saraboo
2007-10-04, 11:07
I have included the logs from both ComboFix and SuperAntiSpyware. I think that my computer got hacked because someone has stolen my bank account numbers and SSN and ALL my other info and is using it to make purchases and open accounts. I have already done all of the stuff I need to do with my banks and the credit bureaus, but I am here to see if something I had on my PC is responsible for this. Please help. It is freaking me out that someone has all this info.
COMBOFIX LOG
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.96 [GMT -6:00]
Script execution time was exceeded on script "C:\ComboFix\restore_pt.vbs".
Script execution was terminated.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\SARAAS~1\APPLIC~1\CURITY~1
C:\DOCUME~1\SARAAS~1\APPLIC~1\SMANTE~1
C:\DOCUME~1\SARAAS~1\APPLIC~1\SSTEM~1
C:\DOCUME~1\SARAAS~1\APPLIC~1\WNSXS~1
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\curity~1\??curity\
C:\Program Files\Common Files\curity~1\csrss.exe
C:\Program Files\Common Files\smbols~1
C:\Program Files\inetget2
C:\Program Files\network monitor
C:\Program Files\winupdates
C:\Program Files\wnsxs~1
C:\Program Files\wnsxs~1\??chost.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\racle~1
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\kipuq.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\wcpsvsu32.exe
C:\WINDOWS\U2FyYSBBc2J1cnk\asappsrv.dll
C:\WINDOWS\U2FyYSBBc2J1cnk\command.exe
C:\WINDOWS\wr.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\core
-------\Network Monitor
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.
2007-09-20 23:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-20 23:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-20 23:23 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-20 23:23 <DIR> d-------- C:\DOCUME~1\SARAAS~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-20 23:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 00:06 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
2007-09-18 08:20 <DIR> d-------- C:\Program Files\Logitech
2007-09-18 08:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-09-18 08:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
2007-09-18 08:17 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2007-09-18 08:17 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-09-18 08:15 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-09-18 08:15 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-09-18 08:15 <DIR> d-------- C:\Program Files\Common Files\logishrd
2007-09-17 21:47 <DIR> d-------- C:\DOCUME~1\SARAAS~1\APPLIC~1\Yahoo!
2007-09-17 21:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-20 23:39 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs
2007-09-20 20:32 --------- d-------- C:\Program Files\Yahoo!
2007-09-18 22:38 --------- d-------- C:\Program Files\Google
2007-09-17 22:19 --------- d-------- C:\DOCUME~1\SARAAS~1\APPLIC~1\SiteAdvisor
2007-09-12 23:11 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-09-02 13:55 --------- d-------- C:\Program Files\SiteAdvisor
2007-09-02 00:09 --------- d-------- C:\DOCUME~1\SARAAS~1\APPLIC~1\AdobeUM
2007-08-30 20:22 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-08-23 10:51 --------- d-------- C:\Program Files\McAfee
2007-08-19 23:51 --------- d-------- C:\DOCUME~1\SARAAS~1\APPLIC~1\LimeWire
2007-08-01 03:07 --------- d-------- C:\Program Files\McAfee.com
2007-08-01 03:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-07-31 00:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-07-29 23:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-29 15:28 --------- d-------- C:\Program Files\Common Files\McAfee
2007-07-29 15:12 25214 --a------ C:\Program Files\B.ico
2007-07-29 15:12 25214 --a------ C:\Program Files\A.ico
2007-07-29 00:25 167 --a------ C:\DOCUME~1\SARAAS~1\8246.bat
2007-07-27 23:33 167 --a------ C:\DOCUME~1\SARAAS~1\5783.bat
2007-07-27 23:33 12285 --a------ C:\WINDOWS\b103.exe.bin
2007-07-27 11:40 167 --a------ C:\DOCUME~1\SARAAS~1\4171.bat
2007-07-26 22:13 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-07-26 21:54 73 --a------ C:\DOCUME~1\SARAAS~1\n.bat
2007-07-26 21:54 167 --a------ C:\DOCUME~1\SARAAS~1\9046.bat
2007-07-24 12:26 167 --a------ C:\DOCUME~1\SARAAS~1\8114.bat
2007-07-23 14:39 --------- d-------- C:\Program Files\Brother
2007-07-22 17:29 --------- d-------- C:\Program Files\HP
2007-07-22 17:29 --------- d-------- C:\DOCUME~1\SARAAS~1\APPLIC~1\HP
2007-07-22 17:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-07-22 17:27 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-22 17:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-07-22 17:26 --------- d-------- C:\Program Files\Common Files\HP
2007-07-22 17:24 --------- d-------- C:\Program Files\Hewlett-Packard
2007-07-22 16:48 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-22 16:48 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-22 16:43 167 --a------ C:\DOCUME~1\SARAAS~1\4898.bat
2007-07-21 01:46 --------- dr------- C:\DOCUME~1\SARAAS~1\APPLIC~1\Brother
2007-07-21 01:19 --------- d-------- C:\Program Files\ScanSoft
2007-07-21 01:19 --------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-07-21 01:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-07-21 01:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-07-21 01:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
2006-02-19 03:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
2005-07-29 22:24:26 472 --sha-r C:\WINDOWS\U2FyYSBBc2J1cnk\oZIVsm11wZLYwB4.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 16:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 16:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 16:50]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 C:\WINDOWS\stsystra.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 23:46]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 23:47]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 04:12]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2003-09-02 16:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 12:29]
"QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [2006-11-07 21:07]
"EKIJ5000StatusMonitor"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2007-04-03 08:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 09:42]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51]
"Uaol"="C:\PROGRA~1\COMMON~1\CURITY~1\csrss.exe" []
"Tbmnaaj"="C:\Program Files\W?nSxS\??chost.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-07-22 23:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-08-15 07:28:56 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-07-29 21:25:57 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-20 14:08:39 C:\WINDOWS\Tasks\WebReg Photosmart D7300 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-20 23:40:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-20 23:43:59 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-20 23:43
.
--- E O F ---
SUPERANTISPYWARE LOG
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/26/2007 at 10:01 PM
Application Version : 3.9.1008
Core Rules Database Version : 3310
Trace Rules Database Version: 1314
Scan type : Quick Scan
Total Scan Time : 00:23:20
Memory items scanned : 701
Memory threats detected : 0
Registry items scanned : 812
Registry threats detected : 0
File items scanned : 13160
File threats detected : 60
Adware.Tracking Cookie
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@casalemedia[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@thunderbolt.adjuggler[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@adultfriendfinder[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@counter1.sextracker[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@media.adrevolver[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@overture[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@realmedia[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@www.burstnet[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@ad.doubleclick[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@adrevolver[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@burstnet[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@imrworldwide[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@revsci[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@cbs.112.2o7[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@atdmt[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@fastclick[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@msnportal.112.2o7[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@bluestreak[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@specificclick[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@tribalfusion[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@doubleclick[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@advertising[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@bs.serving-sys[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@serving-sys[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@atwola[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@questionmarket[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@cpvfeed[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@directtrack[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@ad.doubleclick[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@richmedia.yahoo[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@hitbox[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@2o7[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@rotator.dex.adjuggler[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@www.allsexadvice[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@ad.outerinfo[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@ehg-pcsecurityshield.hitbox[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@media.adrevolver[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@citi.bridgetrack[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@ad.yieldmanager[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@lynxtrack[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@porno-shack[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@da-tracking[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@trafficmp[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@mediaplex[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@adopt.specificclick[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@adopt.euroclick[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@adlegend[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@ads.pointroll[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@sextracker[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@tacoda[1].txt
C:\Documents and Settings\LocalService\Cookies\system@dealtime[1].txt
C:\Documents and Settings\LocalService\Cookies\system@enhance[2].txt
C:\Documents and Settings\LocalService\Cookies\system@findwhat[2].txt
C:\Documents and Settings\LocalService\Cookies\system@stat.dealtime[1].txt
Adware.ClickSpring
C:\qoobox\Quarantine\C\Program Files\WNSXS~1\CHOSTE~1.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KIPUQ.DLL.VIR
Trojan.Downloader-Gen/Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\B128.EXE.VIR
Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WCPSVSU32.EXE.VIR
COMBOFIX LOG
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.96 [GMT -6:00]
Script execution time was exceeded on script "C:\ComboFix\restore_pt.vbs".
Script execution was terminated.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\SARAAS~1\APPLIC~1\CURITY~1
C:\DOCUME~1\SARAAS~1\APPLIC~1\SMANTE~1
C:\DOCUME~1\SARAAS~1\APPLIC~1\SSTEM~1
C:\DOCUME~1\SARAAS~1\APPLIC~1\WNSXS~1
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\curity~1\??curity\
C:\Program Files\Common Files\curity~1\csrss.exe
C:\Program Files\Common Files\smbols~1
C:\Program Files\inetget2
C:\Program Files\network monitor
C:\Program Files\winupdates
C:\Program Files\wnsxs~1
C:\Program Files\wnsxs~1\??chost.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\racle~1
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\kipuq.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\wcpsvsu32.exe
C:\WINDOWS\U2FyYSBBc2J1cnk\asappsrv.dll
C:\WINDOWS\U2FyYSBBc2J1cnk\command.exe
C:\WINDOWS\wr.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\core
-------\Network Monitor
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.
2007-09-20 23:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-20 23:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-20 23:23 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-20 23:23 <DIR> d-------- C:\DOCUME~1\SARAAS~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-20 23:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 00:06 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
2007-09-18 08:20 <DIR> d-------- C:\Program Files\Logitech
2007-09-18 08:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-09-18 08:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
2007-09-18 08:17 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2007-09-18 08:17 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-09-18 08:15 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-09-18 08:15 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-09-18 08:15 <DIR> d-------- C:\Program Files\Common Files\logishrd
2007-09-17 21:47 <DIR> d-------- C:\DOCUME~1\SARAAS~1\APPLIC~1\Yahoo!
2007-09-17 21:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-20 23:39 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs
2007-09-20 20:32 --------- d-------- C:\Program Files\Yahoo!
2007-09-18 22:38 --------- d-------- C:\Program Files\Google
2007-09-17 22:19 --------- d-------- C:\DOCUME~1\SARAAS~1\APPLIC~1\SiteAdvisor
2007-09-12 23:11 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-09-02 13:55 --------- d-------- C:\Program Files\SiteAdvisor
2007-09-02 00:09 --------- d-------- C:\DOCUME~1\SARAAS~1\APPLIC~1\AdobeUM
2007-08-30 20:22 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-08-23 10:51 --------- d-------- C:\Program Files\McAfee
2007-08-19 23:51 --------- d-------- C:\DOCUME~1\SARAAS~1\APPLIC~1\LimeWire
2007-08-01 03:07 --------- d-------- C:\Program Files\McAfee.com
2007-08-01 03:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-07-31 00:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-07-29 23:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-29 15:28 --------- d-------- C:\Program Files\Common Files\McAfee
2007-07-29 15:12 25214 --a------ C:\Program Files\B.ico
2007-07-29 15:12 25214 --a------ C:\Program Files\A.ico
2007-07-29 00:25 167 --a------ C:\DOCUME~1\SARAAS~1\8246.bat
2007-07-27 23:33 167 --a------ C:\DOCUME~1\SARAAS~1\5783.bat
2007-07-27 23:33 12285 --a------ C:\WINDOWS\b103.exe.bin
2007-07-27 11:40 167 --a------ C:\DOCUME~1\SARAAS~1\4171.bat
2007-07-26 22:13 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-07-26 21:54 73 --a------ C:\DOCUME~1\SARAAS~1\n.bat
2007-07-26 21:54 167 --a------ C:\DOCUME~1\SARAAS~1\9046.bat
2007-07-24 12:26 167 --a------ C:\DOCUME~1\SARAAS~1\8114.bat
2007-07-23 14:39 --------- d-------- C:\Program Files\Brother
2007-07-22 17:29 --------- d-------- C:\Program Files\HP
2007-07-22 17:29 --------- d-------- C:\DOCUME~1\SARAAS~1\APPLIC~1\HP
2007-07-22 17:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-07-22 17:27 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-22 17:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-07-22 17:26 --------- d-------- C:\Program Files\Common Files\HP
2007-07-22 17:24 --------- d-------- C:\Program Files\Hewlett-Packard
2007-07-22 16:48 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-22 16:48 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-22 16:43 167 --a------ C:\DOCUME~1\SARAAS~1\4898.bat
2007-07-21 01:46 --------- dr------- C:\DOCUME~1\SARAAS~1\APPLIC~1\Brother
2007-07-21 01:19 --------- d-------- C:\Program Files\ScanSoft
2007-07-21 01:19 --------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-07-21 01:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-07-21 01:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-07-21 01:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
2006-02-19 03:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
2005-07-29 22:24:26 472 --sha-r C:\WINDOWS\U2FyYSBBc2J1cnk\oZIVsm11wZLYwB4.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 16:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 16:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 16:50]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 C:\WINDOWS\stsystra.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 23:46]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 23:47]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 04:12]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2003-09-02 16:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 12:29]
"QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [2006-11-07 21:07]
"EKIJ5000StatusMonitor"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2007-04-03 08:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 09:42]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51]
"Uaol"="C:\PROGRA~1\COMMON~1\CURITY~1\csrss.exe" []
"Tbmnaaj"="C:\Program Files\W?nSxS\??chost.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-07-22 23:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-08-15 07:28:56 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-07-29 21:25:57 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-20 14:08:39 C:\WINDOWS\Tasks\WebReg Photosmart D7300 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-20 23:40:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-20 23:43:59 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-20 23:43
.
--- E O F ---
SUPERANTISPYWARE LOG
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/26/2007 at 10:01 PM
Application Version : 3.9.1008
Core Rules Database Version : 3310
Trace Rules Database Version: 1314
Scan type : Quick Scan
Total Scan Time : 00:23:20
Memory items scanned : 701
Memory threats detected : 0
Registry items scanned : 812
Registry threats detected : 0
File items scanned : 13160
File threats detected : 60
Adware.Tracking Cookie
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@casalemedia[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@thunderbolt.adjuggler[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@adultfriendfinder[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@counter1.sextracker[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@media.adrevolver[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@overture[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@realmedia[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@www.burstnet[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@ad.doubleclick[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@adrevolver[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@burstnet[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@imrworldwide[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@revsci[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@cbs.112.2o7[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@atdmt[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@fastclick[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@msnportal.112.2o7[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@bluestreak[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@specificclick[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@tribalfusion[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@doubleclick[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@advertising[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@bs.serving-sys[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@serving-sys[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@atwola[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@questionmarket[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@cpvfeed[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@directtrack[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@ad.doubleclick[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@richmedia.yahoo[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@hitbox[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@2o7[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@rotator.dex.adjuggler[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@www.allsexadvice[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@ad.outerinfo[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@ehg-pcsecurityshield.hitbox[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@media.adrevolver[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@citi.bridgetrack[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@ad.yieldmanager[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@lynxtrack[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@porno-shack[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@da-tracking[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@trafficmp[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@mediaplex[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@adopt.specificclick[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@adopt.euroclick[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@adlegend[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@ads.pointroll[2].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@sextracker[1].txt
C:\Documents and Settings\Sara Asbury\Cookies\sara_asbury@tacoda[1].txt
C:\Documents and Settings\LocalService\Cookies\system@dealtime[1].txt
C:\Documents and Settings\LocalService\Cookies\system@enhance[2].txt
C:\Documents and Settings\LocalService\Cookies\system@findwhat[2].txt
C:\Documents and Settings\LocalService\Cookies\system@stat.dealtime[1].txt
Adware.ClickSpring
C:\qoobox\Quarantine\C\Program Files\WNSXS~1\CHOSTE~1.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KIPUQ.DLL.VIR
Trojan.Downloader-Gen/Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\B128.EXE.VIR
Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WCPSVSU32.EXE.VIR