Hi Katana,
I'm home now! We had a great time!
Here is the new log from the latest combofix. I hope it looks good!
Caryn
ComboFix 07-12-31.4 - Owner 2008-01-04 19:26:00.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.163 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\wbem\fcorouvnb.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\wbem\fcorouvnb.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.
2008-01-04 19:21 . 2008-01-04 19:21 72 --a------ C:\WINDOWS\system32\cflInfo.nt
2008-01-01 16:25 . 2008-01-01 16:25 <DIR> d-------- C:\Program Files\Panda Security
2008-01-01 10:32 . 2008-01-01 14:35 47 --a------ C:\WINDOWS\system32\wcbnurect.fl
2008-01-01 02:24 . 2008-01-01 02:24 12 --a------ C:\WINDOWS\
0494ac5aa2.dll
2008-01-01 02:24 . 2008-01-01 02:24 0 --a------ C:\WINDOWS\system32\dnabeser.dat
2008-01-01 02:19 . 2008-01-04 19:42 420 --a------ C:\WINDOWS\system32\e8ae8279a2.dll
2007-12-31 23:14 . 2007-12-31 23:27 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-31 23:14 . 2007-12-31 23:27 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-31 23:13 . 2007-12-31 23:13 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-31 23:12 . 2008-01-04 19:45 3,911,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-31 23:12 . 2008-01-02 06:59 52,532 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-31 23:12 . 2008-01-04 19:44 29,984 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-31 23:12 . 2008-01-02 06:59 3,524 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-31 23:11 . 2007-12-31 23:11 <DIR> d-------- C:\KAV
2007-12-31 22:44 . 2007-12-31 22:45 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-31 22:44 . 2007-12-31 22:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-31 22:43 . 2007-12-31 23:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-31 18:50 . 2007-12-31 18:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-31 18:50 . 2008-01-04 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-31 18:21 . 2007-12-31 18:21 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-31 12:40 . 2007-12-31 12:40 130 --a------ C:\WINDOWS\system32\tablet.dat
2007-12-31 10:34 . 2007-12-31 10:34 <DIR> d--hs---- C:\Documents and Settings\NetworkService\UserData
2007-12-29 10:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-28 10:59 . 2007-12-28 10:59 <DIR> d-------- C:\Program Files\Windows Live
2007-12-28 10:59 . 2007-12-28 10:59 <DIR> d-------- C:\Program Files\MSN Messenger
2007-12-28 10:59 . 2005-12-28 13:22 <DIR> d-------- C:\Program Files\Incesoft
2007-12-28 10:59 . 2007-12-28 10:59 20,541 --a------ C:\WINDOWS\system32\detoured.dll
2007-12-14 21:23 . 2007-12-27 14:19 <DIR> d-------- C:\Program Files\Evrsoft First Page 2006
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 04:07 --------- d-----w C:\Program Files\Trend Micro
2008-01-01 04:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-28 15:51 --------- d-----w C:\Program Files\LimeWire
2007-12-28 15:51 --------- d-----w C:\Program Files\iWin.com
2007-12-26 01:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\CoreFTP
2007-11-13 16:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-11-13 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-13 16:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 13:50 --------- d-----w C:\Program Files\Java
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-24 14:29 32,524 ----a-w C:\WINDOWS\Fonts\diploma.zip
2007-02-06 21:01 6,252,136 ----a-w C:\Program Files\winzip100.exe
2005-12-07 18:47 34,412,848 ----a-w C:\Program Files\iTunesSetup.exe
.
((((((((((((((((((((((((((((( snapshot@2005-12-28_13.28.30.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-21 19:37:26 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\ascstubie.dll
+ 2007-07-18 19:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
+ 2007-12-31 21:18:02 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-31 23:22:00 5,484,544 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000001\NTUSER.DAT
+ 2007-12-31 23:22:00 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000002\UsrClass.dat
+ 2007-12-31 21:18:02 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-31 23:21:46 5,484,544 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\
00000001\NTUSER.DAT
+ 2007-12-31 23:21:46 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\
00000002\UsrClass.dat
- 2005-08-26 18:10:33 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-05 00:14:48 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2005-08-26 18:10:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-05 00:14:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-26 18:10:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-05 00:14:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-04-28 21:51:02 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2008-01-01 04:28:41 194,320 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-04-04 19:58:26 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2007-06-28 17:50:52 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-06-28 17:51:48 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
+ 2008-01-01 07:24:41 518,144 ----a-w C:\WINDOWS\system32\wbem\9142\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Washer"="C:\Program Files\Washer\washer.exe" [2001-06-22 15:29 722432]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [2005-02-01 22:00 98304]
"EPSON Stylus CX5000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.exe" [2006-10-18 06:01 143360]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="zHotkey.exe" [2003-06-03 13:01 496640 C:\WINDOWS\zHotkey.exe]
"SunKistEM"="C:\Program Files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 17:18 135168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [ ]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50 204800]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [2005-02-01 22:00 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-22 16:29 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 14:58 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-07 13:57 155648]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 18:54 99480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-30 14:11:05]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2006-09-28 05:52:35]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-02-27 01:44:01]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-06-22 23:20:09]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 FontCache6.0.5070.0;WinFX Font Cache 6.0.5070.0;C:\WINDOWS\Microsoft.NET\Windows\v6.0.5070\PresentationFontCache.exe [2005-11-07 01:29]
S4 itcppss;Indigo Tcp Port Sharing Service;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IndigoListener.exe [2006-01-13 02:37]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-01-04 19:45:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-04 19:47:29
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-05 00:47:11
C:\qoobox\ComboFix2.txt 2008-01-01 07:26:00
C:\qoobox\ComboFix3.txt 2008-01-01 02:55:07
C:\qoobox\ComboFix4.txt 2007-12-31 15:24:22
.
2007-12-28 05:59:31 --- E O F ---