combofix log
ComboFix 07-12-02.7 - kevin noble 2007-12-04 13:24:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.57 [GMT 1:00]
Running from: C:\Documents and Settings\kevin noble\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\kevin noble\Application Data\addon.dat
C:\WINDOWS\system32\drivers\hkjueqpi.sys
C:\WINDOWS\system32\drivers\sqbaaqsi.dat
C:\WINDOWS\system32\fonafon.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_TFPMKPRR
-------\LEGACY_VJFYARYM
-------\tfpmkprr
-------\vjfyarym
((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.
2007-12-03 22:34 . 2007-12-03 22:34 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-03 22:19 . 2007-12-04 13:43 226,392 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2007-12-03 19:28 . 2007-12-03 22:34 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2007-12-03 19:19 . 2007-12-03 19:19 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2007-12-03 19:17 . 2007-12-04 11:18 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys
2007-12-03 19:16 . 2007-12-04 13:43 1,224 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2007-12-03 19:16 . 2007-12-03 19:16 0 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2007-12-03 19:12 . 2007-12-03 19:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\sentinel
2007-12-03 19:08 . 2007-12-04 13:43 226,392 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-12-03 19:08 . 2007-07-11 11:39 191,672 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2007-12-03 19:08 . 2007-06-06 10:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-12-03 19:08 . 2007-05-11 09:33 51,256 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2007-12-03 19:08 . 2007-05-11 09:33 37,304 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2007-12-03 19:08 . 2007-05-11 09:33 30,648 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2007-12-03 19:08 . 2007-12-04 13:43 1,224 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG
2007-12-03 19:07 . 2007-12-03 19:07 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Backup
2007-12-03 19:07 . 2003-10-22 18:23 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll
2007-12-03 19:07 . 2007-05-11 09:33 132,920 --a------ C:\WINDOWS\system32\drivers\NETFLTDI.SYS
2007-12-03 19:07 . 2007-05-11 09:33 71,736 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2007-12-03 19:07 . 2007-03-15 19:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
2007-12-03 19:07 . 2007-05-11 09:33 22,072 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2007-12-03 19:06 . 2007-12-03 19:06 <DIR> d-------- C:\WINDOWS\system32\PAV
2007-12-03 19:06 . 2007-12-03 19:06 <DIR> d-------- C:\Program Files\Panda Security
2007-12-03 19:06 . 2007-07-12 08:42 292,144 --a------ C:\WINDOWS\system32\PavSHook.dll
2007-12-03 19:06 . 2007-03-13 18:01 161,328 --a------ C:\WINDOWS\system32\TpUtil.dll
2007-12-03 19:06 . 2007-04-24 15:43 142,128 --a------ C:\WINDOWS\system32\drivers\netimflt.sys
2007-12-03 19:06 . 2007-02-08 11:53 107,568 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2007-12-03 19:06 . 2007-02-28 18:04 63,024 --a------ C:\WINDOWS\system32\pavipc.dll
2007-12-03 19:06 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2007-12-03 19:06 . 2007-06-08 08:44 24,760 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2007-12-03 19:06 . 2007-04-24 16:43 1,990 --a------ C:\WINDOWS\system32\drivers\net_m32.inf
2007-12-03 18:52 . 2007-12-03 18:52 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2007-12-03 18:52 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2007-12-03 18:28 . 2007-12-03 18:28 0 --a------ C:\WINDOWS\system32\4046.tmp
2007-12-03 15:01 . 2007-12-03 18:22 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-03 15:01 . 2007-12-03 15:29 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-03 15:01 . 2007-12-03 15:29 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-03 15:01 . 2007-12-03 15:29 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-03 01:38 . 2007-12-03 01:38 <DIR> d-------- C:\Documents and Settings\kevin noble\Application Data\Sunbelt Software
2007-12-03 01:32 . 2007-12-03 01:32 164 --a------ C:\install.dat
2007-12-03 01:30 . 2007-12-03 01:31 <DIR> d-------- C:\Documents and Settings\kevin noble\Application Data\GetRightToGo
2007-12-03 01:03 . 2007-12-03 01:03 <DIR> d-------- C:\Documents and Settings\kevin noble\Application Data\True Sword
2007-12-03 00:50 . 2007-12-03 00:51 <DIR> d-------- C:\Documents and Settings\kevin noble\Application Data\AdwareAlert
2007-11-26 12:17 . 2007-08-20 11:04 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-26 12:17 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-26 12:17 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-26 12:17 . 2007-08-20 11:04 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-26 12:17 . 2007-08-20 11:04 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-26 12:17 . 2007-08-20 11:04 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-26 12:17 . 2007-08-20 11:04 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-26 12:17 . 2007-08-20 11:04 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-26 12:17 . 2007-08-17 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-26 11:41 . 2007-11-26 12:19 1,393 --a------ C:\WINDOWS\imsins.BAK
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-04 12:46 --------- d-----w C:\Program Files\lg_fwupdate
2007-12-03 19:56 --------- d-----w C:\Program Files\RegCure
2007-12-03 18:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 18:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-12-03 17:05 --------- d-----w C:\Program Files\Windows Media Player 10.00.00.3802
2007-12-03 17:04 --------- d-----w C:\Program Files\Super Torrent Search
2007-12-03 17:04 --------- d-----w C:\Program Files\SudokuSolver
2007-12-03 17:04 --------- d-----w C:\Program Files\sudoku solver 2.0
2007-12-03 16:59 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-03 16:59 --------- d-----w C:\Program Files\Spybot
2007-12-03 16:59 --------- d-----w C:\Program Files\Speed DVD Creator
2007-12-03 16:58 --------- d-----w C:\Program Files\RegistryMechanic
2007-12-03 16:57 --------- d-----w C:\Program Files\QuickTime
2007-12-03 16:56 --------- d-----w C:\Program Files\Popup Manager 1.01
2007-12-03 16:56 --------- d-----w C:\Program Files\PokerStars
2007-12-03 16:55 --------- d-----w C:\Program Files\PhotoshopCS
2007-12-03 16:55 --------- d-----w C:\Program Files\PartyPoker
2007-12-03 16:54 --------- d-----w C:\Program Files\OfficeUpdate11
2007-12-03 16:54 --------- d-----w C:\Program Files\Office2003
2007-12-03 16:43 --------- d-----w C:\Program Files\nero6608
2007-12-03 16:42 --------- d-----w C:\Program Files\Nero
2007-12-03 16:41 --------- d-----w C:\Program Files\Moraff's Maximum MahJongg
2007-12-03 16:39 --------- d-----w C:\Program Files\Microsoft Works
2007-12-03 16:39 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-12-03 16:31 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-03 16:31 --------- d-----w C:\Program Files\Media Player Classic
2007-12-03 16:24 --------- d-----w C:\Program Files\Mailwasher
2007-12-03 16:24 --------- d-----w C:\Program Files\LimeWire
2007-12-03 16:23 --------- d-----w C:\Program Files\KService
2007-12-03 16:21 --------- d-----w C:\Program Files\Kaspersky
2007-12-03 16:19 --------- d-----w C:\Program Files\iTunes
2007-12-03 16:18 --------- d-----w C:\Program Files\ISOBuster
2007-12-03 16:14 --------- d-----w C:\Program Files\honestech One Touch DVD
2007-12-03 16:14 --------- d-----w C:\Program Files\Firefox
2007-12-03 16:14 --------- d-----w C:\Program Files\eXeem 0.21 public beta
2007-12-03 16:13 --------- d-----w C:\Program Files\EPSON Print CD
2007-12-03 16:11 --------- d-----w C:\Program Files\EMUSB2.0
2007-12-03 16:11 --------- d-----w C:\Program Files\eMule
2007-12-03 16:11 --------- d-----w C:\Program Files\DXBall2
2007-12-03 16:11 --------- d-----w C:\Program Files\DVD Shrink
2007-12-03 16:09 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-12-03 16:09 --------- d-----w C:\Program Files\Common Files\Stardock
2007-12-03 16:09 --------- d-----w C:\Program Files\Common Files\Paltalk
2007-12-03 16:06 --------- d-----w C:\Program Files\Common Files\COWON
2007-12-03 16:05 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-12-03 16:05 --------- d-----w C:\Program Files\Chessmaster 8000
2007-12-03 16:05 --------- d-----w C:\Program Files\Bug Doctor
2007-12-03 16:05 --------- d-----w C:\Program Files\Azureus
2007-12-03 16:03 --------- d-----w C:\Program Files\AnyDVD 4.5.7.2
2007-12-03 16:03 --------- d-----w C:\Program Files\Ahead
2007-12-03 15:59 --------- d-----w C:\Program Files\AC3Filter
2007-12-03 15:26 --------- d-----w C:\Documents and Settings\kevin noble\Application Data\ppstream
2007-12-03 15:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-03 15:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
2007-12-02 23:46 --------- d-----w C:\Documents and Settings\kevin noble\Application Data\Azureus
2007-11-12 16:33 --------- d-----w C:\Program Files\nero-nra
2007-10-28 09:56 --------- d-----w C:\Documents and Settings\kevin noble\Application Data\Talkback
2007-10-07 23:10 --------- d-----w C:\Program Files\Java
2007-10-07 20:41 --------- d-----w C:\Documents and Settings\kevin noble\Application Data\RegistrySmart
2007-06-24 18:15 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-11-24 14:20 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2005-11-04 10:25 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2005-02-23 12:59 38,299,726 ----a-w C:\Program Files\nero6608.exe
2005-02-12 11:29 3,459,504 ----a-w C:\Program Files\LimeWireWin.exe
2005-01-10 20:11 137,216 ----a-w C:\Program Files\Nero 6.6.0.8 Keygen.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" [2005-06-02 16:03]
"kdx"="C:\WINDOWS\kdx\KHost.exe" [2006-04-03 12:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"XpDis0Conf"="C:\PROGRA~1\Belkin\BELKIN~1\Tool\Win XPDisableZeroConfigation.exe" [2004-02-23 16:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-28 15:17]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [2005-03-11 07:08]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 15:25]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2005-04-12 10:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.exe" [2007-07-23 18:30]
"SCANINICIO"="C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" [2007-07-11 15:17]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
honestech One Touch DVD Receiver.lnk - C:\Program Files\honestech One Touch DVD\Receiver.exe [2006-12-31 14:25:57]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll
R1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS
R1 DSAFLT
SA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS
R1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS
R1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
R1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\drivers\cpoint.sys
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys
S3 ComFiltr;Panda Anti-Dialer;\??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sy s
S3 Diag69xp
iag69xp;C:\WINDOWS\system32\Drivers\Diag 69xp.sys
S3 ids00026;ids00026;\??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys
S3 ids0005c;ids0005c;\??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-12-03 00:49:50 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-03 23:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-01 08:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-01 09:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-03 10:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-04 11:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-04 12:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-03 13:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-03 14:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-03 15:00:06 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-03 16:00:02 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-03 17:00:03 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-04 00:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-03 18:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-03 19:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-03 20:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-03 21:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-03 22:00:01 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-03 01:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-10-29 02:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-10-08 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-10-08 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-10-11 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-10-11 05:00:01 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-11-09 07:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\BM8desSR.exe
"2007-12-03 18:18:49 C:\WINDOWS\Tasks\Basic clean-up.job"
- C:\Program Files\Panda Security\Panda Internet Security 2008\PlaTasks.exe
"2007-12-03 18:18:50 C:\WINDOWS\Tasks\Basic clean-up1.job"
- C:\Program Files\Panda Security\Panda Internet Security 2008\PlaTasks.exe
"2007-12-04 12:44:33 C:\WINDOWS\Tasks\RegCure Program Check.job"
"2007-10-07 20:53:49 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-10-29 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
************************************************** ************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-12-04 13:45:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
************************************************** ************************
.
Completion time: 2007-12-04 13:49:37 - machine was rebooted
.
--- E O F ---
PC Help Forum
» Security & Safety
» [Fixed] Hijackthis! Logs
»
hijack-log , please help
hijack-log , please help
Re: hijack-log , please help
Linear Mode
