ComboFix 09-07-13.01 - User 07/16/2009 15:08.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.511.153 [GMT 3:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-1060284298-484061587-725345543-1007
c:\recycler\S-1-5-21-1060284298-484061587-725345543-500
c:\windows\Installer\106c2df.msi
c:\windows\Installer\1ddb49.msi
c:\windows\Installer\271cc1.msi
c:\windows\Installer\3fad0.msi
c:\windows\Installer\51519.msi
c:\windows\svchost.ini
c:\windows\system32\tmp.reg
c:\windows\system32\atmpvcn.dll . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDOWS_HOSTS_CONTROLLER
-------\Service_AVPsys
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.
2009-07-16 11:39 . 2009-07-16 11:39 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-16 11:39 . 2009-07-16 11:39 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-16 09:49 . 2009-07-16 09:49 -------- d-----w- c:\program files\Xvid
2009-07-16 09:14 . 2008-12-08 09:53 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-16 04:47 . 2009-07-16 04:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-07-16 04:37 . 2009-07-16 04:37 -------- d-----w- c:\program files\CCleaner
2009-07-13 07:16 . 2009-07-13 07:16 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-13 03:39 . 2009-07-13 07:15 -------- d-sh--w- C:\RECYCLER(2)
2009-07-08 15:26 . 2009-07-16 12:18 83564576 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-08 00:03 . 2009-07-08 00:03 -------- d-----w- c:\documents and settings\tazebama.dl_
2009-07-07 23:29 . 2008-07-08 11:54 148496 ----a-w- c:\windows\system32\drivers\49012684.sys
2009-07-07 17:41 . 2009-07-07 20:12 -------- d-----w- c:\windows\system32\SupportAppXL
2009-07-07 15:47 . 2009-07-07 15:47 -------- d-----w- c:\windows\system32\f
2009-07-04 23:56 . 2009-07-04 23:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InterVideo
2009-07-04 23:56 . 2008-04-01 18:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-07-04 23:56 . 2008-04-01 18:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-07-04 23:56 . 2008-04-01 18:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-07-04 23:56 . 2008-04-01 18:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-07-04 23:56 . 2008-04-01 18:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-07-04 23:56 . 2008-04-01 18:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2009-07-04 23:40 . 2009-07-05 01:05 -------- d-----w- c:\program files\Corel
2009-07-04 23:40 . 2009-07-04 23:40 -------- d-----w- c:\documents and settings\User\Application Data\InstallShield
2009-07-03 12:48 . 2009-07-03 12:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 12:45 . 2009-07-03 12:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-07-03 12:10 . 2009-07-03 12:10 59992 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.463\English\setup.exe
2009-07-02 20:25 . 2009-07-10 16:41 -------- d-----w- c:\program files\FXTS2
2009-07-02 20:25 . 2009-07-02 20:25 -------- d-----w- c:\program files\Candleworks
2009-07-01 17:51 . 2009-07-11 18:45 3638 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{E1A96E9C-6E4A-4209-B03A-60B8E81E0FC3}\_66b46747.exe
2009-07-01 17:51 . 2009-07-11 18:45 3638 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{E1A96E9C-6E4A-4209-B03A-60B8E81E0FC3}\_43654e38.exe
2009-07-01 17:51 . 2009-07-11 18:45 3638 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{E1A96E9C-6E4A-4209-B03A-60B8E81E0FC3}\_159f4fe2.exe
2009-07-01 17:51 . 2009-07-11 18:45 1078 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{E1A96E9C-6E4A-4209-B03A-60B8E81E0FC3}\_2f0c549b.exe
2009-07-01 17:51 . 2009-07-11 18:45 1078 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{E1A96E9C-6E4A-4209-B03A-60B8E81E0FC3}\_2ba528e2.exe
2009-07-01 17:51 . 2009-07-11 23:01 -------- d-----w- c:\program files\blueMSX
2009-06-27 15:22 . 2009-06-27 15:36 -------- d-----w- c:\windows\Themes
2009-06-27 15:01 . 2009-06-27 15:01 -------- d-----w- c:\program files\Vista Eyes 2.0
2009-06-27 14:58 . 2009-06-27 14:58 -------- d-----w- c:\program files\Watermill 3D Screensaver
2009-06-27 14:58 . 2008-03-31 09:11 844800 ----a-w- c:\windows\system32\Watermill_3D_Screensaver.scr
2009-06-27 14:58 . 2008-03-31 09:11 9029120 ----a-w- c:\windows\system32\Watermill 3D Screensaver.exe
2009-06-27 14:56 . 2009-06-27 14:56 -------- d-----w- c:\program files\Ancient Castle 3D Screensaver
2009-06-27 14:54 . 2009-06-27 14:54 -------- d-----w- c:\program files\The Lost Watch 3D Screensaver
2009-06-27 14:54 . 2009-01-19 23:59 972288 ----a-w- c:\windows\system32\The_Lost_Watch_3D_Screensaver. scr
2009-06-27 14:54 . 2009-01-19 23:59 3133440 ----a-w- c:\windows\system32\The Lost Watch 3D Screensaver.exe
2009-06-27 14:52 . 2009-06-27 14:52 -------- d-----w- c:\program files\Discovery 3D Screensaver
2009-06-27 14:52 . 2008-03-31 08:55 5051392 ----a-w- c:\windows\system32\Discovery 3D Screensaver.exe
2009-06-27 14:52 . 2008-03-28 15:33 854528 ----a-w- c:\windows\system32\Discovery_3D_Screensaver.scr
2009-06-27 14:44 . 2009-06-27 14:44 -------- d-----w- c:\program files\Fantasy Moon 3D Screensaver
2009-06-27 14:44 . 2008-03-31 08:52 3848192 ----a-w- c:\windows\system32\Fantasy Moon 3D Screensaver.exe
2009-06-27 14:44 . 2008-03-28 15:28 844288 ----a-w- c:\windows\system32\Fantasy_Moon_3D_Screensaver.sc r
2009-06-27 14:30 . 2009-06-27 14:30 -------- d-----w- c:\windows\system32\3Planesoft
2009-06-27 14:30 . 2009-06-27 14:30 -------- d-----w- c:\program files\3Planesoft Screensaver Manager
2009-06-27 14:30 . 2009-04-21 11:47 659968 ----a-w- c:\windows\system32\3Planesoft_Screensaver_Manager .scr
2009-06-27 11:17 . 2009-06-27 11:19 -------- d-----w- c:\documents and settings\User\Application Data\Marine Aquarium 3
2009-06-27 11:17 . 2009-01-28 13:14 6234112 ----a-w- c:\windows\system32\MarineAquarium3.scr
2009-06-24 14:26 . 2009-07-10 21:53 -------- d-----w- c:\documents and settings\User\Application Data\Folder Guard
2009-06-24 14:20 . 2009-07-15 11:12 -------- d-----w- c:\program files\Folder Guard Pro
2009-06-22 03:13 . 2009-07-16 06:19 -------- d-----w- C:\maar95
2009-06-21 22:42 . 2009-06-21 22:42 -------- d-----w- c:\documents and settings\User\Application Data\URSoft
2009-06-21 22:42 . 2009-06-21 22:42 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-06-21 22:21 . 2009-06-21 22:22 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Hotspot_Shield
2009-06-17 13:37 . 2009-06-21 22:59 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Conduit
2009-06-17 13:34 . 2009-06-21 22:59 -------- d-----w- c:\program files\Conduit
2009-06-17 13:34 . 2009-06-21 22:59 -------- d-----w- c:\program files\Hotspot_Shield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2017-01-02 20:43 . 2008-03-20 19:03 77176 -c--a-w- c:\windows\Fonts\SC_OUHOD.ttf
2016-12-30 15:32 . 2008-03-20 19:03 90072 -c--a-w- c:\windows\Fonts\SC_REHAN.ttf
2016-12-30 15:06 . 2008-03-20 19:03 70064 -c--a-w- c:\windows\Fonts\SC_TARABLUS.ttf
2016-12-30 15:05 . 2008-03-20 19:03 102264 -c--a-w- c:\windows\Fonts\SC_SHMOOKH01.ttf
2016-12-30 15:04 . 2008-03-20 19:03 66852 -c--a-w- c:\windows\Fonts\SC_LUJAYN.ttf
2016-12-30 15:02 . 2008-03-20 19:03 81648 -c--a-w- c:\windows\Fonts\SC_GULF.ttf
2016-12-30 15:02 . 2008-03-20 19:03 75820 -c--a-w- c:\windows\Fonts\SC_DUBAI.ttf
2016-12-30 15:01 . 2008-03-20 19:03 70368 -c--a-w- c:\windows\Fonts\SC_AMEEN.ttf
2016-12-30 15:00 . 2008-03-20 19:03 86304 -c--a-w- c:\windows\Fonts\SC_ALYERMOOK.ttf
2009-07-16 12:19 . 2008-09-28 04:10 -------- d-----w- c:\documents and settings\User\Application Data\DMCache
2009-07-16 12:16 . 2009-07-08 15:26 981404 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-16 12:03 . 2008-02-27 18:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2009-07-16 11:38 . 2008-02-27 18:15 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-16 11:35 . 2008-01-25 21:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2009-07-16 09:50 . 2008-09-02 14:31 -------- d-----w- c:\program files\DivX Pro 6.1.0 VFW
2009-07-16 09:15 . 2008-08-12 04:18 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-16 06:19 . 2007-08-13 07:09 -------- d-----w- c:\program files\BitComet
2009-07-16 05:12 . 2007-08-21 07:16 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-07-13 02:37 . 2007-09-25 01:52 108288 ----a-w- c:\windows\system32\atmpvcn.dll
2009-07-12 21:27 . 2009-04-22 09:22 95744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedBit\DAP\Updates\Condition.dll
2009-07-09 06:24 . 2009-07-13 07:13 8530 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Professio nal_32_1025.dat
2009-07-08 15:53 . 2008-11-07 15:05 -------- d-----w- c:\program files\Internet Download Manager
2009-07-08 15:26 . 2004-11-03 08:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-05 07:45 . 2006-08-22 15:45 157464 -c--a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-05 07:31 . 2006-08-22 20:41 -------- d-----w- c:\documents and settings\User\Application Data\Ulead Systems
2009-07-04 23:54 . 2005-11-02 00:04 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-06-27 14:31 . 2004-06-02 02:53 -------- d-----w- c:\program files\MSN Messenger
2009-06-27 11:17 . 2009-02-06 23:46 -------- d-----w- c:\program files\SereneScreen
2009-06-24 12:21 . 2005-11-02 00:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ulead Systems
2009-06-22 01:14 . 2007-10-05 22:02 5120 ----a-w- c:\windows\system32\drivers\ydvudvwe.dat
2009-06-21 23:26 . 2008-09-23 09:15 -------- d-----w- c:\program files\BT Engine
2009-06-17 12:24 . 2008-04-29 16:02 -------- d-----w- c:\program files\Google
2009-06-15 11:01 . 2009-06-15 11:01 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-05-16 17:59 . 2009-05-16 17:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
.
------- Sigcheck -------
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\SoftwareDistribution\Download\0d3b5d19c c06db007bbe6584808bfa9e\backup\tcpip.sys
[-] 2009-02-23 07:04 359808 DE891AD282E856ACFD40990094A63B6F c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-02-23 07:04 359808 DE891AD282E856ACFD40990094A63B6F c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2003-10-08 198144]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"IDMan"="c:\documents and settings\User\Desktop\IDMan.exe" [2008-12-15 2594224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-16 198160]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"FG_Monitor"="c:\program files\Folder Guard Pro\FGKey.exe" [2008-01-04 118600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Index Washer"="c:\program files\Webroot\Washer\WashIdx.exe" [2003-10-08 69632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2004-11-9 192512]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinManager.lnk - c:\program files\PC-TV\WinManager\WinManager.exe [2008-12-24 49152]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-6-2 118784]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\BitComet\\BitCometTracker_0.5\\BitCometTrac ker.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\User\\Desktop\\IDMan.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"23663:TCP"= 23663:TCP:BitComet 23663 TCP
"23663:UDP"= 23663:UDP:BitComet 23663 UDP
"26936:TCP"= 26936:TCP:BitComet 26936 TCP
"26936:UDP"= 26936:UDP:BitComet 26936 UDP
"24473:TCP"= 24473:TCP:BitComet 24473 TCP
"24473:UDP"= 24473:UDP:BitComet 24473 UDP
"24656:TCP"= 24656:TCP:BitComet 24656 TCP
"24656:UDP"= 24656:UDP:BitComet 24656 UDP
"27382:TCP"= 27382:TCP:BitComet 27382 TCP
"27382:UDP"= 27382:UDP:BitComet 27382 UDP
"27443:TCP"= 27443:TCP:BitComet 27443 TCP
"27443:UDP"= 27443:UDP:BitComet 27443 UDP
"25196:TCP"= 25196:TCP:BitComet 25196 TCP
"25196:UDP"= 25196:UDP:BitComet 25196 UDP
"65534:TCP"= 65534:TCP:BitComet 65534 TCP
"65534:UDP"= 65534:UDP:BitComet 65534 UDP
"23312:TCP"= 23312:TCP:BitComet 23312 TCP
"23312:UDP"= 23312:UDP:BitComet 23312 UDP
"7282:TCP"= 7282:TCP:BitComet 7282 TCP
"7282:UDP"= 7282:UDP:BitComet 7282 UDP
"21482:TCP"= 21482:TCP:BitComet 21482 TCP
"21482:UDP"= 21482:UDP:BitComet 21482 UDP
"27214:TCP"= 27214:TCP:BitComet 27214 TCP
"27214:UDP"= 27214:UDP:BitComet 27214 UDP
"27737:TCP"= 27737:TCP:BitComet 27737 TCP
"27737:UDP"= 27737:UDP:BitComet 27737 UDP
"8194:TCP"= 8194:TCP:BitComet 8194 TCP
"8194:UDP"= 8194:UDP:BitComet 8194 UDP
"26720:TCP"= 26720:TCP:BitComet 26720 TCP
"26720:UDP"= 26720:UDP:BitComet 26720 UDP
"24520:TCP"= 24520:TCP:BitComet 24520 TCP
"24520:UDP"= 24520:UDP:BitComet 24520 UDP
"25142:TCP"= 25142:TCP:BitComet 25142 TCP
"25142:UDP"= 25142:UDP:BitComet 25142 UDP
"25818:TCP"= 25818:TCP:BitComet 25818 TCP
"25818:UDP"= 25818:UDP:BitComet 25818 UDP
"19352:TCP"= 19352:TCP:BitComet 19352 TCP
"19352:UDP"= 19352:UDP:BitComet 19352 UDP
"30997:TCP"= 30997:TCP:BitComet 30997 TCP
"30997:UDP"= 30997:UDP:BitComet 30997 UDP
"44166:TCP"= 44166:TCP:BitComet 44166 TCP
"44166:UDP"= 44166:UDP:BitComet 44166 UDP
"26883:TCP"= 26883:TCP:BitComet 26883 TCP
"26883:UDP"= 26883:UDP:BitComet 26883 UDP
"62232:TCP"= 62232:TCP:BitComet 62232 TCP
"62232:UDP"= 62232:UDP:BitComet 62232 UDP
"23021:TCP"= 23021:TCP:BitComet 23021 TCP
"23021:UDP"= 23021:UDP:BitComet 23021 UDP
"24432:TCP"= 24432:TCP:BitComet 24432 TCP
"24432:UDP"= 24432:UDP:BitComet 24432 UDP
"27376:TCP"= 27376:TCP:BitComet 27376 TCP
"27376:UDP"= 27376:UDP:BitComet 27376 UDP
"26037:TCP"= 26037:TCP:BitComet 26037 TCP
"26037:UDP"= 26037:UDP:BitComet 26037 UDP
"26432:TCP"= 26432:TCP:BitComet 26432 TCP
"26432:UDP"= 26432:UDP:BitComet 26432 UDP
"26323:TCP"= 26323:TCP:BitComet 26323 TCP
"26323:UDP"= 26323:UDP:BitComet 26323 UDP
"25672:TCP"= 25672:TCP:BitComet 25672 TCP
"25672:UDP"= 25672:UDP:BitComet 25672 UDP
"27617:TCP"= 27617:TCP:BitComet 27617 TCP
"27617:UDP"= 27617:UDP:BitComet 27617 UDP
"26212:TCP"= 26212:TCP:BitComet 26212 TCP
"26212:UDP"= 26212:UDP:BitComet 26212 UDP
"25128:TCP"= 25128:TCP:BitComet 25128 TCP
"25128:UDP"= 25128:UDP:BitComet 25128 UDP
"27115:TCP"= 27115:TCP:BitComet 27115 TCP
"27115:UDP"= 27115:UDP:BitComet 27115 UDP
"44402:TCP"= 44402:TCP:BitComet 44402 TCP
"44402:UDP"= 44402:UDP:BitComet 44402 UDP
"24309:TCP"= 24309:TCP:BitComet 24309 TCP
"24309:UDP"= 24309:UDP:BitComet 24309 UDP
"24349:TCP"= 24349:TCP:BitComet 24349 TCP
"24349:UDP"= 24349:UDP:BitComet 24349 UDP
"24745:TCP"= 24745:TCP:BitComet 24745 TCP
"24745:UDP"= 24745:UDP:BitComet 24745 UDP
"26120:TCP"= 26120:TCP:BitComet 26120 TCP
"26120:UDP"= 26120:UDP:BitComet 26120 UDP
"24149:TCP"= 24149:TCP:BitComet 24149 TCP
"24149:UDP"= 24149:UDP:BitComet 24149 UDP
"27102:TCP"= 27102:TCP:BitComet 27102 TCP
"27102:UDP"= 27102:UDP:BitComet 27102 UDP
"25088:TCP"= 25088:TCP:BitComet 25088 TCP
"25088:UDP"= 25088:UDP:BitComet 25088 UDP
"27657:TCP"= 27657:TCP:BitComet 27657 TCP
"27657:UDP"= 27657:UDP:BitComet 27657 UDP
"26004:TCP"= 26004:TCP:BitComet 26004 TCP
"26004:UDP"= 26004:UDP:BitComet 26004 UDP
"25007:TCP"= 25007:TCP:BitComet 25007 TCP
"25007:UDP"= 25007:UDP:BitComet 25007 UDP
"25281:TCP"= 25281:TCP:BitComet 25281 TCP
"25281:UDP"= 25281:UDP:BitComet 25281 UDP
"24727:TCP"= 24727:TCP:BitComet 24727 TCP
"24727:UDP"= 24727:UDP:BitComet 24727 UDP
"27123:TCP"= 27123:TCP:BitComet 27123 TCP
"27123:UDP"= 27123:UDP:BitComet 27123 UDP
"25888:TCP"= 25888:TCP:BitComet 25888 TCP
"25888:UDP"= 25888:UDP:BitComet 25888 UDP
"24901:TCP"= 24901:TCP:BitComet 24901 TCP
"24901:UDP"= 24901:UDP:BitComet 24901 UDP
"24856:TCP"= 24856:TCP:BitComet 24856 TCP
"24856:UDP"= 24856:UDP:BitComet 24856 UDP
"26854:TCP"= 26854:TCP:BitComet 26854 TCP
"26854:UDP"= 26854:UDP:BitComet 26854 UDP
"24592:TCP"= 24592:TCP:BitComet 24592 TCP
"24592:UDP"= 24592:UDP:BitComet 24592 UDP
"25223:TCP"= 25223:TCP:BitComet 25223 TCP
"25223:UDP"= 25223:UDP:BitComet 25223 UDP
"27303:TCP"= 27303:TCP:BitComet 27303 TCP
"27303:UDP"= 27303:UDP:BitComet 27303 UDP
"26954:TCP"= 26954:TCP:BitComet 26954 TCP
"26954:UDP"= 26954:UDP:BitComet 26954 UDP
"25510:TCP"= 25510:TCP:BitComet 25510 TCP
"25510:UDP"= 25510:UDP:BitComet 25510 UDP
"26482:TCP"= 26482:TCP:BitComet 26482 TCP
"26482:UDP"= 26482:UDP:BitComet 26482 UDP
"26800:TCP"= 26800:TCP:BitComet 26800 TCP
"26800:UDP"= 26800:UDP:BitComet 26800 UDP
"25893:TCP"= 25893:TCP:BitComet 25893 TCP
"25893:UDP"= 25893:UDP:BitComet 25893 UDP
"26372:TCP"= 26372:TCP:BitComet 26372 TCP
"26372:UDP"= 26372:UDP:BitComet 26372 UDP
"25760:TCP"= 25760:TCP:BitComet 25760 TCP
"25760:UDP"= 25760:UDP:BitComet 25760 UDP
"26531:TCP"= 26531:TCP:BitComet 26531 TCP
"26531:UDP"= 26531:UDP:BitComet 26531 UDP
"25134:TCP"= 25134:TCP:BitComet 25134 TCP
"25134:UDP"= 25134:UDP:BitComet 25134 UDP
"26420:TCP"= 26420:TCP:BitComet 26420 TCP
"26420:UDP"= 26420:UDP:BitComet 26420 UDP
"8127:TCP"= 8127:TCP:yiclrzn
"1013:TCP"= 1013:TCP:BS
"9999:TCP"= 9999:TCP
ORT1
"9991:TCP"= 9991:TCP
ORT2
"37589:TCP"= 37589:TCP:FD
"8635:TCP"= 8635:TCP:FD
"8805:TCP"= 8805:TCP:FD
"19469:TCP"= 19469:TCP:FD
"32399:TCP"= 32399:TCP:FD
"60246:TCP"= 60246:TCP:FD
"3746:TCP"= 3746:TCP:FD
"28758:TCP"= 28758:TCP:FD
"46568:TCP"= 46568:TCP:FD
"10356:TCP"= 10356:TCP:FD
"22713:TCP"= 22713:TCP:FD
"56536:TCP"= 56536:TCP:FD
"52066:TCP"= 52066:TCP:FD
"3140:TCP"= 3140:TCP:FD
"16002:TCP"= 16002:TCP:FD
"14798:TCP"= 14798:TCP:FD
"12665:TCP"= 12665:TCP:FD
"20261:TCP"= 20261:TCP:FD
"61278:TCP"= 61278:TCP:FD
"19274:TCP"= 19274:TCP:FD
"56365:TCP"= 56365:TCP:FD
"10618:TCP"= 10618:TCP:FD
"27061:TCP"= 27061:TCP:FD
"28950:TCP"= 28950:TCP:FD
"25370:TCP"= 25370:TCP:FD
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R0 wgaucvfj;wgaucvfj;c:\windows\system32\drivers\qhgn kqdt.dat --> c:\windows\system32\drivers\qhgnkqdt.dat [?]
R1 is-HCSINdrv;is-HCSINdrv;c:\windows\system32\drivers\49012684.sys [08/07/2009 02:29 ص 148496]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [03/06/2008 10:12 ص 87264]
R2 FGUARD32;FGUARD32;c:\program files\Folder Guard Pro\FGUARD32.SYS [24/06/2009 05:20 م 54008]
R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [10/09/2007 06:33 ص 35200]
R3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [23/02/2009 02:40 ص 100096]
R3 DstAudio;DstAudio;c:\windows\system32\drivers\DstA udio.sys [24/12/2008 07:01 م 8506]
R3 DstVideo;DstVideo;c:\windows\system32\drivers\DstV ideo.sys [02/01/2002 01:40 ص 19171]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [12/10/2006 10:49 ص 20352]
S3 DtvAudio;DtvAudio;c:\windows\system32\drivers\DtvA udio.sys [20/06/2004 10:28 ص 10330]
S3 DtvVideo;DtvVideo;c:\windows\system32\drivers\DtvV ideo.sys [20/06/2004 10:28 ص 25600]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12);c:\windows\system32\drivers\swnc8u12.sys [12/03/2007 04:17 م 102272]
S3 swumx12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\system32\drivers\swumx12.sys [12/03/2007 04:18 م 72576]
S3 utmymjk3;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utmymjk3.sy s --> c:\windows\system32\Drivers\utmymjk3.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xdhaqhumj
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SystemInit - (no file)
HKLM-Run-Karen - (no file)
HKLM-Run-raVe - (no file)
HKLM-Run-SystemBackup - (no file)
HKLM-Run-Win32BaseServiceMOD - (no file)
HKLM-Run-startIE - (no file)
.
------- Supplementary Scan -------
.
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download all links with IDM - c:\documents and settings\User\Desktop\IEGetAll.htm
IE: Download FLV video content with IDM - c:\documents and settings\User\Desktop\IEGetVL.htm
IE: Download with IDM - c:\documents and settings\User\Desktop\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-16 15:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w gaucvfj]
"ImagePath"="system32\drivers\qhgnkqdt.dat"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-436374069-1563985344-725345543-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{C18270C8-376E-A2EF-24B0-8DDAF38497FF}*]
"bbpnjocnlhdhnanbledblhfejfajjaejloom"=hex:61,62,6 2,61,6a,63,68,6f,6f,62,62,6d,
66,63,6b,6e,66,6a,6d,62,6d,6b,65,61,61,64,63,69,62 ,66,66,67,6c,6f,00,77
"abpnjocnlhdhnanblegaeglcoflbpfadem"=hex:61,62,6b, 63,6c,66,6d,6b,6d,67,6f,69,
68,64,63,66,6b,69,6b,67,6a,69,63,68,6d,64,69,6d,70 ,67,62,61,70,70,00,77
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E916 4-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):15,95,42,fe,a4,85,31,56,e3,c4,d5,c c,01,2b,63,98,c0,8f,35,8f,53,
24,1d,d8,14,bf,2a,e5,1d,f3,d2,86,5d,bb,73,97,9c,eb ,7d,cd,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b4bd480 2-9bd2-4df7-9f56-4954b386f24f}]
@Denied: (Full) (Everyone)
"Model"=dword:0000004a
"Therad"=dword:0000001c
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76 ,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,d1,61,5e,4b,94,f6 ,05,68,a0,c2,32,b4,ba,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Iac25_32.ax
c:\windows\system32\l3codeca.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
- - - - - - - > 'explorer.exe'(412)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\FOLDER~1\FGKey.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\progra~1\Webshots\webshots.scr
.
************************************************** ************************
.
Completion time: 2009-07-16 15:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-16 12:26
Pre-Run: 4,779,606,016 bytes free
Post-Run: 4,649,156,608 bytes free
452
