ComboFix 08-03-14.4 - SUZANNE 2008-03-15 18:09:23.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.208 [GMT -8:00] Running from: C:\Documents and Settings\SUZANNE\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))) . 2008-03-15 10:39 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe 2008-03-15 10:37 . 2008-01-24 16:29 19,791 --------- C:\WINDOWS\HPHins02.dat.temp 2008-03-15 10:37 . 2005-07-07 20:55 4,284 --------- C:\WINDOWS\hphmdl02.dat.temp 2008-03-15 10:36 . 2005-07-07 20:55 6,478 --a------ C:\WINDOWS\system32\hphmon05.dat 2008-03-14 22:31 . 2008-03-14 22:31 d-------- C:\VundoFix Backups 2008-03-14 21:42 . 2008-03-14 22:04 4,954 --a------ C:\WINDOWS\system32\tmp.reg 2008-03-14 20:32 . 2008-03-14 20:32 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-14 20:12 . 2008-03-14 20:12 d-------- C:\Program Files\SUPERAntiSpyware 2008-03-14 20:12 . 2008-03-14 20:12 d-------- C:\Documents and Settings\SUZANNE\Application Data\SUPERAntiSpyware.com 2008-03-14 19:41 . 2008-03-14 19:41 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-14 18:51 . 2008-03-14 18:51 1,347,518 ---hs---- C:\WINDOWS\system32\rbhpagex.ini 2008-03-13 21:00 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-13 20:59 . 2008-03-13 20:59 d-------- C:\Program Files\Common Files\Java 2008-03-13 18:50 . 2008-03-14 18:50 1,347,458 ---hs---- C:\WINDOWS\system32\wjfnsvut.ini 2008-03-12 21:10 . 2008-03-12 21:10 d-------- C:\Documents and Settings\SUZANNE\DoctorWeb 2008-03-12 19:52 . 2008-03-12 19:52 d-------- C:\Program Files\Trend Micro 2008-03-12 18:49 . 2008-03-13 18:49 1,346,876 ---hs---- C:\WINDOWS\system32\klgwqdhv.ini 2008-03-12 17:53 . 2008-03-12 17:53 d-------- C:\Documents and Settings\SUZANNE\Application Data\Uniblue 2008-03-11 21:17 . 2008-03-14 21:07 d--hs---- C:\WINDOWS\U1VaQU5ORQ 2008-03-11 20:20 . 2008-03-12 21:18 d-------- C:\Program Files\nvcoi 2008-03-11 18:48 . 2008-03-12 18:48 1,320,635 ---hs---- C:\WINDOWS\system32\slvmlbcg.ini 2008-03-10 20:43 . 2008-03-10 20:43 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico 2008-03-10 20:12 . 2008-03-15 11:07 d-------- C:\Temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-14 05:00 --------- d-----w C:\Program Files\Java 2008-01-31 18:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-25 00:29 --------- d-----w C:\Program Files\HP 2008-01-25 00:29 --------- d-----w C:\Program Files\Hewlett-Packard 2008-01-24 02:53 --------- d-----w C:\Program Files\Norton AntiVirus 2008-01-23 04:48 --------- d-----w C:\Program Files\GetSmile 2008-01-23 04:48 --------- d-----w C:\Documents and Settings\SUZANNE\Application Data\Sofrayt 2007-12-29 07:53 94,208 ----a-w C:\WINDOWS\UITabCtrl.dll 2007-12-29 07:53 20,480 ----a-w C:\WINDOWS\RegActiveX.exe 2007-12-29 07:53 139,264 ----a-w C:\WINDOWS\UIButton.dll 2007-12-29 07:53 126,976 ----a-w C:\WINDOWS\UIListCtrl.dll 2007-12-29 07:53 1,700,352 ----a-w C:\WINDOWS\GdiPlus.dll 2007-12-29 06:37 6,144 ----a-w C:\WINDOWS\system32\DLPT.SYS . ((((((((((((((((((((((((((((( snapshot@2008-03-15_11.14.14.59 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-15 19:11:57 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-03-16 02:04:02 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-03-15 19:11:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-03-16 02:04:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-03-15 19:11:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-03-16 02:04:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2007-12-29 07:55:15 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-15 19:14:03 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-29 07:55:15 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-15 19:14:03 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 04:00 13312] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 03:24 65536] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18 1670144] "nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [ ] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2003-04-15 20:01 258048] "000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-15 11:23 3661824] "nwiz"="nwiz.exe" [2004-04-15 11:23 790528 C:\WINDOWS\system32\nwiz.exe] "SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 16:01 86073] "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-01-02 16:16 172032] "AGRSMMSG"="AGRSMMSG.exe" [2003-04-18 11:20 88363 C:\WINDOWS\agrsmmsg.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-30 19:25 110592] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-30 19:23 614400] "TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 18:00 126976] "TFNF5"="TFNF5.exe" [2003-07-18 17:41 73728 C:\WINDOWS\system32\TFNF5.exe] "TFncKy"="TFncKy.exe" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-11-10 05:30 70816] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960] "NDSTray.exe"="NDSTray.exe" [] "TPSMain"="TPSMain.exe" [2003-09-25 10:19 278528 C:\WINDOWS\system32\TPSMain.exe] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 08:39 159744] "B'sCLiP"="C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe" [2004-02-04 05:43 1409024] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-12-27 12:56 95960] "IVPServiceMgr"="C:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 08:37 475136] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-07 20:55 176128] "HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-07 20:55 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41 49152] "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2005-07-07 20:55 491520] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 16:59 218240] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 13:23:32 51776] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-02-06 16:53:02 155648] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqomn] urqqomn.dll R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\System32\drivers\BsStor.sys [2004-02-04 01:08] R2 BsUDF;B.H.A UDF Filesystem;C:\WINDOWS\System32\drivers\BsUDF.sys [2004-02-02 19:05] R2 CBTWlanSrv;CBT Wlan Service;C:\WINDOWS\CBTWlanSrv.exe [2007-10-18 14:14] R3 CBPSp50;CBPSp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\CBPSp50.sys [2006-11-28 21:46] R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2003-05-14 17:38] R3 WPC300N;Linksys Wireless Notebook Adapter WPC300N Driver;C:\WINDOWS\System32\DRIVERS\WPC300N.SYS [2007-07-23 16:49] S3 CBPMp50;CBPMp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\CBPMp50.sys [] S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2003-02-12 09:03] . Contents of the 'Scheduled Tasks' folder "2008-03-16 00:29:00 C:\WINDOWS\Tasks\HP Usg Daily.job" - C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe "2008-03-16 02:08:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-15 18:10:22 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-15 18:11:04 ComboFix-quarantined-files.txt 2008-03-16 02:10:49 ComboFix2.txt 2008-03-15 19:15:05