ComboFix 08-02-13.2 - Admin 2008-02-15 15:49:35.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.717 [GMT 0:00] Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))) . 2008-02-15 15:49 . 2008-02-15 15:50 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE 2008-02-14 22:40 . 2008-02-14 22:41 d-------- C:\Program Files\UltraISO 2008-02-14 22:32 . 2008-02-14 22:32 d-------- C:\WINDOWS\system32\zx8 2008-02-14 22:32 . 2008-02-14 22:32 d-------- C:\WINDOWS\system32\pu1 2008-02-14 22:32 . 2008-02-14 22:32 d-------- C:\WINDOWS\system32\ez2 2008-02-14 22:32 . 2008-02-14 22:32 36,864 --a------ C:\WINDOWS\mrofinu572.exe.tmp 2008-02-13 22:11 . 2008-02-13 22:11 d--h----- C:\WINDOWS\system32\GroupPolicy 2008-02-13 19:04 . 2008-02-14 23:51 d-------- C:\VundoFix Backups 2008-02-13 18:07 . 2008-02-13 18:07 d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-13 18:07 . 2008-02-13 18:30 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-13 18:07 . 2008-02-13 18:07 267,480 --a------ C:\WINDOWS\system32\fsutil.dll 2008-02-13 17:58 . 2008-02-13 17:58 d-------- C:\Program Files\Trend Micro 2008-02-13 17:45 . 2008-02-13 17:49 d-------- C:\Program Files\Eusing Free Registry Cleaner 2008-02-13 16:39 . 2008-02-13 18:29 d-------- C:\Documents and Settings\All Users\Application Data\Rabio 2008-02-13 16:35 . 2008-02-15 12:54 d-------- C:\Temp 2008-02-13 16:30 . 2008-02-13 16:30 d-------- C:\WINDOWS\Sun 2008-02-13 15:05 . 2008-02-13 15:05 d-------- C:\WINDOWS\Downloaded Installations 2008-02-13 15:05 . 2008-02-13 15:05 d-------- C:\Program Files\Veoh Networks 2008-02-12 19:21 . 2008-02-12 19:22 d-------- C:\Program Files\Maxis 2008-02-12 16:21 . 2008-02-12 20:19 1,731 --a------ C:\WINDOWS\eReg.dat 2008-02-01 21:59 . 2008-02-15 14:48 d-------- C:\Documents and Settings\Admin\Application Data\Skype 2008-02-01 21:57 . 2008-02-01 21:58 d-------- C:\Program Files\Skype 2008-02-01 21:57 . 2008-02-01 21:57 d-------- C:\Program Files\Common Files\Skype 2008-02-01 21:57 . 2008-02-01 21:57 d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-01-31 13:40 . 2008-02-05 20:19 d-------- C:\Documents and Settings\Admin\Contacts 2008-01-31 13:39 . 2008-01-31 13:39 d----c--- C:\WINDOWS\system32\DRVSTORE 2008-01-31 13:36 . 2008-01-31 13:39 d-------- C:\Program Files\Windows Live 2008-01-31 13:36 . 2008-01-31 13:38 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-31 13:36 . 2008-01-31 13:36 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-31 13:34 . 2008-01-31 13:34 d--h----- C:\WINDOWS\$hf_mig$ 2008-01-31 13:34 . 2005-02-25 03:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-01-31 13:30 . 2008-01-31 13:30 d---s---- C:\Documents and Settings\Admin\UserData 2008-01-31 13:30 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-01-31 13:30 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-01-31 13:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-01-31 13:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-01-31 13:30 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-01-30 23:27 . 2008-01-30 23:27 d-------- C:\Documents and Settings\Admin\Application Data\Media Player Classic 2008-01-29 22:06 . 2008-01-29 22:06 d-------- C:\Program Files\Wanadoo Edition 2008-01-28 11:30 . 2008-01-28 11:30 d-------- C:\Program Files\Ubisoft 2008-01-28 11:30 . 2008-01-28 11:30 1 --a------ C:\WINDOWS\system32\SI.bin 2008-01-27 12:11 . 2008-01-27 12:11 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-01-27 12:11 . 2008-02-15 10:38 d-------- C:\Documents and Settings\Admin\Application Data\Azureus 2008-01-27 12:10 . 2008-01-27 12:10 d-------- C:\Program Files\Azureus 2008-01-26 17:57 . 2004-08-04 06:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-01-26 16:05 . 2008-01-26 16:08 d-------- C:\Heroes3 2008-01-26 15:30 . 1999-01-11 10:40 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-01-26 15:19 . 2008-01-26 15:19 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-01-26 13:16 . 2008-01-26 13:16 206 --a------ C:\WINDOWS\system32\npzupdate.conf 2008-01-26 13:16 . 2008-01-26 13:16 70 --a------ C:\WINDOWS\system32\npconf.md5 2008-01-25 21:20 . 2003-07-21 03:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-01-25 21:20 . 2005-01-04 18:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-01-25 21:16 . 2008-01-25 21:16 d-------- C:\Program Files\Java 2008-01-25 21:16 . 2008-01-26 15:19 d-------- C:\Program Files\Google 2008-01-25 21:16 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-25 21:15 . 2008-01-25 21:15 d-------- C:\Program Files\Common Files\Java 2008-01-25 20:42 . 2008-01-25 20:42 d-------- C:\WINDOWS\system32\URTTemp 2008-01-25 20:35 . 2008-01-25 20:36 d-------- C:\Program Files\ATI Technologies 2008-01-25 20:35 . 2007-09-28 21:05 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe 2008-01-25 20:30 . 2008-01-25 20:30 d-------- C:\Program Files\C-Media 3D Audio . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-13 15:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-12 17:37 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-01-25 20:35 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-25 19:42 --------- d-----w C:\Program Files\NVIDIA Corporation 2008-01-25 19:42 --------- d-----w C:\Program Files\Common Files\NVIDIA Shared 2008-01-25 19:37 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-01-25 19:29 --------- d-----w C:\Program Files\microsoft frontpage 2001-11-23 12:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25F3A725-860C-4C2B-835D-FFB2C2184197}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F83D029-AC8A-425B-A867-4A816FD226C7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-07 12:53 3497984] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:32 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:32 455168] "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 11:15 83968] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:32 208952] "Cmaudio"="cmicnfg.cpl" [] "b032a2d4"="C:\WINDOWS\system32\tgfgtlso.dll" [ ] S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows [] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-15 15:50:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-15 15:50:52 ComboFix-quarantined-files.txt 2008-02-15 15:50:25 ComboFix2.txt 2008-02-15 13:00:55 ComboFix3.txt 2008-02-13 21:19:36