ComboFix 08-02-22.3 - Dave 2008-02-22 16:28:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.543 [GMT -5:00] Running from: C:\Documents and Settings\Dave\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\isgTi19 C:\Temp\isgTi19\lPig.log C:\temp\tn3 C:\WINDOWS\cookies.ini C:\WINDOWS\SYSTEM32\cdjdjnef.ini C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\hidparsee.sys C:\WINDOWS\system32\drivers\sfsync02.sys C:\WINDOWS\system32\hfvaulyi.dllbox C:\WINDOWS\SYSTEM32\lpalmvjn.ini C:\WINDOWS\system32\pac.txt C:\WINDOWS\SYSTEM32\qalaqouq.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_HIDPARSEE -------\LEGACY_SFSYNC02 -------\hidparsee -------\sfsync02 ((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))) . 2008-02-22 15:56 . 2008-02-22 15:56 d-------- C:\_OTMoveIt 2008-02-22 11:31 . 2008-02-22 11:31 d-------- C:\Deckard 2008-02-07 11:49 . 2008-02-07 11:49 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-07 11:48 . 2008-02-07 17:06 d-------- C:\Program Files\SUPERAntiSpyware 2008-02-07 11:48 . 2008-02-07 11:48 d-------- C:\Documents and Settings\Dave\Application Data\SUPERAntiSpyware.com 2008-02-07 11:44 . 2008-02-07 11:44 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-06 19:36 . 2008-02-06 19:36 d-------- C:\Documents and Settings\Dave\Application Data\Grisoft 2008-02-06 19:35 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys 2008-02-06 19:34 . 2008-02-06 19:34 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-06 17:11 . 2008-02-06 17:11 d-------- C:\Program Files\Trend Micro 2008-02-05 13:03 . 2008-02-09 12:34 0 --ahs---- C:\WINDOWS\SYSTEM32\rqstv.ini 2008-02-04 16:30 . 2008-02-04 16:30 d-------- C:\Documents and Settings\All Users\Application Data\RoboForm 2008-02-04 16:29 . 2008-02-04 16:29 d-------- C:\Program Files\Siber Systems 2008-02-04 16:28 . 2004-03-09 00:00 416,528 --a------ C:\WINDOWS\SYSTEM32\COMCT332.OCX 2008-02-04 16:28 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\SYSTEM32\MSWINSCK.OCX 2008-02-04 16:28 . 2004-04-25 20:39 53,248 -ra------ C:\WINDOWS\SYSTEM32\SSubTmr6.dll 2008-02-04 16:27 . 2008-02-04 16:27 d-------- C:\WINDOWS\SYSTEM32\IOSUBSYS 2008-02-04 16:27 . 2008-02-04 16:27 d-------- C:\Program Files\Cydrix Solutions 2008-02-04 16:27 . 1999-04-23 22:22 17,986 -ra------ C:\WINDOWS\SYSTEM32\Smartvsd.vxd 2008-02-04 16:27 . 2001-08-17 22:36 4,096 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ctwdm32.dll 2008-02-04 16:27 . 2001-08-17 22:36 4,096 --a------ C:\WINDOWS\SYSTEM32\ctwdm32.dll 2008-01-25 14:47 . 2008-01-25 14:47 d-------- C:\Documents and Settings\Dave\Application Data\Move Networks 2008-01-24 10:34 . 2008-01-24 10:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-24 10:34 . 2008-01-24 10:34 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-22 21:07 --------- d-----w C:\Program Files\Steam 2008-02-22 16:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-14 00:16 --------- d-----w C:\Program Files\Norton Internet Security 2008-02-05 18:45 --------- d-----w C:\Program Files\Symantec 2008-02-04 21:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-04 21:27 --------- d-----w C:\Documents and Settings\Dave\Application Data\Azureus 2008-02-03 22:47 --------- d-----w C:\Program Files\Azureus 2008-01-05 18:01 --------- d-----w C:\Program Files\Unlocker . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-02-06 14:40 1992928] "QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [2006-10-30 06:39 57344] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-04 16:29 160592] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2006-09-21 14:38 155896] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-06 20:38 1266936] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-22 14:53 282624] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 13:48 479232] "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 02:56 143360] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-02-05 13:44 100056] "SAClient"="C:\Program Files\Insight\BBClient\Programs\RegCon.exe" [2004-06-01 11:55 299008] "MXOBG"="C:\WINDOWS\MXOALDR.EXE" [2003-10-10 10:23 94208] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 11:42 58728] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [ ] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968] "AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 14:43 331776] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 13:28 684032] "ymetray"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" [ ] "MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 08:23 823296] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-02-06 14:40 1992928] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hfvaulyi] hfvaulyi.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019 "C:\\Program Files\\BitTorrent\\btdownloadgui.exe"= "C:\\Program Files\\SmileCam\\ezWebCam21_Server\\ezWHostE.exe"= "C:\\3dsmax5\\3dsmax.exe"= "C:\\Program Files\\Valve\\Steam\\Steam.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\AIM\\aim.exe"= "G:\\3dsmax7\\3dsmax.exe"= "C:\\3dsmax5\\backburner2\\monitor.exe"= "C:\\3dsmax5\\backburner2\\manager.exe"= "C:\\3dsmax5\\backburner2\\server.exe"= "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000 "C:\\Program Files\\MSN Messenger\\msncall.exe"= "C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2002-08-07 06:34] R2 NetAlrt;NetAlrt;C:\WINDOWS\System32\drivers\NetAlrt.sys [2002-05-07 17:05] R2 PlatAlrt;PlatAlrt;C:\WINDOWS\System32\drivers\PlatAlrt.sys [2002-05-07 17:06] S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2003-01-07 17:28] S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-07-30 17:15] S3 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-07-30 17:15] S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [] *Newly Created Service* - GTNDIS5 . Contents of the 'Scheduled Tasks' folder "2008-02-22 20:55:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-02-18 07:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Dave.job" - C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXEh/task: "2008-02-16 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jessica.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task: "2008-02-22 15:04:22 C:\WINDOWS\Tasks\QIC Autoupdate.job" - C:\Program Files\Insight\BBClient\Programs\AutoUpdate.exe "2008-02-22 21:41:31 C:\WINDOWS\Tasks\QIC Messenger Bkup.job" - C:\Program Files\Insight\BBClient\Programs\QICMessenger.exe "2008-02-22 14:30:19 C:\WINDOWS\Tasks\QIC Messenger Periodic.job" - C:\Program Files\Insight\BBClient\Programs\QICMessenger.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-22 16:42:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\DCPFLICS\DCPFLICS.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\WINDOWS\system32\cscript.exe C:\WINDOWS\system32\taskmgr.exe . ************************************************************************** . Completion time: 2008-02-22 16:53:24 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-22 21:53:15 . 2008-02-22 14:41:37 --- E O F ---