ComboFix 08-02-22.2 - Killer_R 2008-03-01 17:31:21.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.174 [GMT 1:00] Running from: C:\Documents and Settings\Killer_R\Skrivebord\IEFix\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))) . 2008-03-01 13:38 . 2008-03-01 13:38 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-02-26 18:33 . 2008-02-27 15:55 d-------- C:\Documents and Settings\Killer_R\workspace 2008-02-26 18:27 . 2008-02-27 15:50 d-------- C:\Programmer\Photran 2008-02-26 17:12 . 2008-02-26 17:30 d-------- C:\Programmer\Cygwin 2008-02-25 21:33 . 2008-02-25 21:34 d-------- C:\Programmer\OpenOffice.org 2.3 2008-02-25 20:38 . 2008-02-25 20:38 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-25 20:36 . 2008-03-01 13:38 d-------- C:\Programmer\SUPERAntiSpyware 2008-02-25 20:36 . 2008-02-25 20:36 d-------- C:\Documents and Settings\Killer_R\Application Data\SUPERAntiSpyware.com 2008-02-25 20:05 . 2008-02-29 18:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-25 20:05 . 2008-02-25 20:05 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-22 10:50 . 2008-02-22 10:50 d-------- C:\Documents and Settings\Killer_R\Application Data\Subversion 2008-02-22 10:45 . 2008-02-26 17:15 d-------- C:\Programmer\TortoiseSVN 2008-02-21 16:09 . 2008-02-21 16:09 1,142,784 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-02-21 16:09 . 2008-02-21 16:09 208,896 --a------ C:\WINDOWS\PATCH.EXE 2008-02-21 16:09 . 2008-02-21 16:09 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-02-21 03:07 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-02-20 22:59 . 2008-02-21 20:04 d-------- C:\Documents and Settings\Killer_R\.housecall6.6 2008-02-17 00:22 . 2008-02-17 00:18 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-17 00:22 . 2008-02-17 00:22 3,450 --a------ C:\WINDOWS\unins000.dat 2008-02-16 23:21 . 2008-02-25 23:25 d-------- C:\Programmer\LEd 2008-02-10 13:39 . 2008-02-10 13:39 d-------- C:\Programmer\GSView 2008-02-10 13:37 . 2008-02-10 13:38 d-------- C:\Programmer\GhostScript 2008-02-09 19:25 . 2008-02-09 19:25 d--h----- C:\WINDOWS\PIF 2008-02-09 12:40 . 2008-02-09 12:40 d-------- C:\Programmer\PUndu1 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-01 12:25 --------- d-----w C:\Programmer\Mozilla Thunderbird 2008-02-29 15:24 --------- d-----w C:\Programmer\VPN Client 2008-02-27 19:44 --------- d-----w C:\Programmer\SpywareBlaster 2008-02-27 14:42 --------- d-----w C:\Programmer\Notepad++ 2008-02-27 14:42 --------- d-----w C:\Documents and Settings\Killer_R\Application Data\Notepad++ 2008-02-26 17:27 --------- d-----w C:\Programmer\PowerArchiver 2008-02-26 16:03 --------- d-----w C:\Programmer\Emacs 2008-02-25 20:50 --------- d-----w C:\Documents and Settings\Killer_R\Application Data\OpenOffice.org2 2008-02-25 20:26 --------- d-----w C:\Programmer\OpenOffice.org 2.2 2008-02-25 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-25 19:33 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard 2008-02-23 11:20 --------- d-----w C:\Programmer\TSW WebCoder 2005 2008-02-22 20:55 --------- d-----w C:\Documents and Settings\Killer_R\Application Data\Azureus 2008-02-21 19:53 --------- d-----w C:\Programmer\Avast Antivirus 4 2008-02-21 19:53 --------- d-----w C:\Programmer\Ad-Aware 2007 2008-02-21 19:52 --------- d-----w C:\Programmer\Spybot - Search & Destroy 2008-02-21 19:52 --------- d-----w C:\Programmer\SmartFTP 2008-02-21 19:52 --------- d-----w C:\Programmer\FolderSize 2008-02-21 19:51 --------- d-----w C:\Programmer\Acronis True Image Home 2008-02-21 19:50 --------- d-----w C:\Programmer\Microsoft IntelliPoint 2008-02-21 19:50 --------- d-----w C:\Programmer\Lexmark X1100 Series 2008-02-21 19:49 --------- d-----w C:\Programmer\Messenger Plus! Live 2008-02-19 21:39 --------- d-----w C:\Programmer\Fælles filer\ACD Systems 2008-02-16 15:10 --------- d--h--w C:\Programmer\InstallShield Installation Information 2008-02-09 12:11 --------- d-----w C:\Programmer\Aspell 2008-02-09 09:53 --------- d-----w C:\Programmer\Adobe Reader 8.0 2008-02-09 09:51 --------- d-----w C:\Programmer\Fælles filer\Adobe 2008-02-09 09:36 --------- d-----w C:\Programmer\QuickTime 2008-02-06 08:55 194 ----a-w C:\install_lpr.bat 2008-02-02 23:21 --------- d-----w C:\Programmer\WinAgile 2008-01-28 21:54 --------- d-----w C:\Programmer\Trend Micro 2008-01-28 19:33 --------- d-----w C:\Documents and Settings\Killer_R\Application Data\InfraRecorder 2008-01-26 11:41 --------- d-----w C:\Programmer\CountDown 2008-01-24 22:11 --------- d-----w C:\Documents and Settings\Killer_R\Application Data\xm1 2008-01-21 19:49 299,008 ------w C:\WINDOWS\Setup1.exe 2008-01-20 15:13 --------- d-----w C:\Programmer\Morgan mmswitch 2008-01-18 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-18 12:30 --------- d-----w C:\Programmer\WinAmp 2008-01-15 18:42 --------- d-----w C:\Documents and Settings\Killer_R\Application Data\.idlwave 2008-01-13 14:55 --------- d-----w C:\Documents and Settings\Killer_R\Application Data\ACD Systems 2008-01-13 14:50 --------- d-----w C:\Programmer\Slideshow XP 2008-01-13 14:41 73,216 ------w C:\WINDOWS\ST6UNST.EXE 2008-01-12 21:39 --------- d-----w C:\Programmer\StarNet 2008-01-12 21:38 54 ----a-w C:\install.bat 2008-01-10 18:29 --------- d-----w C:\Documents and Settings\Killer_R\Application Data\Hyperionics 2007-12-11 18:27 69,328 -c--a-w C:\Documents and Settings\Killer_R\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-12-11 19:45 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53 15360] "SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MaxtorOneTouch"="C:\PROGRA~1\MAXTOR~1\Utils\OneTouch.exe" [2003-05-21 14:30 45056] "MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 17:09 118784] "CARPService"="carpserv.exe" [2003-05-21 14:35 4608 C:\WINDOWS\system32\carpserv.exe] "Display Settings"="C:\Programmer\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 05:26 45056] "QT4HPOT"="C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE" [2002-10-14 18:57 98304] "Lexmark X1100 Series"="C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:38 57344] "IntelliPoint"="C:\Programmer\Microsoft IntelliPoint\point32.exe" [2005-06-10 10:21 217088] "NeroFilterCheck"="C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe" [ ] "SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40 98394] "SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38 688218] "TrueImageMonitor.exe"="C:\Programmer\Acronis True Image Home\TrueImageMonitor.exe" [2007-02-16 18:45 1169776] "AcronisTimounterMonitor"="C:\Programmer\Acronis True Image Home\TimounterMonitor.exe" [2007-02-16 18:57 1945960] "Acronis Scheduler2 Service"="C:\Programmer\Fælles filer\Acronis\Schedule2\schedhlp.exe" [ ] "avast!"="C:\PROGRA~1\AVASTA~1\ashDisp.exe" [2007-12-04 14:00 79224] "SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Adobe Reader Speed Launcher"="C:\Programmer\Adobe Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 16:53 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" -atboottime R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2003-07-29 09:00] R3 ALiIRDA;ALi infrarød enhedsdriver;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 21:49] R3 CALIAUD;Conexant AMC 3D Environmental Audio;C:\WINDOWS\system32\drivers\caliaud.sys [2004-02-17 17:58] R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2004-02-17 17:59] R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2004-05-04 14:24] S3 FA312;Driver til NETGEAR FA330/FA312/FA311 Fast Ethernet-netværkskort;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 20:12] S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\system32\DRIVERS\Express.sys [2002-01-18 11:00] S3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13b3b0b0-428a-11dc-baeb-00028a929e07}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-02-09 09:12:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programmer\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-01 17:49:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programmer\Ad-Aware 2007\aawservice.exe C:\Programmer\Avast Antivirus 4\aswUpdSv.exe C:\Programmer\Avast Antivirus 4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe C:\Programmer\VPN Client\cvpnd.exe C:\Programmer\FolderSize\FolderSizeSvc.exe C:\WINDOWS\system32\HPConfig.exe C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe C:\Programmer\Avast Antivirus 4\ashMaiSv.exe C:\Programmer\Avast Antivirus 4\ashWebSv.exe C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe . ************************************************************************** . Completion time: 2008-03-01 18:02:00 - machine was rebooted ComboFix2.txt 2008-02-22 09:33:10 . 2008-02-14 19:13:50 --- E O F ---