ComboFix 08-02-15.1 - Administrator 2008-02-14 13:06:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.550 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
[color=red]
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.
2008-02-14 07:58 . 2008-02-14 07:58 <DIR> d-------- C:\Program Files\Defraggler
2008-02-14 04:51 . 2008-02-14 04:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-14 04:50 . 2008-02-14 04:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-14 04:50 . 2008-02-14 04:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-14 04:43 . 2008-02-14 04:43 <DIR> d-------- C:\VundoFix Backups
2008-02-13 12:22 . 2008-02-13 12:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-11 06:35 . 2008-02-11 06:35 <DIR> d-------- C:\Program Files\DivX
2008-02-09 11:01 . 2008-02-14 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-09 11:01 . 2008-02-15 13:16 2,076,960 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-09 11:01 . 2008-02-09 11:07 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-09 11:01 . 2008-02-09 11:01 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-09 11:01 . 2008-02-15 13:15 34,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-09 11:01 . 2008-02-14 07:28 29,252 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-09 11:01 . 2008-02-14 07:28 4,784 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-07 09:17 . 2008-02-09 11:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-07 09:16 . 2008-02-09 11:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-06 09:38 . 2008-02-06 09:38 <DIR> d-------- C:\Program Files\FireTrust
2008-02-06 09:38 . 2008-02-10 06:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2008-02-02 08:40 . 2002-12-11 17:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-31 08:19 . 2008-01-31 08:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-01-31 08:18 . 2008-01-31 08:18 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-01-31 08:18 . 2008-01-31 08:18 <DIR> d-------- C:\Program Files\ACD Systems
2008-01-31 08:18 . 2008-01-31 08:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-01-31 07:06 . 2008-01-31 07:06 <DIR> d-------- C:\Program Files\CCleaner
2008-01-31 06:45 . 2008-01-31 06:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-01-31 05:51 . 2008-02-14 07:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-31 05:51 . 2008-01-31 05:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-30 07:45 . 2008-01-30 07:45 <DIR> d-------- C:\Program Files\directx
2008-01-30 07:45 . 2008-01-30 07:51 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-30 07:42 . 2008-01-30 07:42 <DIR> d-------- C:\Program Files\KONAMI
2008-01-30 05:06 . 2008-01-30 05:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-30 05:06 . 2008-01-30 05:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-30 05:06 . 2008-01-30 05:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-01-30 05:04 . 2008-01-30 05:04 <DIR> d-------- C:\WINDOWS\cache
2008-01-30 02:53 . 2008-01-30 02:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2008-01-29 22:58 . 2008-01-29 22:58 118,784 --------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2008-01-29 22:56 . 2005-05-25 02:40 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-29 22:56 . 2005-05-25 02:40 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-01-29 22:56 . 2005-05-25 02:40 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-01-29 22:56 . 2005-05-25 02:40 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-01-29 22:56 . 2005-05-20 15:01 68,352 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-01-29 22:56 . 2005-05-20 15:00 54,528 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-01-29 22:56 . 2005-05-20 15:00 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-01-29 21:48 . 2008-01-29 21:48 <DIR> d-------- C:\Program Files\uTorrent
2008-01-29 21:48 . 2008-02-15 13:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-01-29 21:20 . 2008-01-29 21:20 <DIR> d-------- C:\Program Files\Webteh
2008-01-29 21:20 . 2008-01-29 21:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
2008-01-29 21:20 . 2008-01-29 21:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BSplayer
2008-01-27 22:52 . 2008-01-27 22:52 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-01-27 16:13 . 2008-01-27 16:14 <DIR> d-------- C:\Program Files\Live Poker
2008-01-25 19:52 . 2008-01-25 19:52 <DIR> d-------- C:\Program Files\Dream Match Tennis
2008-01-25 19:52 . 2005-10-17 04:05 200,192 --------- C:\WINDOWS\eiunin21.exe
2008-01-25 19:27 . 2008-01-25 19:27 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-25 19:27 . 1997-11-11 22:33 317,440 --a------ C:\WINDOWS\IsUninst.exe
2008-01-25 09:25 . 2008-01-25 09:26 <DIR> d-------- C:\Program Files\Girder
2008-01-24 21:55 . 2008-01-24 21:55 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-01-24 21:52 . 2008-01-24 21:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-24 21:35 . 2008-01-24 21:52 <DIR> d-------- C:\Program Files\Windows Live
2008-01-24 21:35 . 2008-01-24 21:52 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-24 21:35 . 2008-01-24 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-24 21:34 . 2008-01-24 21:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-24 21:33 . 2008-01-24 21:33 <DIR> d-------- C:\Program Files\QuickTime
2008-01-24 21:33 . 2008-01-24 21:33 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-24 21:33 . 2008-01-24 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-24 21:33 . 2008-01-24 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-24 21:30 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-24 21:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-24 21:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-24 21:30 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-24 21:13 . 2008-01-24 21:13 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-24 21:13 . 2008-01-29 22:55 50 --a------ C:\WINDOWS\cdplayer.ini
2008-01-24 21:12 . 2008-01-24 21:13 <DIR> d-------- C:\Program Files\Real
2008-01-24 21:12 . 2008-01-24 21:12 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-24 21:12 . 2008-01-24 21:12 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-24 21:12 . 2008-01-24 21:12 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-24 20:49 . 2008-01-24 20:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-24 20:49 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-24 20:03 . 2008-02-14 04:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 20:02 . 2008-01-24 20:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ESET
2008-01-24 20:01 . 2008-01-24 20:01 <DIR> d-------- C:\Program Files\ESET
2008-01-24 20:01 . 2008-01-24 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-24 19:59 . 2008-01-24 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-24 17:06 . 2008-01-29 21:26 <DIR> d-------- C:\Program Files\Total Video Player
2008-01-23 20:14 . 2008-01-23 20:14 <DIR> d--hs---- C:\Documents and Settings\Administrator\UserData
2008-01-23 17:50 . 2006-07-17 01:40 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-23 17:50 . 2006-07-17 01:40 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-23 17:48 . 2008-02-14 09:01 <DIR> d-------- C:\Program Files\Logitech
2008-01-23 17:48 . 2008-01-29 22:56 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-01-23 17:48 . 2004-04-14 10:54 163,840 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2008-01-23 17:48 . 2004-04-14 11:08 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-01-23 17:48 . 2004-04-14 11:08 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-01-23 17:48 . 2004-04-14 11:08 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-01-23 17:48 . 2004-04-14 11:08 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-01-23 17:38 . 2008-01-23 17:38 <DIR> d-------- C:\Program Files\EA SPORTS
2008-01-23 09:37 . 2008-01-23 09:37 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-23 09:36 . 2008-01-23 09:36 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-23 09:36 . 2007-12-20 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-01-23 09:34 . 2008-01-23 09:34 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-01-23 09:34 . 2008-01-23 09:34 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-23 09:34 . 2008-01-23 09:34 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-18 08:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-18 08:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-23 00:48 68856]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-02 20:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 03:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 02:04 2879488 C:\WINDOWS\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-24 21:12 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 00:43 227856]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Girder3.lnk - C:\Program Files\Girder\Girder.exe [2008-01-25 09:25:44 1830912]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-23 00:48:42 124400]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-29 22:56:50 450560]
Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2008-01-23 01:11:35 344064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2006-03-13 17:22]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 03:15:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-15 13:16:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-15 13:18:10