Finally, it works.
ComboFix 08-03-04.5 - Mark S Chung 2008-03-05 13:11:13.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.873 [GMT -8:00]
Running from: C:\Documents and Settings\Mark S Chung\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.
2008-03-04 11:11 . 2008-03-04 11:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-03 22:08 . 2008-03-03 22:08 <DIR> d-------- C:\Documents and Settings\Mark S Chung\Application Data\Sharp
2008-03-03 22:08 . 2008-03-03 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-03-03 22:08 . 2008-03-03 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-03-03 17:42 . 2008-03-03 17:42 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-03 17:42 . 2008-03-03 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-02 12:01 . 2008-03-02 12:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-01 11:00 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-01 11:00 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-01 11:00 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-01 11:00 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-01 11:00 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-27 01:14 . 2008-02-27 01:14 1,693 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq nx6110 (PZ891UA#ABA)_YN_0U_QCNU6030JJH_EU_46_I3088_SHP_VKBC Version 39.1E_B68DTD Ver. F.0C_T051121_WXP2_L409_M1272_J40_7Intel_8Pentium M_90.8_#080109_N14E4170C_(PZ891UA#ABA)_XMOBILE_CN10.MRK
2008-02-27 01:03 . 2004-11-08 06:10 127,744 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-02-23 23:24 . 2008-02-23 23:24 <DIR> d-------- C:\Documents and Settings\Mark S Chung\WINDOWS
2008-02-23 22:57 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-23 22:57 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-17 00:50 . 2008-02-17 00:50 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Symantec
2008-02-17 00:02 . 2008-02-17 00:02 <DIR> d-------- C:\Program Files\SymNetDrv
2008-02-16 23:39 . 2008-02-28 17:59 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-16 23:39 . 2003-11-21 08:07 82,984 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-16 23:39 . 2003-11-21 08:07 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-16 20:25 . 2008-02-16 20:25 244 --ah----- C:\sqmnoopt19.sqm
2008-02-16 20:25 . 2008-02-16 20:25 232 --ah----- C:\sqmdata19.sqm
2008-02-16 00:03 . 2008-02-16 00:03 244 --ah----- C:\sqmnoopt18.sqm
2008-02-16 00:03 . 2008-02-16 00:03 232 --ah----- C:\sqmdata18.sqm
2008-02-15 15:15 . 2008-02-15 15:15 244 --ah----- C:\sqmnoopt17.sqm
2008-02-15 15:15 . 2008-02-15 15:15 232 --ah----- C:\sqmdata17.sqm
2008-02-15 00:23 . 2008-02-15 00:23 244 --ah----- C:\sqmnoopt16.sqm
2008-02-15 00:23 . 2008-02-15 00:23 232 --ah----- C:\sqmdata16.sqm
2008-02-13 22:49 . 2008-02-13 22:49 244 --ah----- C:\sqmnoopt15.sqm
2008-02-13 22:49 . 2008-02-13 22:49 232 --ah----- C:\sqmdata15.sqm
2008-02-12 00:26 . 2008-02-12 00:26 244 --ah----- C:\sqmnoopt14.sqm
2008-02-12 00:26 . 2008-02-12 00:26 232 --ah----- C:\sqmdata14.sqm
2008-02-11 20:14 . 2008-02-11 20:14 244 --ah----- C:\sqmnoopt13.sqm
2008-02-11 20:14 . 2008-02-11 20:14 232 --ah----- C:\sqmdata13.sqm
2008-02-11 17:00 . 2008-02-11 17:00 244 --ah----- C:\sqmnoopt12.sqm
2008-02-11 17:00 . 2008-02-11 17:00 232 --ah----- C:\sqmdata12.sqm
2008-02-10 23:53 . 2008-02-10 23:53 244 --ah----- C:\sqmnoopt11.sqm
2008-02-10 23:53 . 2008-02-10 23:53 232 --ah----- C:\sqmdata11.sqm
2008-02-10 23:08 . 2008-02-10 23:08 244 --ah----- C:\sqmnoopt10.sqm
2008-02-10 23:08 . 2008-02-10 23:08 232 --ah----- C:\sqmdata10.sqm
2008-02-10 02:47 . 2008-02-10 02:47 244 --ah----- C:\sqmnoopt09.sqm
2008-02-10 02:47 . 2008-02-10 02:47 232 --ah----- C:\sqmdata09.sqm
2008-02-09 23:02 . 2008-02-09 23:02 244 --ah----- C:\sqmnoopt08.sqm
2008-02-09 23:02 . 2008-02-09 23:02 232 --ah----- C:\sqmdata08.sqm
2008-02-09 00:17 . 2008-02-09 00:17 244 --ah----- C:\sqmnoopt07.sqm
2008-02-09 00:17 . 2008-02-09 00:17 232 --ah----- C:\sqmdata07.sqm
2008-02-08 16:59 . 2008-02-08 16:59 244 --ah----- C:\sqmnoopt06.sqm
2008-02-08 16:59 . 2008-02-08 16:59 232 --ah----- C:\sqmdata06.sqm
2008-02-08 16:12 . 2008-03-03 16:16 244 --ah----- C:\sqmnoopt05.sqm
2008-02-08 16:12 . 2008-03-03 16:16 232 --ah----- C:\sqmdata05.sqm
2008-02-08 12:50 . 2008-02-08 11:00 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-08 12:50 . 2008-02-08 12:50 3,459 --a------ C:\WINDOWS\unins000.dat
2008-02-07 23:34 . 2008-02-29 13:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-07 23:34 . 2008-02-29 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 20:03 --------- d-----w C:\Documents and Settings\Mark S Chung\Application Data\Azureus
2008-03-03 08:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-03 07:47 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-27 09:17 --------- d-----w C:\Program Files\InterVideo
2008-02-27 09:14 1,693 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq nx6110 (PZ891UA#ABA)_YN_0U_QCNU6030JJH_EU_46_I3088_SHP_VKBC Version 39.1E_B68DTD Ver. F.0C_T051121_WXP2_L409_M1272_J40_7Intel_8Pentium M_90.8_#080109_N14E4170C_(PZ891UA#ABA)_XMOBILE_CN10.MRK
2008-02-27 09:12 --------- d-----w C:\Program Files\HPQ
2008-02-27 09:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-17 08:02 --------- d-----w C:\Program Files\Symantec
2008-02-17 07:43 --------- d-----w C:\Documents and Settings\Mark S Chung\Application Data\LimeWire
2008-02-17 07:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-14 00:37 --------- d-----w C:\Documents and Settings\Mark S Chung\Application Data\U3
2008-01-20 07:07 --------- d-----w C:\Documents and Settings\Mark S Chung\Application Data\dvdcss
2008-01-17 20:38 --------- d-----w C:\Program Files\LimeWire
2008-01-15 06:55 --------- d-----w C:\Program Files\Winamp
2008-01-15 06:48 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-01-15 00:32 67,584 ----a-w C:\WINDOWS\system32\xanalyze.dll
2008-01-15 00:32 164,352 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-01-11 02:09 --------- d-----w C:\Program Files\Azureus
2008-01-11 01:12 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-01-11 00:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-10 03:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-10 01:38 --------- d-----w C:\Documents and Settings\Mark S Chung\Application Data\Roxio
2008-01-10 00:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-10 00:27 2,320,640 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-01-10 00:21 --------- d-----w C:\Documents and Settings\Mark S Chung\Application Data\TuneUp Software
2008-01-09 23:16 --------- d-----w C:\Program Files\Microsoft Works
2008-01-09 23:14 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-09 23:03 --------- d-----w C:\Program Files\MSN Messenger
2008-01-09 22:58 646,392 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-09 22:55 --------- d-----w C:\Documents and Settings\Mark S Chung\Application Data\InterVideo
2008-01-09 22:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-09 22:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-09 22:34 --------- d-----w C:\Program Files\VideoLAN
2008-01-09 22:34 --------- d-----w C:\Documents and Settings\Mark S Chung\Application Data\vlc
2008-01-09 22:33 --------- d-----w C:\Program Files\XP Codec Pack
2008-01-09 22:33 --------- d-----w C:\Program Files\Illustrate
2008-01-09 22:30 --------- d-----w C:\Program Files\IZArc
2008-01-09 22:20 --------- d-----w C:\Program Files\Roxio
2008-01-09 22:20 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-09 22:16 --------- d-----w C:\Documents and Settings\Mark S Chung\Application Data\Symantec
2008-01-09 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\hpqwmi
2008-01-09 22:00 --------- d-----w C:\Program Files\Intel
2008-01-09 21:52 --------- d-----w C:\Program Files\Windows Media Connect
2008-01-09 21:50 --------- d-----w C:\Program Files\Java
2008-01-09 21:50 --------- d-----w C:\Program Files\HP Accessories Product Tour
2008-01-09 21:50 --------- d-----w C:\Program Files\Common Files\Java
2008-01-09 21:40 --------- d-----w C:\Program Files\Synaptics
2008-01-09 21:40 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-09 21:39 --------- d-----w C:\Program Files\Broadcom
2008-01-09 21:38 --------- d-----w C:\Program Files\Analog Devices
2008-01-09 21:29 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-04-08 11:08 73728]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 03:50 729178]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 02:32 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 02:29 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 02:32 114688]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 16:28 213054]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2008-01-09 13:50 36972]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 10:59 794624]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 14:54 184320]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 14:22 35328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 15:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 17:45 71280]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-02-17 00:02 95960]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 03:20 88363 C:\WINDOWS\AGRSMMSG.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-01-09 13:53:27 184320]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"D:\\Microsoft Games\\Halo\\halo.exe"=
"C:\\Program Files\\LimeWire\\LimeWire Pro.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 15:56]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\cmo_bus.sys [2005-08-16 17:59]
S3 cmo_mdfl;Data Modem @ CDMA Filter;C:\WINDOWS\system32\DRIVERS\cmo_mdfl.sys [2005-08-16 18:02]
S3 cmo_mdm;Data Modem @ CDMA Drivers;C:\WINDOWS\system32\DRIVERS\cmo_mdm.sys [2005-08-16 18:02]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09e294a5-caaa-11dc-acb6-0014a56f13af}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef1313a7-c950-11dc-acb0-0014a56f13af}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-05 21:06:44 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-05 13:12:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????3?8?4?8??????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-05 13:13:15
Edited by chung, 05 March 2008 - 12:33 PM.