ComboFix 08-06-20.4 - user 06/21/2008 15:30:39.1 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.302 [GMT -7:00] Running from: C:\Documents and Settings\EOL1\Desktop\virus software\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINNT\Web\default.htt . ((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))) . 2008-06-21 15:30 . 06/21/08 03:30p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3c0.dat 2008-06-21 14:54 . 06/21/08 02:54p d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-21 14:53 . 06/21/08 02:54p d-------- C:\Program Files\SUPERAntiSpyware 2008-06-21 14:53 . 06/21/08 02:53p d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-21 14:53 . 06/21/08 02:53p d-------- C:\Documents and Settings\EOL1\Application Data\SUPERAntiSpyware.com 2008-06-14 09:42 . 06/14/08 09:42a d-------- C:\Documents and Settings\EOL1\Application Data\Snapfish 2008-06-13 15:57 . 06/13/08 03:57p d-------- C:\Program Files\Uniblue 2008-06-13 15:57 . 06/13/08 03:57p d-------- C:\Documents and Settings\EOL1\Application Data\Uniblue 2008-06-13 11:03 . 06/13/08 11:03a d-------- C:\Program Files\Trend Micro 2008-06-13 10:30 . 06/13/08 11:27a d--h----- C:\$AVG8.VAULT$ 2008-06-13 10:27 . 06/18/08 04:45p d-------- C:\WINNT\system32\drivers\Avg 2008-06-13 10:27 . 06/13/08 10:27a d-------- C:\Program Files\AVG 2008-06-13 10:27 . 06/13/08 10:27a d-------- C:\Documents and Settings\EOL1\Application Data\AVGTOOLBAR 2008-06-13 10:27 . 06/13/08 10:27a d-a------ C:\Documents and Settings\All Users\Application Data\avg8 2008-06-13 10:27 . 06/13/08 10:27a 96,520 --a------ C:\WINNT\system32\drivers\avgldx86.sys 2008-06-13 10:27 . 06/13/08 10:27a 75,272 --a------ C:\WINNT\system32\drivers\avgtdix.sys 2008-06-13 10:27 . 06/13/08 10:27a 12,424 --a------ C:\WINNT\system32\drivers\avgrkx86.sys 2008-06-13 10:27 . 06/13/08 10:27a 10,520 --a------ C:\WINNT\system32\avgrsstx.dll 2008-06-08 22:49 . 06/16/08 10:42p 466,320 ---h----- C:\WINNT\ShellIconCache 2008-06-08 18:52 . 06/08/08 06:52p d-------- C:\Program Files\Common Files\Mozilla Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-10 16:53 --------- d-----w C:\Program Files\Apple Software Update 2008-05-10 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-05-07 23:06 --------- d-----w C:\Program Files\iTunes 2007-03-02 18:20 271 ---h--w C:\Program Files\desktop.ini 2007-03-02 18:20 21,952 ---h--w C:\Program Files\folder.htt 1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/16/08 09:49p 68856] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [05/05/08 12:22p 1923352] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/08 10:33a 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [06/19/03 12:05p 111376 C:\WINNT\system32\mobsync.exe] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [05/05/03 08:57a 143360] "DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [05/08/03 11:34a 69632] "NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [07/28/03 03:19p 4841472] "IgfxTray"="C:\WINNT\system32\igfxtray.exe" [10/15/02 11:18p 155648] "HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [10/15/02 11:05p 114688] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/07 07:51p 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/08 04:25a 144784] "HP CD-DVD"="C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe" [08/16/01 05:01p 49152] "MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [03/01/06 11:58a 712704] "mspm"="C:\Program Files\Maxtor\OneTouch\utils\mspm.exe" [09/03/05 03:10a 225280] "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [10/17/05 04:24p 81920] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 09:41a 282624] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/27/07 08:14p 271672] "QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [05/09/07 06:15p 198800] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/13/08 10:27a 1177368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 12:05p 186640] C:\Documents and Settings\EOL1\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-17 13:27:54 229376] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/08 10:13a 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/07 01:41p 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= mmdrv.dll R0 AvgRkx86;avgrkx86.sys;C:\WINNT\system32\Drivers\avgrkx86.sys [06/13/08 10:27a] R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS [05/27/00 04:37a] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [06/13/08 10:27a] R1 hpcd2k;hpcd2k;C:\WINNT\system32\drivers\hpcd2k.sys [10/23/00 09:38a] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [06/13/08 10:27a] R2 AvgTdiX;AVG8 Network Redirector;C:\WINNT\system32\Drivers\avgtdix.sys [06/13/08 10:27a] R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [06/19/03 12:05p] S3 HPUATA;HP CD-Writer Controller Driver;C:\WINNT\system32\DRIVERS\HPUATA.sys [08/23/01 12:57a] Start Pending2 bloedkdg;Direct Parallel Link Monitor;C:\WINNT\System32\svchost.exe [12/07/99 05:00a] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs bloedkdg *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-05-15 23:15:00 C:\WINNT\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-21 21:30:05 C:\WINNT\Tasks\At1.job" - C:\WINNT\system32\rundll32.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-21 15:32:00 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 06/21/2008 15:32:57 ComboFix-quarantined-files.txt 2008-06-21 22:32:50 Pre-Run: 72,863,166,464 bytes free Post-Run: 73,071,632,384 bytes free 115