-Downloader.BAT.Ftp.z skipped
C:\System Volume Information\_restore{423B551A-4433-4020-BB3E-0A97AAEDDE84}\RP5\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_54c.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
ComboFix 08-02-25.3 - Al 2008-02-27 5:07:50.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.915 [GMT -5:00]
Running from: C:\Documents and Settings\Al\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Al\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\Al's HD\Documents and Settings\Amanda\Desktop\setup_ares.exe
C:\Al's HD\Documents and Settings\Amanda\Local Settings\Temp\app32F.tmp
C:\Al's HD\Documents and Settings\Amanda\Local Settings\Temp\midaddle.exe
C:\Al's HD\Documents and Settings\Amanda\Local Settings\Temp\tracker7.exe
C:\Al's HD\WINDOWS\cnbabeie.exe
C:\Al's HD\WINDOWS\SYSTEM32\.pif
C:\Al's HD\WINDOWS\SYSTEM32\cmd.ftp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Al's HD\Documents and Settings\Amanda\Desktop\setup_ares.exe
C:\Al's HD\Documents and Settings\Amanda\Local Settings\Temp\app32F.tmp
C:\Al's HD\Documents and Settings\Amanda\Local Settings\Temp\midaddle.exe
C:\Al's HD\Documents and Settings\Amanda\Local Settings\Temp\tracker7.exe
C:\Al's HD\WINDOWS\cnbabeie.exe
C:\Al's HD\WINDOWS\SYSTEM32\.pif
C:\Al's HD\WINDOWS\SYSTEM32\cmd.ftp
.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.
2008-02-26 20:22 . 2008-02-26 20:22 <DIR> d-------- C:\Program Files\Java
2008-02-26 20:22 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-26 20:21 . 2008-02-26 20:21 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-26 17:16 . 2008-02-26 17:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-26 17:16 . 2008-02-26 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-26 16:40 . 2008-02-26 16:40 <DIR> d-------- C:\Documents and Settings\Al\Application Data\Malwarebytes
2008-02-26 16:39 . 2008-02-26 16:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-26 16:39 . 2008-02-26 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-25 16:20 . 2008-02-25 16:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 22:26 . 2008-02-24 22:51 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-24 22:26 . 2008-02-24 22:28 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-24 22:26 . 2008-02-24 22:28 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-24 22:26 . 2008-02-24 22:28 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-24 19:46 . 2008-02-24 19:46 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-02-24 19:46 . 2008-02-24 19:46 588 --a------ C:\WINDOWS\system32\settings.sfm
2008-02-24 19:45 . 2002-02-06 04:40 26 --a------ C:\WINDOWS\system32\ctzapxx.ini
2008-02-24 19:38 . 2008-02-24 19:45 66 --a------ C:\WINDOWS\SBWIN.INI
2008-02-24 19:36 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-02-24 19:36 . 2004-08-03 23:08 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys
2008-02-24 19:32 . 2008-02-24 19:32 <DIR> d-------- C:\WINDOWS\system32\Data
2008-02-24 19:32 . 1999-09-22 07:18 2,167,684 --a------ C:\WINDOWS\system32\ct2mgm.sf2
2008-02-24 19:32 . 2003-09-22 08:47 178,672 --a------ C:\WINDOWS\system32\drivers\ctoss2k.sys
2008-02-24 19:32 . 2003-09-22 08:51 172,032 --a------ C:\WINDOWS\system32\sfms32.dll
2008-02-24 19:32 . 2003-09-22 08:48 130,192 --a------ C:\WINDOWS\system32\drivers\ctsfm2k.sys
2008-02-24 19:32 . 2001-08-17 14:35 36,864 --a------ C:\WINDOWS\system32\sfman32.dll
2008-02-24 19:32 . 2002-03-21 03:39 20,480 --a------ C:\WINDOWS\INRES.DLL
2008-02-24 19:32 . 2003-09-22 16:14 2,516 --a------ C:\WINDOWS\system32\P16X.ini
2008-02-24 19:31 . 2008-02-24 19:38 <DIR> d-------- C:\Program Files\Creative
2008-02-24 19:31 . 2003-03-05 12:19 15,840 --------- C:\WINDOWS\system32\drivers\PFMODNT.SYS
2008-02-24 19:22 . 2008-02-24 19:22 <DIR> d-------- C:\Program Files\Belarc
2008-02-24 19:22 . 2005-04-07 16:18 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-02-24 18:44 . 2008-02-24 18:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-24 18:37 . 2008-02-24 19:18 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2008-02-24 17:46 . 2008-02-24 17:52 1,840 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-24 17:45 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-24 17:45 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-24 17:45 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-24 17:45 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-24 17:45 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-24 17:45 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-24 17:45 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-24 10:26 . 2008-02-24 10:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-24 10:26 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-24 09:48 . 2008-02-24 09:53 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-23 17:17 . 2008-02-23 17:17 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-23 17:17 . 2008-02-23 17:17 <DIR> d-------- C:\Documents and Settings\Al\Application Data\Lavasoft
2008-02-23 16:34 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-02-23 16:34 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-02-23 16:34 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-23 16:34 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-23 15:29 . 2008-02-23 17:05 847 --a------ C:\WINDOWS\wininit.ini
2008-02-23 14:17 . 2008-02-23 14:17 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-23 14:11 . 2008-02-23 17:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-23 14:11 . 2008-02-23 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 12:52 . 2008-02-23 12:52 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-23 12:52 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-23 12:52 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-23 12:52 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-23 12:52 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-23 12:52 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-23 12:52 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-23 12:52 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-23 12:52 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-23 09:51 . 2008-02-23 09:51 401 --a------ C:\WINDOWS\system32\LB5A2.tmp
2008-02-23 09:50 . 2008-02-23 09:51 278,793 --a------ C:\WINDOWS\system32\L3631.tmp
2008-02-22 22:06 . 2003-10-06 14:16 98,304 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-02-05 21:49 . 2008-02-05 21:49 61,248 --a------ C:\Documents and Settings\Al\Application Data\GDIPFONTCACHEV1.DAT
2008-02-02 14:11 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-02 14:11 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-02 14:00 . 2008-02-22 22:06 <DIR> d-------- C:\WINDOWS\nview
2008-02-02 14:00 . 2003-10-06 14:16 9,801 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-01-31 18:59 . 2008-01-31 18:59 376 --a------ C:\WINDOWS\ODBC.INI
2008-01-31 18:58 . 2008-01-31 18:58 <DIR> d-------- C:\WINDOWS\ShellNew
2008-01-31 18:58 . 2008-01-31 18:58 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 00:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-24 15:50 --------- d-----w C:\Program Files\Bonjour
2008-02-23 22:07 --------- d-----w C:\Program Files\Yahoo!
2008-02-23 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-23 22:06 --------- d-----w C:\Documents and Settings\Al\Application Data\Yahoo!
2008-02-23 14:54 1,755 ----a-w C:\Documents and Settings\Al\Application Data\SAS7_000.DAT
2008-01-19 08:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-18 23:13 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-01-18 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-01-18 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-18 22:06 --------- d-----w C:\Documents and Settings\Al\Application Data\Nuance
2008-01-18 21:55 --------- d-----w C:\Program Files\Common Files\Nuance
2008-01-18 21:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-18 21:54 --------- d-----w C:\Program Files\Nuance
2008-01-18 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nuance
2008-01-18 02:03 --------- d-----w C:\Documents and Settings\Al\Application Data\LimeWire
2008-01-18 02:00 --------- d-----w C:\Program Files\Google
2008-01-18 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-01-18 01:55 --------- d-----w C:\Program Files\Common Files\HP
2008-01-18 01:54 --------- d-----w C:\Program Files\HP
2008-01-18 01:54 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-18 01:54 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-01-18 01:35 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-18 01:35 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-18 01:24 --------- d-----w C:\Program Files\QuickTime
2008-01-18 01:24 --------- d-----w C:\Program Files\iTunes
2008-01-18 01:24 --------- d-----w C:\Program Files\iPod
2008-01-18 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-18 01:24 --------- d-----w C:\Documents and Settings\Al\Application Data\Apple Computer
2008-01-18 01:23 --------- d-----w C:\Program Files\Apple Software Update
2008-01-18 01:22 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-18 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-18 00:17 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2006-11-27 10:25 255528]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
C:\Documents and Settings\Al\Start Menu\Programs\Startup\
Dragon NaturallySpeaking.lnk - C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe [2007-02-12 10:21:26 2516584]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-16 16:15 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-10-06 14:16 5058560 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 14:16 741376 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 09:03 210472 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 15:02:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-27 05:09:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-27 5:11:46
ComboFix-quarantined-files.txt 2008-02-27 10:11:44
ComboFix2.txt 2008-02-26 21:36:57
ComboFix3.txt 2008-02-26 01:51:02
.
2008-02-25 00:53:38 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:19 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Trend Micro\HijackThis\removal.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5583 bytes