ComboFix 08-03-30.2 - Administrator 2008-03-30 17:52:05.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1502 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\WINDOWS\system32\dilchuha.exe . ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))) . 2008-03-30 16:28 . 2008-03-30 16:28 d-------- C:\Program Files\PC-Cleaner 2008-03-30 15:13 . 2008-03-30 15:13 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-30 15:12 . 2008-03-30 17:46 d-------- C:\Program Files\SUPERAntiSpyware 2008-03-30 15:12 . 2008-03-30 15:12 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-30 15:12 . 2008-03-30 15:12 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-03-29 04:53 . 2008-03-29 04:53 d-------- C:\Program Files\Spyware Terminator 2008-03-29 04:53 . 2008-03-29 04:53 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-03-29 04:53 . 2008-03-29 04:53 d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator 2008-03-29 04:53 . 2008-03-29 04:53 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-03-29 04:52 . 2008-03-29 04:52 d-------- C:\Program Files\SpywareBlaster 2008-03-29 04:52 . 2005-08-25 19:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-03-29 04:44 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-03-29 04:44 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-03-29 04:44 . 2008-03-22 16:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-03-29 04:44 . 2008-03-26 09:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-03-29 04:44 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-03-29 04:44 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-03-29 04:44 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-03-29 04:00 . 2008-03-29 04:00 d-------- C:\Program Files\MSXML 4.0 2008-03-29 03:47 . 2008-03-29 03:48 691,545 --a------ C:\WINDOWS\unins000.exe 2008-03-29 03:47 . 2008-03-29 03:49 4,656 --a------ C:\WINDOWS\unins000.dat 2008-03-29 03:37 . 2008-03-29 03:37 d-------- C:\Program Files\Lavasoft 2008-03-29 03:37 . 2008-03-29 03:37 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft 2008-03-29 01:31 . 2008-03-29 01:31 d-------- C:\Program Files\CleanUp! 2008-03-28 00:31 . 2008-03-28 00:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-03-27 20:36 . 2008-03-29 03:35 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-26 22:04 . 2008-03-26 22:04 d-------- C:\Program Files\Trend Micro 2008-03-26 20:27 . 2008-03-26 20:27 94,208 --a------ C:\WINDOWS\system32\mjojgdyt.exe 2008-03-26 19:23 . 2008-03-29 04:55 2,976 --a------ C:\WINDOWS\system32\tmp.reg 2008-03-26 18:45 . 2008-03-30 17:48 d-------- C:\Program Files\PestPatrol 2008-03-26 18:44 . 2008-03-26 18:46 1,737 --a------ C:\WINDOWS\SetupPestPatrolCorporate.mif 2008-03-25 22:17 . 2008-03-25 22:17 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-25 21:34 . 2008-03-29 04:46 d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-25 21:34 . 2008-03-30 04:21 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-25 20:02 . 2008-03-25 20:02 d-------- C:\Documents and Settings\All Users\Application Data\hyrwxkpi 2008-03-12 21:58 . 2008-03-12 21:58 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-03-10 22:11 . 2008-03-28 00:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-10 22:11 . 2008-03-10 22:11 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-10 22:10 . 2008-03-10 22:10 d-------- C:\Program Files\QuickTime 2008-03-10 22:10 . 2008-03-10 22:10 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-10 22:09 . 2008-03-10 22:09 d-------- C:\Program Files\Apple Software Update 2008-03-10 22:09 . 2008-03-10 22:09 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-03-08 18:25 . 2004-08-04 01:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-03-08 18:25 . 2001-08-17 23:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-03-08 15:42 . 2008-03-29 01:32 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire 2008-03-05 19:02 . 2008-03-26 20:11 d-------- C:\Program Files\Common Files\Symantec Shared 2008-02-28 01:50 . 2008-02-28 01:50 d-------- C:\Program Files\Hewlett-Packard 2008-02-28 01:49 . 2008-02-28 01:51 125,113 --a------ C:\WINDOWS\hpoins14.dat 2008-02-28 01:49 . 2007-09-21 14:12 1,996 --------- C:\WINDOWS\hpomdl14.dat 2008-02-28 00:53 . 2008-02-28 00:54 d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo 2008-02-28 00:50 . 2008-02-28 00:50 d-------- C:\Program Files\Ventrilo 2008-02-27 18:02 . 2008-02-27 18:02 d-------- C:\Program Files\uTorrent 2008-02-27 18:02 . 2008-03-30 17:43 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent 2008-02-25 22:41 . 2008-03-30 14:46 40 --a------ C:\WINDOWS\nero.INI 2008-02-20 20:13 . 2008-02-20 20:13 1,783 --a------ C:\WINDOWS\nsreg.dat 2008-02-20 20:12 . 2008-03-30 14:09 d-------- C:\Program Files\Opera7 2008-02-19 20:06 . 2008-03-26 20:10 d-------- C:\Program Files\DivX 2008-02-18 02:30 . 2008-02-18 02:30 d-------- C:\WINDOWS\Sun 2008-02-18 02:29 . 2008-03-05 18:08 d-------- C:\Program Files\Java 2008-02-18 02:29 . 2008-02-18 02:29 d-------- C:\Program Files\Common Files\Java 2008-02-18 02:29 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-17 21:01 . 2008-02-17 21:01 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech 2008-02-14 20:03 . 2008-03-23 15:32 d-------- C:\Program Files\Common Files\Adobe 2008-02-12 19:31 . 2008-03-29 03:57 d---s---- C:\Documents and Settings\Administrator\UserData 2008-02-12 18:30 . 2008-02-12 18:30 d-------- C:\Program Files\Common Files\HP 2008-02-12 18:30 . 2008-02-17 21:03 d-------- C:\Documents and Settings\All Users\Application Data\HP 2008-02-12 18:29 . 2008-02-17 21:03 d-------- C:\Program Files\HP 2008-02-12 18:29 . 2008-02-12 18:29 d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-02-12 18:28 . 2008-02-12 18:28 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2008-02-12 18:28 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2008-02-12 18:28 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2008-02-12 18:27 . 2007-03-31 07:07 267,864 --a------ C:\WINDOWS\system32\hpzids01.dll 2008-02-12 18:27 . 2007-03-28 15:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll 2008-02-12 18:27 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-02-12 18:27 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2008-02-12 18:26 . 2007-03-18 08:11 675,840 --a------ C:\WINDOWS\system32\hpowiax3.dll 2008-02-12 18:26 . 2007-03-18 08:11 569,344 --a------ C:\WINDOWS\system32\hpotscl3.dll 2008-02-12 18:26 . 2007-03-08 21:20 364,544 --a------ C:\WINDOWS\system32\hppldcoi.dll 2008-02-12 18:26 . 2007-03-08 21:20 309,760 --a------ C:\WINDOWS\system32\difxapi.dll 2008-02-12 18:26 . 2007-03-18 08:11 303,104 --a------ C:\WINDOWS\system32\hpovst10.dll 2008-02-12 18:26 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-02-10 19:01 . 2008-02-15 14:40 d-------- C:\Documents and Settings\Administrator\Contacts 2008-02-10 14:12 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-10 14:12 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-02-10 14:12 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-02-10 01:29 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2008-02-10 00:46 . 2008-02-28 01:50 d----c--- C:\WINDOWS\system32\DRVSTORE 2008-02-10 00:43 . 2008-02-17 21:04 d-------- C:\Program Files\Windows Live 2008-02-10 00:43 . 2008-02-10 00:45 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-10 00:43 . 2008-02-10 00:43 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-10 00:37 . 2008-03-30 05:27 3,093 --a------ C:\WINDOWS\system\CmcnfgU.ini 2008-02-10 00:36 . 2008-02-10 00:36 d-------- C:\Program Files\SHARKOON MAJESTIC 5.1 2008-02-10 00:32 . 2008-02-10 00:32 d-------- C:\Program Files\Microsoft FrontPage 2008-02-10 00:31 . 2008-02-10 00:31 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft Web Folders 2008-02-10 00:16 . 2003-06-19 02:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-02-10 00:16 . 2008-02-10 00:32 724 --a------ C:\WINDOWS\ODBC.INI 2008-02-10 00:15 . 2008-02-10 00:34 d-------- C:\WINDOWS\SHELLNEW 2008-02-09 23:38 . 2008-02-09 23:38 d-------- C:\Program Files\Jasc Software Inc 2008-02-09 23:35 . 2008-02-09 23:37 d-------- C:\Program Files\WS_FTP Pro 2008-02-09 19:46 . 2008-02-09 19:46 d-------- C:\Program Files\Common Files\Ahead . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-26 18:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-14 18:20 5,632 ----a-w C:\Program Files\install.log 2008-02-09 23:28 --------- d-----w C:\Program Files\Realtek 2008-02-09 16:44 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2004-06-18 10:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe 2003-08-22 10:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe . ((((((((((((((((((((((((((((( snapshot@2008-03-30_14.02.06,62 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-30 13:12:23 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-03-30 13:12:23 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2008-03-27 18:37:13 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-30 15:46:15 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-27 18:37:13 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-30 15:46:15 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-30 15:44:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_62c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 18:03 1271032] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-16 19:47 68856] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224] "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-03-12 23:43 81920] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "CmUsbSound"="cmcnfgu.cpl" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 12:49 98304] "PestPatrolCL"="" [] "PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 08:53 148480] "CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 10:35 73728] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoInternetIcon"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Steam\\SteamApps\\toggah\\counter-strike\\hl.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 23:41] R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 23:41] R2 PStrip;PSTRIP;C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS [2001-07-24 01:31] R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys [2004-09-28 17:18] R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys [2003-03-18 12:31] R3 cmudau32;C-Media USB UDA Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [2006-08-23 15:51] R3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys [2005-06-28 20:46] R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys [2005-06-30 13:57] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c0a5f60-d713-11dc-a1d1-806d6172696f}] \Shell\1\Command - RUNAUT~1\autorun.pif \Shell\2\Command - RUNAUT~1\autorun.pif \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-30 17:52:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-30 17:53:11 ComboFix-quarantined-files.txt 2008-03-30 15:53:03 ComboFix2.txt 2008-03-30 12:02:14 Pre-Run: 33,696,157,696 bytes free Post-Run: 33,686,175,744 bytes free . 2008-03-29 02:01:25 --- E O F ---