ComboFix 08-01-23.1 - lLavanda 01/22/2008 22:32:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.470 [GMT 2:00]
Running from: C:\Documents and Settings\lLavanda\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\agsaame.dll
C:\WINDOWS\system32\ALOAudioFile2.dll
C:\WINDOWS\system32\ALOAVIFile.dll
C:\WINDOWS\system32\ALOQuickTimeFile.dll
C:\WINDOWS\system32\ALOVideoCoreM.dll
C:\WINDOWS\system32\ALOWMAFile2.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 20:41 95,540 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-22 20:41 5,942,304 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-22 20:41 19,808 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-22 20:41 154,656 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-22 20:39 --------- d-----w C:\Program Files\Caffe
2008-01-21 14:20 90,112 ----a-w C:\WINDOWS\system32\ALOAudioFormatSettings3.dll
2008-01-21 14:20 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-01-21 14:20 780,288 ----a-w C:\WINDOWS\system32\ALOVideoCompress.dll
2008-01-21 14:20 778,240 ----a-w C:\WINDOWS\system32\ALOAudioCompress2.dll
2008-01-21 14:20 753,664 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-01-21 14:20 626,688 ----a-w C:\WINDOWS\system32\agsaamh.dll
2008-01-21 14:20 544,256 ----a-w C:\WINDOWS\system32\agsaamd.dll
2008-01-21 14:20 538,624 ----a-w C:\WINDOWS\system32\agsaamb.dll
2008-01-21 14:20 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-01-21 14:20 331,776 ----a-w C:\WINDOWS\system32\agsaama.dll
2008-01-21 14:20 237,568 ----a-w C:\WINDOWS\system32\lame_enc.dll
2008-01-21 14:20 215,552 ----a-w C:\WINDOWS\system32\ALOWMVFile.dll
2008-01-21 14:20 2,846,720 ----a-w C:\WINDOWS\system32\ALOAudioCompress3.dll
2008-01-21 14:20 2,846,720 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-01-21 14:20 188,416 ----a-w C:\WINDOWS\system32\ALOVideoFile.dll
2008-01-21 14:20 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
2008-01-21 03:50 --------- d-----w C:\Program Files\PSLIDESHOW
2008-01-21 00:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-20 02:34 --------- d-----w C:\Program Files\Slideshow pro
2008-01-20 02:31 --------- d-----w C:\Program Files\mresreg
2008-01-20 02:08 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-20 00:06 --------- d-----w C:\Program Files\BearShare Applications
2008-01-19 11:32 --------- d-----w C:\Program Files\Super Internet TV
2008-01-17 17:36 --------- d-----w C:\Program Files\ImTOO
2008-01-16 01:45 --------- d-----w C:\Program Files\War Chess
2008-01-15 09:06 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-15 09:06 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 09:05 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-15 09:05 --------- d-----w C:\Program Files\Real
2008-01-15 04:34 344,064 ----a-w C:\WINDOWS\system32\dkll.dll
2008-01-15 04:34 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-01-15 04:34 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-01-15 04:34 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-01-15 04:34 --------- d-----w C:\Program Files\Ozone
2008-01-14 13:34 --------- d-----w C:\Program Files\ReflexiveArcade
2008-01-12 13:35 --------- d-----w C:\Program Files\GetData
2008-01-10 22:23 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-09 22:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 22:03 --------- d-----w C:\Program Files\CyberLink
2008-01-09 20:36 --------- d-----w C:\Program Files\Skype
2008-01-09 20:36 --------- d-----w C:\Program Files\Common Files\Skype
2008-01-09 20:31 --------- d-----w C:\Program Files\Yahoo!
2008-01-09 14:35 --------- d-----w C:\Program Files\Network LookOut Administrator Pro
2008-01-09 13:16 --------- d-----w C:\Program Files\Windows Live
2008-01-09 13:16 --------- d-----w C:\Program Files\MSN Messenger
2008-01-09 13:16 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-09 09:49 --------- d-----w C:\Program Files\iVocalize Web Conference 4
2008-01-09 08:28 --------- d-----w C:\Program Files\Nero
2008-01-09 08:21 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-01-09 08:00 --------- d-----w C:\Program Files\IVT Corporation
2008-01-09 07:36 --------- d-----w C:\Program Files\DVBViewerTE
2008-01-09 07:22 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-09 07:22 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-01-09 07:21 --------- d-----w C:\Program Files\Kaspersky Lab
2008-01-09 07:13 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-09 07:13 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-09 07:05 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-09 07:05 172,032 ------w C:\WINDOWS\Setup1.exe
2008-01-09 07:05 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-01-09 07:03 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-09 06:55 --------- d-----w C:\Program Files\TechniSat DVB
2008-01-09 06:13 --------- d-----w C:\Program Files\Creative
2008-01-09 06:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-09 06:01 --------- d-----w C:\Program Files\Marvell
2008-01-09 05:52 --------- d-----w C:\Program Files\Intel
2008-01-09 05:48 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-09 05:44 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-17 22:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-17 22:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-13 11:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/06/2007 07:51 PM 3810544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [12/18/2007 12:43 AM 227856]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/11/2006 03:43 PM 7630848]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/15/2008 11:05 AM 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM 39792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"raVe"="" []
"Driver32"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AutoUpdate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Server4PC.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Server4PC.lnk
backup=C:\WINDOWS\pss\Server4PC.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 08/04/2004 01:56 AM 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Caffe-Server]
--a------ 12/26/2007 07:27 PM 2587136 c:\program files\Caffe\Server.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 09/17/2003 10:43 AM 57344 C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Karen]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 08/04/2004 01:06 AM 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 01/12/2006 03:40 PM 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 08/11/2006 03:43 PM 7630848 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 08/11/2006 03:43 PM 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 08/11/2006 03:43 PM 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raVe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startIE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemBackup]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemInit]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 01/15/2008 11:05 AM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 05/11/2000 01:00 AM 90112 C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win32BaseServiceMOD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 11/06/2007 07:51 PM 3810544 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [07/19/2002 08:10 AM]
R2 NetworkLookOutAgent;Network LookOut Agent;C:\WINDOWS\system32\nladm\NLAgentProSvc.exe [10/22/2007 09:14 AM]
R3 AVMWAN;AVM NDIS WAN CAPI Driver;C:\WINDOWS\system32\DRIVERS\avmwan.sys [08/17/2001 02:13 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
R3 slnt;Realtek Rtl-8139d PCI Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\slnt.sys [11/11/2004 07:28 PM]
S3 fxusbase;AVM ISDN-Connector FRITZ!X USB;C:\WINDOWS\system32\DRIVERS\fxusbase.sys [08/17/2001 02:15 PM]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [09/29/2005 12:28 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df3127e3-bf65-11dc-8973-00e020225225}]
\Shell\AutoRun\command - kongxsg.exe
\Shell\explore\Command - kongxsg.exe
\Shell\open\Command - kongxsg.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-01-22 22:44:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 01/22/2008 22:47:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-22 20:47:20
