ComboFix 08-06-20.4 - user 06/27/2008 11:56:31.2 - NTFSx86 Running from: C:\Documents and Settings\EOL1\Desktop\virus software\ComboFix.exe Command switches used :: C:\Documents and Settings\EOL1\Desktop\virus software\CFScript.txt [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\WINNT\Tasks\At1.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINNT\Tasks\At1.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BLOEDKDG -------\Service_bloedkdg ((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))) . 2008-06-27 12:00 . 08-06-27 12:00 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_448.dat 2008-06-27 07:44 . 07-07-30 19:18 34,136 --a------ C:\WINNT\system32\wucltui.dll.mui 2008-06-27 07:44 . 07-07-30 19:19 25,944 --a------ C:\WINNT\system32\wuaucpl.cpl.mui 2008-06-27 07:44 . 07-07-30 19:19 25,944 --a------ C:\WINNT\system32\wuapi.dll.mui 2008-06-27 07:44 . 07-07-30 19:18 20,312 --a------ C:\WINNT\system32\wuaueng.dll.mui 2008-06-24 15:49 . 08-06-24 15:49 d-------- C:\Program Files\MyPublisher 2008-06-24 15:48 . 08-06-24 15:48 d-------- C:\Documents and Settings\EOL1\Application Data\MyPublisher 2008-06-24 15:46 . 08-06-24 15:48 10,795,384 --a------ C:\Program Files\CostcoPublisher.exe 2008-06-21 14:54 . 08-06-21 14:54 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-21 14:53 . 08-06-21 14:54 d-------- C:\Program Files\SUPERAntiSpyware 2008-06-21 14:53 . 08-06-21 14:53 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-21 14:53 . 08-06-21 14:53 d-------- C:\Documents and Settings\EOL1\Application Data\SUPERAntiSpyware.com 2008-06-14 09:42 . 08-06-14 09:42 d-------- C:\Documents and Settings\EOL1\Application Data\Snapfish 2008-06-13 15:57 . 08-06-13 15:57 d-------- C:\Program Files\Uniblue 2008-06-13 15:57 . 08-06-13 15:57 d-------- C:\Documents and Settings\EOL1\Application Data\Uniblue 2008-06-13 11:03 . 08-06-13 11:03 d-------- C:\Program Files\Trend Micro 2008-06-13 10:30 . 08-06-13 11:27 d--h----- C:\$AVG8.VAULT$ 2008-06-13 10:27 . 08-06-27 08:45 d-------- C:\WINNT\system32\drivers\Avg 2008-06-13 10:27 . 08-06-13 10:27 d-------- C:\Program Files\AVG 2008-06-13 10:27 . 08-06-13 10:27 d-------- C:\Documents and Settings\EOL1\Application Data\AVGTOOLBAR 2008-06-13 10:27 . 08-06-13 10:27 d-a------ C:\Documents and Settings\All Users\Application Data\avg8 2008-06-13 10:27 . 08-06-23 09:48 96,520 --a------ C:\WINNT\system32\drivers\avgldx86.sys 2008-06-13 10:27 . 08-06-23 09:49 76,040 --a------ C:\WINNT\system32\drivers\avgtdix.sys 2008-06-13 10:27 . 08-06-23 09:48 12,936 --a------ C:\WINNT\system32\drivers\avgrkx86.sys 2008-06-13 10:27 . 08-06-23 09:48 10,520 --a------ C:\WINNT\system32\avgrsstx.dll 2008-06-08 22:49 . 08-06-26 23:08 642,824 ---h----- C:\WINNT\ShellIconCache 2008-06-08 18:52 . 08-06-08 18:52 d-------- C:\Program Files\Common Files\Mozilla Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-10 16:53 --------- d-----w C:\Program Files\Apple Software Update 2008-05-10 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-05-07 23:06 --------- d-----w C:\Program Files\iTunes 2007-03-02 18:20 271 ---h--w C:\Program Files\desktop.ini 2007-03-02 18:20 21,952 ---h--w C:\Program Files\folder.htt . ((((((((((((((((((((((((((((( snapshot@Sat 06-21-2008_15.32.33.54 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-21 03:02:28 163,328 ----a-w C:\WINNT\erdnt\subs\ERDNT.EXE - 2005-05-26 11:16:24 75,544 ----a-w C:\WINNT\system32\cdm.dll + 2007-07-31 02:19:20 92,504 ----a-w C:\WINNT\system32\cdm.dll - 2005-05-26 11:16:24 75,544 -c--a-w C:\WINNT\system32\dllcache\cdm.dll + 2007-07-31 02:19:20 92,504 -c--a-w C:\WINNT\system32\dllcache\cdm.dll - 2005-05-26 11:16:30 124,184 -c--a-w C:\WINNT\system32\dllcache\wuauclt.exe + 2007-07-31 02:19:16 53,080 -c--a-w C:\WINNT\system32\dllcache\wuauclt.exe - 2005-05-26 11:16:30 1,343,768 -c--a-w C:\WINNT\system32\dllcache\wuaueng.dll + 2007-07-31 02:19:42 1,712,984 -c--a-w C:\WINNT\system32\dllcache\wuaueng.dll - 2008-06-13 17:27:51 26,184 ----a-w C:\WINNT\system32\drivers\avgmfx86.sys + 2008-06-23 16:48:41 26,824 ----a-w C:\WINNT\system32\drivers\avgmfx86.sys + 2007-07-31 02:18:40 33,624 ----a-w C:\WINNT\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll + 2007-07-31 02:19:12 43,352 ----a-w C:\WINNT\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll - 2005-05-26 11:16:30 465,176 ----a-w C:\WINNT\system32\wuapi.dll + 2007-07-31 02:19:36 549,720 ----a-w C:\WINNT\system32\wuapi.dll - 2005-05-26 11:16:30 124,184 ----a-w C:\WINNT\system32\wuauclt.exe + 2007-07-31 02:19:16 53,080 ----a-w C:\WINNT\system32\wuauclt.exe - 2005-05-26 11:16:30 1,343,768 ----a-w C:\WINNT\system32\wuaueng.dll + 2007-07-31 02:19:42 1,712,984 ----a-w C:\WINNT\system32\wuaueng.dll - 2005-05-26 11:16:30 127,256 ----a-w C:\WINNT\system32\wucltui.dll + 2007-07-31 02:19:32 325,976 ----a-w C:\WINNT\system32\wucltui.dll - 2005-05-26 11:16:30 41,240 ----a-w C:\WINNT\system32\wups.dll + 2007-07-31 02:18:40 33,624 ----a-w C:\WINNT\system32\wups.dll - 2005-05-26 11:16:30 18,200 ----a-w C:\WINNT\system32\wups2.dll + 2007-07-31 02:19:12 43,352 ----a-w C:\WINNT\system32\wups2.dll - 2005-05-26 11:19:32 173,536 ----a-w C:\WINNT\system32\wuweb.dll + 2007-07-31 02:19:28 203,096 ----a-w C:\WINNT\system32\wuweb.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08-04-16 21:49 68856] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [08-05-05 12:22 1923352] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [08-05-28 10:33 1506544] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [07-03-01 10:37 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 C:\WINNT\system32\mobsync.exe] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [03-05-05 08:57 143360] "DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [03-05-08 11:34 69632] "NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [03-07-28 15:19 4841472] "IgfxTray"="C:\WINNT\system32\igfxtray.exe" [02-10-15 23:18 155648] "HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [02-10-15 23:05 114688] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [07-10-10 19:51 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [08-02-22 04:25 144784] "HP CD-DVD"="C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe" [01-08-16 17:01 49152] "MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [06-03-01 11:58 712704] "mspm"="C:\Program Files\Maxtor\OneTouch\utils\mspm.exe" [05-09-03 03:10 225280] "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [05-10-17 16:24 81920] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 282624] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07-07-27 20:14 271672] "QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [07-05-09 18:15 198800] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [08-06-23 09:49 1231128] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 186640] C:\Documents and Settings\EOL1\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-17 13:27:54 229376] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [08-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= mmdrv.dll R0 AvgRkx86;avgrkx86.sys;C:\WINNT\system32\Drivers\avgrkx86.sys [08-06-23 09:48 ] R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS [00-05-27 04:37 ] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [08-06-23 09:48 ] R1 hpcd2k;hpcd2k;C:\WINNT\system32\drivers\hpcd2k.sys [00-10-23 09:38 ] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [08-06-23 09:48 ] R2 AvgTdiX;AVG8 Network Redirector;C:\WINNT\system32\Drivers\avgtdix.sys [08-06-23 09:49 ] R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [03-06-19 12:05 ] S3 HPUATA;HP CD-Writer Controller Driver;C:\WINNT\system32\DRIVERS\HPUATA.sys [01-08-23 00:57 ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs bloedkdg . Contents of the 'Scheduled Tasks' folder "2008-05-15 23:15:00 C:\WINNT\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-27 12:01:07 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINNT\TEMP\d3462459-fd38-4f76-9ac4-b8f1b31a101c.tmp 0 bytes scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 2008-06-27 12:06:03 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-27 19:05:40 ComboFix2.txt 2008-06-21 22:32:58 Pre-Run: 71,631,872,000 bytes free Post-Run: 71,580,065,792 bytes free 156