ComboFix 07-12-17.1 - default 2007-12-17 20:10:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.230 [GMT -5:00]
Running from: C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OOJH1JYP\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\default\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\default\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\default\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\icroso~1.net
C:\Program Files\inetget2
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\bkR11
C:\Temp\bkR11\ftCa.log
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\hda.dll
C:\WINDOWS\system32\hplyhxqp.exe
C:\WINDOWS\system32\hsdjnaud.dll
C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\ijllm.ini2
C:\WINDOWS\system32\instsrv.exe
C:\WINDOWS\system32\mljjgge.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mvujjpki.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pbexkbuw.ini
C:\WINDOWS\system32\qorrvdbl.exe
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\wubkxebp.dll
C:\winlogon.exe
C:\x.dat
C:\z.dat
C:\WINDOWS\Fonts\'
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))
.
2007-12-17 19:54 . <DIR> C:\WINDOWS\LastGood.Tmp
2007-12-16 13:51 . 2007-12-16 16:24 26,810 --a------ C:\WINDOWS\DIIUnin.dat
2007-12-16 13:50 . 2007-12-16 13:50 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2007-12-16 13:50 . 2007-12-16 13:50 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-12-16 13:46 . 2007-12-17 13:46 970,949 --ahs---- C:\WINDOWS\system32\uefavvuu.ini
2007-12-16 13:40 . 2007-12-17 07:24 <DIR> d-------- C:\Diablo II
2007-12-16 10:09 . 2005-03-01 18:06 211 --ah----- C:\boot.ini.SAB
2007-12-16 10:03 . 2007-12-16 10:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-12-15 23:52 . 2007-12-16 02:26 970,437 --ahs---- C:\WINDOWS\system32\awqskfbf.ini
2007-12-15 21:26 . 2007-12-15 21:26 <DIR> d-------- C:\Program Files\Router
2007-12-15 13:23 . 2007-12-15 13:23 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-15 00:32 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-12-14 21:00 . 2007-12-14 21:00 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-14 20:57 . 2007-12-15 23:31 <DIR> d--hs---- C:\WINDOWS\ZGVmYXVsdA
2007-12-14 20:57 . 2007-12-16 02:11 <DIR> d-------- C:\WINDOWS\system32\pi3
2007-12-14 20:57 . 2007-12-14 23:36 <DIR> d-------- C:\WINDOWS\system32\eu1
2007-12-14 20:57 . 2007-12-14 20:57 <DIR> d-------- C:\WINDOWS\system32\daSgo05
2007-12-14 20:57 . 2007-12-14 20:57 134 --a------ C:\n.bat
2007-12-07 16:40 . 2007-12-07 16:40 <DIR> d-------- C:\Program Files\BitZipper
2007-12-07 16:40 . 2007-12-07 16:40 <DIR> d-------- C:\Documents and Settings\default\Application Data\BitZipper
2007-12-03 22:38 . 2007-12-03 22:38 <DIR> d-------- C:\Documents and Settings\default\Application Data\ATI
2007-12-03 22:32 . 2007-12-03 22:33 <DIR> d-------- C:\Program Files\ATI Technologies
2007-12-03 22:32 . 2006-05-03 11:57 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-12-03 22:31 . 2007-12-03 22:31 <DIR> d-------- C:\ATI
2007-12-01 09:16 . 2007-12-01 09:16 <DIR> dr-h----- C:\Documents and Settings\default\Application Data\SecuROM
2007-11-29 22:29 . 2007-11-29 22:29 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-11-29 19:56 . 2007-11-29 22:18 <DIR> d-------- C:\Program Files\D-Tools
2007-11-29 19:56 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-11-29 19:56 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-11-18 15:44 . 2007-11-18 15:44 462,848 --a------ C:\cls.dll
2007-11-18 15:44 . 2007-11-18 15:44 69,632 --a------ C:\atm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 18:21 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-16 06:44 --------- d-----w C:\Program Files\SearchRelevant
2007-12-16 04:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-15 04:36 --------- d-----w C:\Program Files\S3
2007-12-15 03:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 21:43 --------- d-----w C:\Program Files\Guild Wars
2007-11-19 20:54 --------- d-----w C:\Program Files\mIRC
2007-11-12 23:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-04 18:19 8,405 ----a-w C:\Program Files\install.log
2007-11-04 18:19 --------- d-----w C:\Program Files\GameSpot
2007-11-03 15:31 --------- d-----w C:\Program Files\Google
2007-11-01 11:49 85,152 ----a-w C:\Documents and Settings\default\Application Data\GDIPFONTCACHEV1.DAT
2007-10-24 00:18 --------- d-----w C:\Program Files\Google Video
2007-07-19 13:29 14 ----a-w C:\Documents and Settings\default\getfile.dat
2007-03-24 15:41 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2001-10-16 21:04 5,492 ----a-w C:\Program Files\Readme.txt
2005-05-15 00:11 56 -csh--r C:\WINDOWS\system32\481E71293C.sys
2005-05-15 01:28 1,393,558,694 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trash it! Scheduler"="C:\Program Files\Trash it!\Trash it Scheduler.exe" []
"LDM"="\Program\BackWeb-8876480.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 22:31]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2007-09-26 13:14]
"Router"="C:\Program Files\Router\Router.exe" [2007-12-15 21:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-03-27 03:34 C:\WINDOWS\SOUNDMAN.EXE]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-31 04:54]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-01-14 15:55]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 05:50]
"Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [2003-03-21 12:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-01-26 09:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-08 13:33]
"salm"="c:\temp\salm.exe" []
"BullsEye Network"="C:\Program Files\BullsEye Network\bin\bargains.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-28 12:07]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"Gbzzkl"="C:\Program Files\Ydrq\Ibbe.exe" []
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe" [2005-03-28 02:45]
"BDNewsAgent"="c:\program files\softwin\bitdefender8\bdnagent.exe" [2005-05-09 11:19]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:56]
"NT LM Security Support Regulator"="ntlmssr.exe" []
"Symantec Anti Virus"="symantec32.exe" []
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-07-25 17:03]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 22:31]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Symantec Anti Virus"="symantec32.exe" []
C:\Documents and Settings\default\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe [2007-10-12 19:34:50]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-02-14 00:19:36]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-28 09:37:20]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-27 18:07:55]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
S2 ZESOFT;ZESOFT;C:\WINDOWS\zeta.exe []
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef36582-e498-11db-913e-0020ed8fe34f}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-16 07:15:00 C:\WINDOWS\Tasks\SpyHunter.job"
- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 20:28:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-12-17 20:31:05 - machine was rebooted
.
2007-12-17 21:49:44 --- E O F ---