ComboFix 08-04-12.10 - Peter D Martin 2008-04-15 17:52:04.7 - NTFSx86
Running from: C:\Documents and Settings\Peter D Martin\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Peter D Martin\Shared\# bj bridges bj bridges 59.wma
C:\Documents and Settings\Peter D Martin\Shared\(Crack) im feeling nothing dada 16.wma
C:\Documents and Settings\Peter D Martin\Shared\[Full Version] alf garnett 18.wma
C:\Documents and Settings\Peter D Martin\Shared\
02 Track 2 (army).wma
C:\Program Files\MSN Messenger\msimg32.dll
C:\Program Files\MSN Messenger\riched20.dll
C:\school.exe
C:\school.exe\SDFix\apps\assosfix.reg
C:\school.exe\SDFix\apps\cliptext.exe
C:\school.exe\SDFix\apps\download.exe
C:\school.exe\SDFix\apps\dummy.sys
C:\school.exe\SDFix\apps\Enable_Command_Prompt.reg
C:\school.exe\SDFix\apps\ERDNT.E_E
C:\school.exe\SDFix\apps\ERDNTDOS.LOC
C:\school.exe\SDFix\apps\ERDNTWIN.LOC
C:\school.exe\SDFix\apps\ERUNT.EXE
C:\school.exe\SDFix\apps\ERUNT.LOC
C:\school.exe\SDFix\apps\fix.reg
C:\school.exe\SDFix\apps\FixBH.reg
C:\school.exe\SDFix\apps\FixComponents.reg
C:\school.exe\SDFix\apps\FIXCU.reg
C:\school.exe\SDFix\apps\FIXLM.reg
C:\school.exe\SDFix\apps\FixPath.exe
C:\school.exe\SDFix\apps\FixRedir.reg
C:\school.exe\SDFix\apps\FixSchedule.reg
C:\school.exe\SDFix\apps\FixWebCheck.reg
C:\school.exe\SDFix\apps\fixXP.reg
C:\school.exe\SDFix\apps\FixXPsp2.reg
C:\school.exe\SDFix\apps\grep.exe
C:\school.exe\SDFix\apps\HPFix.reg
C:\school.exe\SDFix\apps\HPFix2.reg
C:\school.exe\SDFix\apps\HPFix3.reg
C:\school.exe\SDFix\apps\HPFix4.reg
C:\school.exe\SDFix\apps\HPFix5.reg
C:\school.exe\SDFix\apps\HPFix6.reg
C:\school.exe\SDFix\apps\HPFix7.reg
C:\school.exe\SDFix\apps\isadmin.exe
C:\school.exe\SDFix\apps\leg2.txt
C:\school.exe\SDFix\apps\legacy.txt
C:\school.exe\SDFix\apps\legacybk.txt
C:\school.exe\SDFix\apps\locate.com
C:\school.exe\SDFix\apps\LS.exe
C:\school.exe\SDFix\apps\MD5File.exe
C:\school.exe\SDFix\apps\MyGcpvFix.reg
C:\school.exe\SDFix\apps\MyGkFix2.reg
C:\school.exe\SDFix\apps\Process.exe
C:\school.exe\SDFix\apps\procs.exe
C:\school.exe\SDFix\apps\psservice.exe
C:\school.exe\SDFix\apps\Rem.txt
C:\school.exe\SDFix\apps\Rem2.txt
C:\school.exe\SDFix\apps\Replace\regedit.exe
C:\school.exe\SDFix\apps\Replace\W2K.exe
C:\school.exe\SDFix\apps\Replace\w2k\beep.sys
C:\school.exe\SDFix\apps\Replace\w2k\null.sys
C:\school.exe\SDFix\apps\Replace\XP.exe
C:\school.exe\SDFix\apps\Replace\xp\beep.sys
C:\school.exe\SDFix\apps\Replace\xp\null.sys
C:\school.exe\SDFix\apps\Reset_AppInit_DLLs.reg
C:\school.exe\SDFix\apps\RestartIt!.exe
C:\school.exe\SDFix\apps\Restore_SecurityCenter.reg
C:\school.exe\SDFix\apps\Restore_SharedAccess.reg
C:\school.exe\SDFix\apps\sc.exe
C:\school.exe\SDFix\apps\sed.exe
C:\school.exe\SDFix\apps\SF.exe
C:\school.exe\SDFix\apps\shutdown.exe
C:\school.exe\SDFix\apps\srv2.txt
C:\school.exe\SDFix\apps\srv2bk.txt
C:\school.exe\SDFix\apps\svc.txt
C:\school.exe\SDFix\apps\svcbk.txt
C:\school.exe\SDFix\apps\swreg.exe
C:\school.exe\SDFix\apps\swsc.exe
C:\school.exe\SDFix\apps\unzip.exe
C:\school.exe\SDFix\apps\vfind.exe
C:\school.exe\SDFix\apps\WINMSG.EXE
C:\school.exe\SDFix\apps\winsec.reg
C:\school.exe\SDFix\apps\zip.exe
C:\school.exe\SDFix\catchme.exe
C:\school.exe\SDFix\dummy.sys
C:\school.exe\SDFix\RunThis.bat
C:\school.exe\SDFix\SDFIX_ReadMe_Online.url
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UGES_0001_N122M2602NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UGES_0001_N122M2602NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UGES_0001_N122M2602NetInstaller.exe
C:\WINDOWS\system32\sex2.ico.tmp
C:\WINDOWS\system32\sex3.ico.tmp
.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-13 18:52 . 2008-04-13 18:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-13 18:52 . 2008-04-13 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 19:04 . 2008-04-12 19:04 269,334 --a------ C:\WINDOWS\system32\apknihgb.bmp
2008-04-12 10:17 . 2008-04-12 10:17 269,334 --a------ C:\WINDOWS\system32\felsnilcfatsf.bmp
2008-04-11 22:09 . 2008-04-11 22:09 269,334 --a------ C:\WINDOWS\system32\lcbitojml.bmp
2008-04-11 19:29 . 2008-04-11 19:29 269,334 --a------ C:\WINDOWS\system32\nepgjeh.bmp
2008-04-11 17:42 . 2008-04-11 17:42 <DIR> d-------- C:\_OTMoveIt
2008-04-11 17:13 . 2008-04-11 17:13 269,334 --a------ C:\WINDOWS\system32\krqtcjah.bmp
2008-04-10 16:29 . 2008-04-10 16:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-08 20:43 . 2002-08-29 03:03 2,042,240 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-04-05 22:36 . 2008-04-10 16:55 <DIR> d-------- C:\SDFix
2008-04-04 19:30 . 2008-04-07 18:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 19:30 . 2008-04-04 19:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 18:34 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-04 18:34 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-04 18:34 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-04 18:34 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-04 18:34 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-04 18:34 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-04 18:34 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-04 18:34 . 2008-04-04 18:34 6,328 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-04 18:28 . 2008-04-12 10:32 <DIR> d-------- C:\scanner.exe
2008-04-03 17:50 . 2008-04-03 17:50 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-02 16:15 . 2008-04-02 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-19 22:42 . 2008-03-19 22:42 <DIR> d-------- C:\Program Files\Panicware
2008-03-18 21:32 . 2008-03-19 22:42 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-03-16 22:17 . 2008-03-16 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 16:36 --------- d-----w C:\Program Files\MSN Messenger
2008-04-10 15:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-01 16:38 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Audacity
2008-03-19 22:44 --------- d-----w C:\Program Files\Google
2008-03-19 21:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 21:25 --------- d-----w C:\Program Files\EPSON
2008-03-19 21:23 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-03-18 20:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 16:09 --------- d-----w C:\Program Files\Canon
2008-03-14 16:07 248 ----a-w C:\UnInstall.dat
2008-03-14 16:05 --------- d-----w C:\Program Files\DivX
2006-11-19 20:50 78,424 ----a-w C:\Documents and Settings\Lorna Hubbard\Application Data\GDIPFONTCACHEV1.DAT
2005-03-15 17:44 0 ----a-w C:\Documents and Settings\Peter D Martin\Application Data\wklnhst.dat
2005-12-06 19:31 56 --sh--r C:\WINDOWS\system32\1607371D5C.sys
2006-01-16 17:58 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-02-06 18:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-04 08:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
2006-04-28 10:58 575488 3d5062a7667913b9b515cc5769e9fb31 C:\WINDOWS\SoftwareDistribution\Download\49afa2a0b3ea87b912cc10130c63a60f\rtmgdr\wininet.dll
2006-04-28 18:48 587264 5f4e89c8b4903acbba2f4b32cf1ed3ad C:\WINDOWS\SoftwareDistribution\Download\49afa2a0b3ea87b912cc10130c63a60f\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\cb88c3740b7bdbe6238a3381da220dae\rtmgdr\wininet.dll
2006-06-23 19:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\cb88c3740b7bdbe6238a3381da220dae\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\cfab6bea01ff38473d99ea9faefb37c0\rtmgdr\wininet.dll
2006-06-23 19:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\cfab6bea01ff38473d99ea9faefb37c0\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\dllcache\wininet.dll
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2003-03-31 03:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtUninstallQ815485$\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\Driver Cache\i386\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( snapshot_2008-04-13_18.01.47.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 16:26:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 16:41:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:02 68856]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 12:10 536576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-06-17 21:48 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-06-17 21:43 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 18:15 536576]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:55 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-05-27 20:28 278528]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-22 23:15 26112]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 03:12 483328]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-12-24 03:33 188416]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58 229952]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 02:06 495616]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 17:05 1838592]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-03-31 03:00 13312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:02 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-06-11 21:34 190696]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-8796-100000000002}\SC_Acrobat.exe [2005-11-30 21:22:58 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 23:18:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-04-15 17:56:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A?p?????????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-15 17:58:14
ComboFix-quarantined-files.txt 2008-04-15 16:57:28
ComboFix2.txt 2008-04-13 20:54:50
ComboFix3.txt 2008-04-13 17:02:39
ComboFix4.txt 2008-04-11 16:32:29
ComboFix5.txt 2008-04-10 22:03:14
Pre-Run: 12,228,841,472 bytes free
Post-Run: 12,215,992,320 bytes free
.
2008-03-16 11:13:52 --- E O F ---