ComboFix 08-02.01.1 - Administrator 2008-02-01 7:41:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2827 [GMT -6:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Helper C:\Program Files\Helper\1201760848.dll . ((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 ))))))))))))))))))))))))))))))) . 2008-01-31 21:28 . 2008-01-31 21:28 d-------- C:\WINDOWS\system32\xircom 2008-01-31 21:28 . 2008-01-31 21:28 d-------- C:\WINDOWS\system32\oobe 2008-01-31 21:28 . 2008-01-31 21:28 d-------- C:\WINDOWS\srchasst 2008-01-31 21:28 . 2008-01-31 21:28 d-------- C:\WINDOWS\msagent 2008-01-31 21:28 . 2008-01-31 21:28 d-------- C:\Program Files\microsoft frontpage 2008-01-31 20:43 . 2008-01-31 20:43 d-------- C:\Program Files\Yahoo! 2008-01-31 20:43 . 2008-01-31 20:43 d-------- C:\Program Files\CCleaner 2008-01-31 20:37 . 2008-01-31 20:37 d-------- C:\Program Files\Trend Micro 2008-01-31 18:28 . 2008-01-31 18:31 465 --a------ C:\WINDOWS\wininit.ini 2008-01-31 12:11 . 2003-03-19 08:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2008-01-31 12:11 . 2003-03-19 05:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-01-31 09:50 . 2008-01-31 09:50 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-31 09:47 . 2008-01-31 12:01 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-31 09:41 . 2008-01-31 09:41 d-------- C:\Program Files\Lavasoft 2008-01-31 09:41 . 2008-01-31 09:41 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-31 01:57 . 2008-01-31 07:29 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-25 17:16 . 2008-01-31 22:23 d-------- C:\Documents and Settings\Administrator\amsn 2008-01-25 17:15 . 2008-01-25 17:15 d-------- C:\WINDOWS\SxsCaPendDel 2008-01-25 17:15 . 2008-01-25 17:15 d-------- C:\Program Files\aMSN 2008-01-24 22:48 . 2008-01-24 22:48 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink 2008-01-24 22:47 . 2008-01-24 22:47 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-01-24 22:46 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2008-01-24 22:45 . 2008-01-24 22:46 d-------- C:\Program Files\CyberLink 2008-01-24 18:54 . 2008-02-01 00:36 d--h----- C:\WINDOWS\$hf_mig$ 2008-01-23 22:54 . 2007-10-30 04:16 3,058,688 --------- C:\WINDOWS\system32\dllcache\mshtml.dll 2008-01-23 22:53 . 2007-04-16 09:52 984,576 --------- C:\WINDOWS\system32\dllcache\kernel32.dll 2008-01-23 22:53 . 2007-04-01 23:58 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx 2008-01-23 22:52 . 2007-07-09 07:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-01-23 22:51 . 2006-12-06 23:29 2,374,472 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll 2008-01-22 04:37 . 2008-01-22 18:32 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-01-20 18:00 . 2008-01-31 08:16 d-------- C:\Program Files\Common Files\Symantec Shared 2008-01-20 09:22 . 2008-01-26 17:10 d-------- C:\Program Files\FlashFXP 2008-01-20 09:22 . 2003-03-15 23:15 90,112 --a------ C:\WINDOWS\unvise32.exe 2008-01-18 00:52 . 2008-01-18 00:52 d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic 2008-01-18 00:47 . 2008-01-18 00:47 d-------- C:\Program Files\XP Codec Pack 2008-01-18 00:47 . 2007-08-18 01:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm 2008-01-18 00:42 . 2008-01-24 18:08 d-------- C:\Program Files\DC++ 2008-01-17 18:45 . 2008-02-01 07:41 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys 2008-01-17 07:47 . 2008-01-17 07:47 d-------- C:\Program Files\uTorrent 2008-01-17 07:47 . 2008-01-31 09:52 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent 2008-01-17 07:43 . 2008-01-17 07:43 d---s---- C:\Documents and Settings\Administrator\UserData 2008-01-17 07:40 . 2008-01-17 07:40 d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2008-01-17 07:40 . 2008-02-01 07:41 262,136 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck 2008-01-17 07:40 . 2008-02-01 07:41 1,264 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck 2008-01-17 07:38 . 2008-01-17 07:38 d-------- C:\Program Files\Panda Security 2008-01-17 07:37 . 2008-01-17 07:37 d-------- C:\Program Files\Common Files\Panda Software 2008-01-17 07:37 . 2007-07-12 06:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys 2008-01-17 07:37 . 2007-05-23 08:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys 2008-01-15 20:05 . 2008-02-01 07:40 d-------- C:\Program Files\Steam 2008-01-15 17:52 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-01-15 17:52 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-01-15 17:52 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-15 01:47 . 2008-01-18 14:54 0 --a------ C:\bejewel.jar 2008-01-15 00:54 . 2008-01-15 00:54 d--h----- C:\LG3G 2008-01-14 18:00 . 2008-01-14 18:00 d-------- C:\Program Files\Realtek 2008-01-14 18:00 . 2008-01-14 18:00 d-------- C:\Program Files\Marvell 2008-01-14 18:00 . 2008-01-24 22:44 d-------- C:\Program Files\Common Files\InstallShield 2008-01-14 14:27 . 2008-01-14 14:27 d-------- C:\Documents and Settings\Administrator\Application Data\LG Electronics 2008-01-14 14:26 . 2008-01-14 14:26 d-------- C:\Program Files\LG Electronics 2008-01-14 14:26 . 2007-07-11 10:45 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys 2008-01-14 14:26 . 2007-07-11 15:51 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys 2008-01-14 14:26 . 2007-07-11 10:40 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys 2008-01-14 14:24 . 2008-01-14 14:25 d-------- C:\Program Files\LG PC Suite 2 2008-01-14 14:05 . 2008-01-25 17:16 d-------- C:\Program Files\Windows Live Toolbar 2008-01-14 14:05 . 2008-01-14 14:05 d-------- C:\Documents and Settings\Administrator\Contacts 2008-01-14 14:03 . 2008-01-14 14:04 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-14 14:03 . 2008-01-17 23:26 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-01 13:41 262,136 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT 2008-02-01 13:41 1,264 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG 2008-01-31 03:20 13,312 --s-a-w C:\WINDOWS\system32\ofcpi.dll 2008-01-25 04:45 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-18 06:48 --------- d-----w C:\Program Files\QuickTime Alternative 2008-01-18 06:31 --------- d-----w C:\Program Files\Opera 9.5 beta 2008-01-15 06:46 --------- d-----w C:\Program Files\Winamp 2008-01-15 00:00 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-01-14 23:59 --------- d-----w C:\Program Files\Intel 2008-01-14 23:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield 2008-01-14 23:57 --------- d--h--w C:\Program Files\Uninstall Information 2008-01-14 23:54 --------- d-----w C:\Program Files\Real Alternative 2008-01-14 23:54 --------- d-----w C:\Program Files\Java 2008-01-14 23:54 --------- d-----w C:\Program Files\Common Files\Java 2008-01-14 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-14 23:48 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-14 17:02 24,064 ----a-w C:\WINDOWS\autoload.exe 2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-05 08:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-12-05 07:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-12-05 07:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-12-05 07:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-12-05 07:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-12-05 07:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-12-05 07:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-12-05 07:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-12-05 07:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-12-05 07:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-12-05 07:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-12-05 07:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-12-05 07:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-12-05 07:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-12-05 07:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-12-05 07:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-12-05 07:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-12-05 07:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-12-05 07:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-12-05 07:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-12-05 07:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-05 07:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-12-05 07:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-12-05 07:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-12-05 07:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-12-05 07:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-12-05 07:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-12-05 07:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-12-05 07:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-12-05 07:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-12-05 07:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-12-05 07:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll 2007-12-05 07:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-01-15 20:06 1266936] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-06-10 16:49 16377344 C:\WINDOWS\RTHDCPL.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.exe" [2007-07-19 15:23 455984] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingA6023"="command /c del C:\Program Files\Online Add-on\icmntr.exe" [ ] "SpybotDeletingC1031"="cmd /c del C:\Program Files\Online Add-on\icmntr.exe" [ ] "SpybotDeletingA9499"="command /c del C:\Program Files\Online Add-on\icun.exe" [ ] "SpybotDeletingC4120"="cmd /c del C:\Program Files\Online Add-on\icun.exe" [ ] "SpybotDeletingA96"="command /c del C:\Program Files\Online Add-on\icthis.exe" [ ] "SpybotDeletingC2569"="cmd /c del C:\Program Files\Online Add-on\icthis.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2004-08-04 05:00 99840 C:\WINDOWS\system32\advpack.dll] "TSClientMSIUninstaller"="cmd.exe" [2004-08-04 05:00 388608 C:\WINDOWS\system32\cmd.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{7265100a-17e1-41bf-bd08-63b95a25a9c3}"= C:\WINDOWS\system32\ofcpi.dll [2008-01-30 21:20 13312] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 09:33] R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33] R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 09:33] R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39] R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33] R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 08:40] R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33] R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33] R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 08:44] R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 06:49] R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [] R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 15:43] R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [] R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-01 07:42:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\system32\ofcpi.dll . Completion time: 2008-02-01 7:42:43 ComboFix-quarantined-files.txt 2008-02-01 13:42:41 . 2008-02-01 06:37:34 --- E O F ---