Fossilk1
2008-12-18, 00:54
I am sorry for the previous posts, and i know this will put me back on help but i rather have the person who is going to help me with all the information in 1 post.
Thank you.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:12 PM, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kuk-bot.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: eczvuw.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 7169 bytes
ComboFix 08-12-14.05 - Foss 2008-12-17 18:29:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3262.2743 [GMT -5:00]
Running from: c:\documents and settings\Foss\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-11-17 to 2008-12-17 )))))))))))))))))))))))))))))))
.
2008-12-15 12:08 . 2008-12-15 12:12 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-12-15 11:20 . 2008-12-15 11:20 <DIR> d-------- c:\program files\Trend Micro
2008-12-15 01:06 . 2008-12-15 01:08 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-14 22:25 . 2008-12-14 22:25 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-14 22:18 . 2008-12-14 22:18 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-14 22:18 . 2008-12-14 22:18 <DIR> d-------- c:\documents and settings\Foss\Application Data\SUPERAntiSpyware.com
2008-12-14 22:18 . 2008-12-14 22:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-14 22:06 . 2008-12-14 22:06 <DIR> d-------- C:\VundoFix Backups
2008-12-14 21:44 . 2008-12-14 21:44 95 --a------ c:\windows\wininit.ini
2008-12-14 21:20 . 2008-12-14 22:22 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-14 21:20 . 2008-12-14 21:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 20:34 . 2008-12-14 20:34 <DIR> d-------- c:\program files\Lavasoft
2008-12-14 20:34 . 2008-12-14 20:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-14 20:33 . 2008-12-14 22:17 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-14 19:27 . 2008-12-14 19:27 <DIR> d-------- c:\program files\Rockstar Games
2008-12-14 11:54 . 2008-12-14 11:54 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-14 11:54 . 2008-12-14 11:54 1,409 --a------ c:\windows\QTFont.for
2008-12-13 19:15 . 2008-12-13 19:15 <DIR> d-------- c:\windows\San Andreas Mod Installer
2008-12-12 21:43 . 2008-12-13 16:13 34,308 --a------ C:\BASSMOD.DLL
2008-12-11 22:50 . 2008-12-11 22:50 <DIR> d-------- c:\documents and settings\Foss\Application Data\acccore
2008-12-11 22:49 . 2008-12-11 22:49 <DIR> d-------- c:\program files\Viewpoint
2008-12-11 22:49 . 2008-12-11 22:49 <DIR> d-------- c:\program files\Common Files\AOL
2008-12-11 22:49 . 2008-12-11 22:50 <DIR> d-------- c:\program files\AIM6
2008-12-11 22:49 . 2008-12-11 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-11 22:49 . 2008-12-11 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2008-12-11 22:49 . 2008-12-11 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2008-12-11 22:49 . 2008-12-11 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-12-11 22:49 . 2008-12-11 22:50 368 --ah----- C:\IPH.PH
2008-12-10 15:12 . 2008-12-10 15:12 122 --a------ c:\windows\WA.INI
2008-12-08 11:15 . 2008-12-08 11:15 1,594,540 --a------ c:\windows\WANEUninstaller.exe
2008-12-08 11:07 . 2008-12-08 11:07 <DIR> d-------- C:\Games
2008-12-08 01:37 . 2008-12-08 01:37 <DIR> d-------- c:\documents and settings\Foss\Application Data\Roxio
2008-12-04 23:47 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-12-04 23:47 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-12-04 23:47 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-12-04 23:46 . 2008-07-10 11:00 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2008-12-04 23:46 . 2008-07-10 11:00 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2008-12-04 23:46 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-12-04 23:46 . 2008-07-30 06:20 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2008-12-04 23:46 . 2008-07-10 11:01 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2008-12-04 23:46 . 2008-07-30 06:20 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2008-12-04 23:46 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-12-04 23:46 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-12-04 23:46 . 2008-07-30 06:20 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2008-12-04 23:46 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-28 22:07 . 2008-11-28 22:07 40 --a------ c:\documents and settings\Foss\language.dat
2008-11-28 22:03 . 2008-11-28 22:03 122 --a------ c:\windows\kaillera.ini
2008-11-24 11:17 . 2008-11-24 11:30 <DIR> d-------- c:\program files\Cheat Engine
2008-11-24 11:17 . 2007-12-26 17:30 1,970,176 --a------ c:\windows\system32\d3dx9.dll
2008-11-24 11:17 . 2007-12-26 17:30 679,936 --a------ c:\windows\system32\D3DX81ab.dll
2008-11-23 18:47 . 2008-12-14 20:22 <DIR> d-------- c:\program files\Steam
2008-11-22 22:19 . 2008-11-22 22:19 <DIR> d-------- c:\program files\America's Army
2008-11-22 21:45 . 2008-11-26 12:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2008-11-19 16:29 . 2008-11-19 16:29 0 --a------ c:\windows\nsreg.dat
2008-11-18 17:13 . 2008-11-18 17:13 <DIR> d-------- c:\program files\BayGenie
2008-11-18 16:37 . 2008-11-18 16:37 <DIR> d-------- c:\program files\myibay
2008-11-18 16:37 . 2008-11-18 16:37 <DIR> d-------- c:\documents and settings\Foss\Application Data\.myibay
2008-11-18 09:50 . 2008-11-18 09:50 <DIR> d-------- c:\program files\uTorrent
2008-11-18 09:50 . 2008-12-14 20:30 <DIR> d-------- c:\documents and settings\Foss\Application Data\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 23:23 47,104 ----a-w c:\windows\system32\rpcnet.dll
2008-12-17 23:23 17,408 ----a-w c:\windows\system32\rpcnetp.exe
2008-12-15 16:16 17,408 ----a-w c:\windows\system32\rpcnetp.dll
2008-12-15 05:25 --------- d-----w c:\program files\RegVac Registry Cleaner
2008-12-15 00:44 47,104 ----a-w c:\windows\system32\rpcnet.exe
2008-12-14 20:51 --------- d-----w c:\program files\Diablo II
2008-12-13 02:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-08 15:52 --------- d-----w c:\program files\SlySoft
2008-11-16 06:39 --------- d-----w c:\program files\Starcraft
2008-11-12 17:32 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-12 17:32 --------- d-----w c:\program files\Mass Effect
2008-11-12 17:26 --------- d-----w c:\program files\Common Files\BioWare
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 07:08 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-10-02 22:36 32,256 ----a-w c:\windows\system32\identprv.dll
2008-04-03 01:30 74 -csh--r c:\windows\CT4CET.bin
2008-05-11 18:53 1,860,128 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-05-11 18:53 8,480 --sha-w c:\windows\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-17_18.24.36.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-17 23:10:08 72,382 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-17 23:27:07 72,382 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-17 23:10:08 443,534 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-17 23:27:07 443,534 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-02 13529088]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eczvuw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Matrix Screen Locker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Matrix Screen Locker.lnk
backup=c:\windows\pss\Matrix Screen Locker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Foss^Start Menu^Programs^Startup^RegVac.lnk]
path=c:\documents and settings\Foss\Start Menu\Programs\Startup\RegVac.lnk
backup=c:\windows\pss\RegVac.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2004-02-19 07:23 61440 c:\dell\bldbubg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 14:21 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2007-07-20 16:55 1228800 c:\program files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 2007-07-27 16:43 118784 c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a--c--- 2008-02-13 19:21 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a--c--- 2008-01-17 21:40 17920 c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a--c--- 2006-10-26 23:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2007-07-25 16:30 974848 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a--c--- 2007-07-25 16:32 823296 c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
--a------ 2006-11-02 14:05 282624 c:\windows\system32\KADxMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
-----c--- 2007-07-17 23:26 775952 c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-07-02 21:33 13529088 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-07-02 21:33 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
--a------ 2007-08-28 15:54 36864 c:\windows\OEM02Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2007-11-01 15:39 189736 c:\program files\Dell\MediaDirect\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-07-17 23:09 851968 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
--a------ 2008-07-02 21:33 86016 c:\windows\system32\nvhotkey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-07-02 21:33 1630208 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a--c--- 2007-07-17 09:12 405504 c:\windows\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\ctmweb.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:ComboFix
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" [2007-12-21 468224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-12-11 24652]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-04-02 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-04-02 7424]
R3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [2008-04-02 117888]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.kuk-bot.net/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080403
uInternet Settings,ProxyServer = socks=
c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
FF - ProfilePath - c:\documents and settings\Foss\Application Data\Mozilla\Firefox\Profiles\fdcjyv9b.default\
FF - prefs.js: browser.startup.homepage - 1st-hacks.com
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 18:29:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\autochk(3).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(4).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(5).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(6).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(9).exe:BAK 22528 bytes executable
scan completed successfully
hidden files: 5
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1296)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2008-12-17 18:30:25
ComboFix-quarantined-files.txt 2008-12-17 23:30:19
ComboFix2.txt 2008-12-17 23:24:55
Pre-Run: 81,577,783,296 bytes free
Post-Run: 81,561,849,856 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
282 --- E O F --- 2008-12-12 01:17:17
Thank you.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:12 PM, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kuk-bot.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: eczvuw.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 7169 bytes
ComboFix 08-12-14.05 - Foss 2008-12-17 18:29:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3262.2743 [GMT -5:00]
Running from: c:\documents and settings\Foss\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-11-17 to 2008-12-17 )))))))))))))))))))))))))))))))
.
2008-12-15 12:08 . 2008-12-15 12:12 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-12-15 11:20 . 2008-12-15 11:20 <DIR> d-------- c:\program files\Trend Micro
2008-12-15 01:06 . 2008-12-15 01:08 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-14 22:25 . 2008-12-14 22:25 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-14 22:18 . 2008-12-14 22:18 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-14 22:18 . 2008-12-14 22:18 <DIR> d-------- c:\documents and settings\Foss\Application Data\SUPERAntiSpyware.com
2008-12-14 22:18 . 2008-12-14 22:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-14 22:06 . 2008-12-14 22:06 <DIR> d-------- C:\VundoFix Backups
2008-12-14 21:44 . 2008-12-14 21:44 95 --a------ c:\windows\wininit.ini
2008-12-14 21:20 . 2008-12-14 22:22 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-14 21:20 . 2008-12-14 21:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 20:34 . 2008-12-14 20:34 <DIR> d-------- c:\program files\Lavasoft
2008-12-14 20:34 . 2008-12-14 20:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-14 20:33 . 2008-12-14 22:17 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-14 19:27 . 2008-12-14 19:27 <DIR> d-------- c:\program files\Rockstar Games
2008-12-14 11:54 . 2008-12-14 11:54 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-14 11:54 . 2008-12-14 11:54 1,409 --a------ c:\windows\QTFont.for
2008-12-13 19:15 . 2008-12-13 19:15 <DIR> d-------- c:\windows\San Andreas Mod Installer
2008-12-12 21:43 . 2008-12-13 16:13 34,308 --a------ C:\BASSMOD.DLL
2008-12-11 22:50 . 2008-12-11 22:50 <DIR> d-------- c:\documents and settings\Foss\Application Data\acccore
2008-12-11 22:49 . 2008-12-11 22:49 <DIR> d-------- c:\program files\Viewpoint
2008-12-11 22:49 . 2008-12-11 22:49 <DIR> d-------- c:\program files\Common Files\AOL
2008-12-11 22:49 . 2008-12-11 22:50 <DIR> d-------- c:\program files\AIM6
2008-12-11 22:49 . 2008-12-11 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-11 22:49 . 2008-12-11 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2008-12-11 22:49 . 2008-12-11 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2008-12-11 22:49 . 2008-12-11 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-12-11 22:49 . 2008-12-11 22:50 368 --ah----- C:\IPH.PH
2008-12-10 15:12 . 2008-12-10 15:12 122 --a------ c:\windows\WA.INI
2008-12-08 11:15 . 2008-12-08 11:15 1,594,540 --a------ c:\windows\WANEUninstaller.exe
2008-12-08 11:07 . 2008-12-08 11:07 <DIR> d-------- C:\Games
2008-12-08 01:37 . 2008-12-08 01:37 <DIR> d-------- c:\documents and settings\Foss\Application Data\Roxio
2008-12-04 23:47 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-12-04 23:47 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-12-04 23:47 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-12-04 23:46 . 2008-07-10 11:00 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2008-12-04 23:46 . 2008-07-10 11:00 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2008-12-04 23:46 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-12-04 23:46 . 2008-07-30 06:20 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2008-12-04 23:46 . 2008-07-10 11:01 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2008-12-04 23:46 . 2008-07-30 06:20 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2008-12-04 23:46 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-12-04 23:46 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-12-04 23:46 . 2008-07-30 06:20 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2008-12-04 23:46 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-28 22:07 . 2008-11-28 22:07 40 --a------ c:\documents and settings\Foss\language.dat
2008-11-28 22:03 . 2008-11-28 22:03 122 --a------ c:\windows\kaillera.ini
2008-11-24 11:17 . 2008-11-24 11:30 <DIR> d-------- c:\program files\Cheat Engine
2008-11-24 11:17 . 2007-12-26 17:30 1,970,176 --a------ c:\windows\system32\d3dx9.dll
2008-11-24 11:17 . 2007-12-26 17:30 679,936 --a------ c:\windows\system32\D3DX81ab.dll
2008-11-23 18:47 . 2008-12-14 20:22 <DIR> d-------- c:\program files\Steam
2008-11-22 22:19 . 2008-11-22 22:19 <DIR> d-------- c:\program files\America's Army
2008-11-22 21:45 . 2008-11-26 12:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2008-11-19 16:29 . 2008-11-19 16:29 0 --a------ c:\windows\nsreg.dat
2008-11-18 17:13 . 2008-11-18 17:13 <DIR> d-------- c:\program files\BayGenie
2008-11-18 16:37 . 2008-11-18 16:37 <DIR> d-------- c:\program files\myibay
2008-11-18 16:37 . 2008-11-18 16:37 <DIR> d-------- c:\documents and settings\Foss\Application Data\.myibay
2008-11-18 09:50 . 2008-11-18 09:50 <DIR> d-------- c:\program files\uTorrent
2008-11-18 09:50 . 2008-12-14 20:30 <DIR> d-------- c:\documents and settings\Foss\Application Data\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 23:23 47,104 ----a-w c:\windows\system32\rpcnet.dll
2008-12-17 23:23 17,408 ----a-w c:\windows\system32\rpcnetp.exe
2008-12-15 16:16 17,408 ----a-w c:\windows\system32\rpcnetp.dll
2008-12-15 05:25 --------- d-----w c:\program files\RegVac Registry Cleaner
2008-12-15 00:44 47,104 ----a-w c:\windows\system32\rpcnet.exe
2008-12-14 20:51 --------- d-----w c:\program files\Diablo II
2008-12-13 02:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-08 15:52 --------- d-----w c:\program files\SlySoft
2008-11-16 06:39 --------- d-----w c:\program files\Starcraft
2008-11-12 17:32 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-12 17:32 --------- d-----w c:\program files\Mass Effect
2008-11-12 17:26 --------- d-----w c:\program files\Common Files\BioWare
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 07:08 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-10-02 22:36 32,256 ----a-w c:\windows\system32\identprv.dll
2008-04-03 01:30 74 -csh--r c:\windows\CT4CET.bin
2008-05-11 18:53 1,860,128 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-05-11 18:53 8,480 --sha-w c:\windows\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-17_18.24.36.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-17 23:10:08 72,382 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-17 23:27:07 72,382 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-17 23:10:08 443,534 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-17 23:27:07 443,534 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-02 13529088]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eczvuw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Matrix Screen Locker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Matrix Screen Locker.lnk
backup=c:\windows\pss\Matrix Screen Locker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Foss^Start Menu^Programs^Startup^RegVac.lnk]
path=c:\documents and settings\Foss\Start Menu\Programs\Startup\RegVac.lnk
backup=c:\windows\pss\RegVac.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2004-02-19 07:23 61440 c:\dell\bldbubg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 14:21 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2007-07-20 16:55 1228800 c:\program files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 2007-07-27 16:43 118784 c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a--c--- 2008-02-13 19:21 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a--c--- 2008-01-17 21:40 17920 c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a--c--- 2006-10-26 23:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2007-07-25 16:30 974848 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a--c--- 2007-07-25 16:32 823296 c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
--a------ 2006-11-02 14:05 282624 c:\windows\system32\KADxMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
-----c--- 2007-07-17 23:26 775952 c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-07-02 21:33 13529088 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-07-02 21:33 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
--a------ 2007-08-28 15:54 36864 c:\windows\OEM02Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2007-11-01 15:39 189736 c:\program files\Dell\MediaDirect\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-07-17 23:09 851968 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
--a------ 2008-07-02 21:33 86016 c:\windows\system32\nvhotkey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-07-02 21:33 1630208 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a--c--- 2007-07-17 09:12 405504 c:\windows\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\ctmweb.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:ComboFix
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" [2007-12-21 468224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-12-11 24652]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-04-02 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-04-02 7424]
R3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [2008-04-02 117888]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.kuk-bot.net/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080403
uInternet Settings,ProxyServer = socks=
c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
FF - ProfilePath - c:\documents and settings\Foss\Application Data\Mozilla\Firefox\Profiles\fdcjyv9b.default\
FF - prefs.js: browser.startup.homepage - 1st-hacks.com
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 18:29:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\autochk(3).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(4).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(5).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(6).exe:BAK 22528 bytes executable
c:\windows\system32\autochk(9).exe:BAK 22528 bytes executable
scan completed successfully
hidden files: 5
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1296)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2008-12-17 18:30:25
ComboFix-quarantined-files.txt 2008-12-17 23:30:19
ComboFix2.txt 2008-12-17 23:24:55
Pre-Run: 81,577,783,296 bytes free
Post-Run: 81,561,849,856 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
282 --- E O F --- 2008-12-12 01:17:17