ComboFix 08-03-04.5 - KAC 2008-03-09 9:22:11.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.416 [GMT -8:00] Running from: C:\Documents and Settings\KAC\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\KAC\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\B316.tmp C:\TEMP\.deleted C:\WINDOWS\hmtixubk.dll C:\WINDOWS\POTA777444.exe C:\WINDOWS\s.dll C:\WINDOWS\system32\winfrun32.bin . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\B316.tmp C:\Program Files\Windows Plus C:\Program Files\Windows Plus\Audio Converter\ACPlugIn.dll C:\Program Files\Windows Plus\Audio Converter\ACShellExt3.dll C:\Program Files\Windows Plus\Audio Converter\AudioConverter.exe C:\Program Files\Windows Plus\Audio Converter\Res\ACShellExt3UI.dll C:\Program Files\Windows Plus\Audio Converter\Res\AudioConverter.chm C:\Program Files\Windows Plus\Audio Converter\Res\AudioConverterUI.dll C:\Program Files\Windows Plus\CDLM\CDLM.exe C:\Program Files\Windows Plus\CDLM\CDLMPlugin.dll C:\Program Files\Windows Plus\CDLM\Images\Plus_Back_Section_Background.bmp C:\Program Files\Windows Plus\CDLM\Images\Plus_CD_Label_Background.bmp C:\Program Files\Windows Plus\CDLM\Images\Plus_Front_Section_Background.bmp C:\Program Files\Windows Plus\CDLM\Images\Plus_Label_Background.bmp C:\Program Files\Windows Plus\CDLM\Images\Plus_Left_Spine_Background.bmp C:\Program Files\Windows Plus\CDLM\Images\Plus_Right_Spine_Background.bmp C:\Program Files\Windows Plus\CDLM\Images\Plus_Spine_Background.bmp C:\Program Files\Windows Plus\CDLM\Res\CDLM.chm C:\Program Files\Windows Plus\CDLM\Res\CDLMPluginUI.dll C:\Program Files\Windows Plus\CDLM\Res\CDLMUI.dll C:\Program Files\Windows Plus\CDLM\Templates\A-One_CD_Case_Index_A4.cdl C:\Program Files\Windows Plus\CDLM\Templates\A-One_CD_Index_148x296.cdl C:\Program Files\Windows Plus\CDLM\Templates\A-One_CD_Label_148x296.cdl C:\Program Files\Windows Plus\CDLM\Templates\apli_cd_label_a4_10039.cdl C:\Program Files\Windows Plus\CDLM\Templates\apli_cd_label_a4_10041.cdl C:\Program Files\Windows Plus\CDLM\Templates\apli_cd_label_a4_10166.cdl C:\Program Files\Windows Plus\CDLM\Templates\apli_cd_label_a4_10294.cdl C:\Program Files\Windows Plus\CDLM\Templates\apli_cd_label_a4_2001.cdl C:\Program Files\Windows Plus\CDLM\Templates\APLI_CD_Label_A4_3268.cdl C:\Program Files\Windows Plus\CDLM\Templates\avery_cd_insert_a4_j8432.cdl C:\Program Files\Windows Plus\CDLM\Templates\avery_cd_insert_a4_j8435.cdl C:\Program Files\Windows Plus\CDLM\Templates\avery_cd_insert_us_regular.cdl C:\Program Files\Windows Plus\CDLM\Templates\avery_cd_label_5824.cdl C:\Program Files\Windows Plus\CDLM\Templates\avery_cd_label_a4_full_face.cdl C:\Program Files\Windows Plus\CDLM\Templates\avery_cd_label_a4_regular.cdl C:\Program Files\Windows Plus\CDLM\Templates\avery_cd_label_us_full_face.cdl C:\Program Files\Windows Plus\CDLM\Templates\avery_cd_label_us_regular.cdl C:\Program Files\Windows Plus\CDLM\Templates\avery_maxell_cd_booklet_a4_c9358.cdl C:\Program Files\Windows Plus\CDLM\Templates\avery_maxell_cd_insert_a4_c9357.cdl C:\Program Files\Windows Plus\CDLM\Templates\avery_maxell_cd_label_a4_c95661.cdl C:\Program Files\Windows Plus\CDLM\Templates\avery_maxell_cd_label_a4_full_face.cdl C:\Program Files\Windows Plus\CDLM\Templates\avery_maxell_cd_label_a5_c95461.cdl C:\Program Files\Windows Plus\CDLM\Templates\avery_maxell_cd_label_a5_c95462.cdl C:\Program Files\Windows Plus\CDLM\Templates\basf_cd_label_a4_regular.cdl C:\Program Files\Windows Plus\CDLM\Templates\cd_stomper_a4_insert.cdl C:\Program Files\Windows Plus\CDLM\Templates\cd_stomper_cd_label__a4_regular.cdl C:\Program Files\Windows Plus\CDLM\Templates\cd_stomper_cd_label__us_regular.cdl C:\Program Files\Windows Plus\CDLM\Templates\cd_stomper_insert.cdl C:\Program Files\Windows Plus\CDLM\Templates\data_becker_a4_insert.cdl C:\Program Files\Windows Plus\CDLM\Templates\data_becker_cd_insert.cdl C:\Program Files\Windows Plus\CDLM\Templates\data_becker_cd_label.cdl C:\Program Files\Windows Plus\CDLM\Templates\data_becker_cd_label_a4_full_face.cdl C:\Program Files\Windows Plus\CDLM\Templates\decadry_cd_label_a4_regular.cdl C:\Program Files\Windows Plus\CDLM\Templates\elecom_cd_label_a4_regular.cdl C:\Program Files\Windows Plus\CDLM\Templates\elecom_cd_label_a5.cdl C:\Program Files\Windows Plus\CDLM\Templates\fellowes_cd_label_a4_regular.cdl C:\Program Files\Windows Plus\CDLM\Templates\Fellowes_neato_a4_cd_booklet.cdl C:\Program Files\Windows Plus\CDLM\Templates\fellowes_neato_a4_insert.cdl C:\Program Files\Windows Plus\CDLM\Templates\fellowes_neato_cd_booklet.cdl C:\Program Files\Windows Plus\CDLM\Templates\fellowes_neato_cd_insert.cdl C:\Program Files\Windows Plus\CDLM\Templates\fellowes_neato_cd_label.cdl C:\Program Files\Windows Plus\CDLM\Templates\Fellowes_neato_cd_slimline_insert.cdl C:\Program Files\Windows Plus\CDLM\Templates\hisago_cd_booklet_cj692s.cdl C:\Program Files\Windows Plus\CDLM\Templates\hisago_cd_insert_cj593s.cdl C:\Program Files\Windows Plus\CDLM\Templates\hisago_cd_insert_cj691s.cdl C:\Program Files\Windows Plus\CDLM\Templates\hisago_cd_insert_cj695s_back.cdl C:\Program Files\Windows Plus\CDLM\Templates\hisago_cd_insert_cj695s_front.cdl C:\Program Files\Windows Plus\CDLM\Templates\hisago_cd_label_a4_cj2847s.cdl C:\Program Files\Windows Plus\CDLM\Templates\hisago_cd_label_a4_cj2884s.cdl C:\Program Files\Windows Plus\CDLM\Templates\hisago_cd_label_a5_cj2846s.cdl C:\Program Files\Windows Plus\CDLM\Templates\hisago_cd_label_a5_cj5000s.cdl C:\Program Files\Windows Plus\CDLM\Templates\hisago_cd_label_cj2845s.cdl C:\Program Files\Windows Plus\CDLM\Templates\hisago_cj2843s.cdl C:\Program Files\Windows Plus\CDLM\Templates\hp_cd_inlay.cdl C:\Program Files\Windows Plus\CDLM\Templates\hp_cd_label_us_regular.cdl C:\Program Files\Windows Plus\CDLM\Templates\memorex_cd_insert.cdl C:\Program Files\Windows Plus\CDLM\Templates\memorex_cd_label.cdl C:\Program Files\Windows Plus\CDLM\Templates\nanacreate_inkjet_cdr_labels.cdl C:\Program Files\Windows Plus\CDLM\Templates\office_cd_insert_a4.cdl C:\Program Files\Windows Plus\CDLM\Templates\office_cd_label_a4_regular.cdl C:\Program Files\Windows Plus\CDLM\Templates\pressit_cd_label_a4_regular.cdl C:\Program Files\Windows Plus\CDLM\Templates\sanwa_inkjet_cdr_labels.cdl C:\Program Files\Windows Plus\CDLM\Templates\SanwaSupply_CD_Booklet_A4.cdl C:\Program Files\Windows Plus\CDLM\Templates\SanwaSupply_CD_Bottom_Index_A4.cdl C:\Program Files\Windows Plus\CDLM\Templates\SanwaSupply_CD_Case_Index_A4.cdl C:\Program Files\Windows Plus\CDLM\Templates\SanwaSupply_CD_Label_138x145_24mm.cdl C:\Program Files\Windows Plus\CDLM\Templates\SanwaSupply_CD_Label_138x145_41mm.cdl C:\Program Files\Windows Plus\CDLM\Templates\SanwaSupply_CD_Label_A4_24mm.cdl C:\Program Files\Windows Plus\CDLM\Templates\SanwaSupply_CD_Label_A4_41mm.cdl C:\Program Files\Windows Plus\CDLM\Templates\SanwaSupply_CD_Label_A5_24mm.cdl C:\Program Files\Windows Plus\CDLM\Templates\SanwaSupply_CD_Label_A5_41mm.cdl C:\Program Files\Windows Plus\CDLM\Templates\SanwaSupply_Slim_CD_Index_A4.cdl C:\Program Files\Windows Plus\CDLM\Templates\Stick_it_Right_Ultimate_CD_Inserts.cdl C:\Program Files\Windows Plus\CDLM\Templates\Stick_it_Right_Ultimate_CD_Inserts_Fold_Over.cdl C:\Program Files\Windows Plus\CDLM\Templates\Stick_it_Right_Ultimate_CD_Labels.cdl C:\Program Files\Windows Plus\CDLM\Templates\sure_thing_cd_label.cdl C:\Program Files\Windows Plus\CDLM\Templates\tdk_a4_insert.cdl C:\Program Files\Windows Plus\CDLM\Templates\trackfmt.txt C:\Program Files\Windows Plus\CDLM\Templates\versatile_cd_labels_2up.cdl C:\Program Files\Windows Plus\CDLM\Templates\zweckform_cd_label_a4_regular.cdl C:\Program Files\Windows Plus\CDLM\Templates\zweckform_insert_32250.cdl C:\Program Files\Windows Plus\Dancer\Dancer.exe C:\Program Files\Windows Plus\Dancer\Dancers\Amanda_L.da2 C:\Program Files\Windows Plus\Dancer\Dancers\Amanda_L.dn2 C:\Program Files\Windows Plus\Dancer\Res\Dancer.chm C:\Program Files\Windows Plus\Dancer\Res\DancerUI.dll C:\Program Files\Windows Plus\Party Mode\Butterflies.jpg C:\Program Files\Windows Plus\Party Mode\Butterflies.wmz C:\Program Files\Windows Plus\Party Mode\Crystal_Clockwork.jpg C:\Program Files\Windows Plus\Party Mode\Crystal_Clockwork.wmz C:\Program Files\Windows Plus\Party Mode\Darkling.jpg C:\Program Files\Windows Plus\Party Mode\Darkling.wmz C:\Program Files\Windows Plus\Party Mode\Energy.jpg C:\Program Files\Windows Plus\Party Mode\Energy.wmz C:\Program Files\Windows Plus\Party Mode\focus.wav C:\Program Files\Windows Plus\Party Mode\Nature.jpg C:\Program Files\Windows Plus\Party Mode\Nature.wmz C:\Program Files\Windows Plus\Party Mode\Party_Mode.jpg C:\Program Files\Windows Plus\Party Mode\Party_Mode.wmz C:\Program Files\Windows Plus\Party Mode\PartyMode.exe C:\Program Files\Windows Plus\Party Mode\Plasma.jpg C:\Program Files\Windows Plus\Party Mode\Plasma.wmz C:\Program Files\Windows Plus\Party Mode\Res\PartyMode.chm C:\Program Files\Windows Plus\Party Mode\Res\PartyModeUI.dll C:\Program Files\Windows Plus\Party Mode\Sunburst.jpg C:\Program Files\Windows Plus\Party Mode\Sunburst.wmz C:\WINDOWS\POTA777444.exe C:\WINDOWS\s.dll C:\WINDOWS\system32\winfrun32.bin . --------------- FMove --------------- . ((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))) . 2008-03-08 13:54 . 2008-03-08 13:54 47 --a------ C:\WINDOWS\NeroDigital.ini 2008-03-08 13:08 . 2008-03-08 13:09 d-------- C:\Program Files\Picasa2 2008-03-07 16:51 . 2003-06-25 17:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe 2008-03-07 16:51 . 2002-06-21 16:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf 2008-03-05 08:54 . 2008-03-07 17:40 d-------- C:\Documents and Settings\KAC\Application Data\SUPERAntiSpyware.com 2008-03-03 11:05 . 2008-03-03 11:05 d-------- C:\WINDOWS\Google Toolbar 2008-03-02 21:39 . 2007-06-05 11:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-03-02 21:38 . 2007-06-08 10:44 8,576 --a------ C:\WINDOWS\system32\drivers\ubjqhvfklayp.sys 2008-03-02 20:54 . 2008-03-03 06:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-03-02 20:54 . 2008-03-03 06:27 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-03-02 17:53 . 2008-03-07 17:40 d-------- C:\Program Files\SUPERAntiSpyware 2008-03-02 17:53 . 2008-03-02 17:53 d-------- C:\Documents and Settings\KJL\Application Data\SUPERAntiSpyware.com 2008-03-02 17:53 . 2008-03-02 17:53 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-02 15:59 . 2008-03-02 15:59 d-------- C:\Documents and Settings\KJL\Application Data\Grisoft 2008-03-02 15:59 . 2008-03-02 15:59 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-01 20:10 . 2008-03-01 20:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-02-24 18:49 . 2008-03-09 09:07 d-------- C:\TEMP\.deleted 2008-02-22 18:38 . 2008-02-22 18:38 43,872 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-05 16:45 --------- d-----w C:\Program Files\Photodex Presenter 2008-03-03 19:07 --------- d-----w C:\Program Files\PhotoWorks 2008-03-03 19:05 --------- d-----w C:\Program Files\eGames 2008-03-03 16:26 --------- d-----w C:\Program Files\Trend Micro 2008-03-03 15:37 --------- d-----w C:\Program Files\NetWaiting 2008-03-03 15:32 --------- d-----w C:\Program Files\Google 2008-03-03 15:31 --------- d-----w C:\Program Files\Digital Line Detect 2008-03-03 15:31 --------- d-----w C:\Program Files\Dell Support 2008-03-03 15:29 --------- d-----w C:\Program Files\BAE 2008-01-24 04:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell 2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2005-05-12 07:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll 2006-12-02 00:55 88 --sh--r C:\WINDOWS\system32\6D10D6E481.sys 2006-12-02 00:55 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 00:24 20480] "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 20:39 176201] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 19:57 395776] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 07:41 68856] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 17:23 443968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01 67584] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 07:44 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 07:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 07:45 118784] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 16:48 761947] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 20:48 1392640] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 21:30 282624 C:\WINDOWS\stsystra.exe] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 16:51 1032192] "CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 13:57 57344] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 14:42 823362] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 14:50 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 14:50 81920] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-11-23 12:38 169984] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 18:16 184320] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-23 12:34 98304] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 17:23 443968] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 20:05:26 29696] Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 16:28:28 622653] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-23 12:30:29 24576] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 20:07:32 81920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-09 09:24:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-09 9:25:09 ComboFix-quarantined-files.txt 2008-03-09 17:25:01 ComboFix2.txt 2008-03-05 15:53:08 . 2008-02-20 17:37:19 --- E O F ---