ComboFix 07-12-21.4 - Turid 2007-12-22 17:15:43.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.371 [GMT 1:00] Running from: C:\Documents and Settings\Turid\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))) . 2007-12-22 17:22 . 2007-12-22 17:22 53,248 --a------ C:\TEMP\jvtulrqs.dll 2007-12-22 12:18 . 2007-06-21 14:07 146,672 --a------ C:\TEMP\SSUPDATE.EXE 2007-12-21 13:22 . 2007-12-21 13:23 1,393 --a------ C:\WINDOWS\imsins.BAK 2007-12-21 00:57 . 2007-12-21 16:49 d-------- C:\Program Files\SUPERAntiSpyware 2007-12-21 00:57 . 2007-12-21 00:57 d-------- C:\Documents and Settings\Turid\Application Data\SUPERAntiSpyware.com 2007-12-21 00:57 . 2007-12-21 00:57 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-12-21 00:43 . 2007-12-21 16:04 d-------- C:\Program Files\Trend Micro 2007-12-20 19:41 . 2007-12-22 02:29 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-20 18:27 . 2007-12-20 18:27 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2007-12-19 23:30 . 2007-12-19 23:30 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2007-12-19 23:14 . 2007-12-20 20:46 d-------- C:\Documents and Settings\Turid\Application Data\Uniblue 2007-12-12 15:55 . 2007-12-12 15:57 d-------- C:\Program Files\Winamp3 2007-12-12 15:55 . 2007-12-12 15:55 41 --a------ C:\WINDOWS\winampa.ini 2007-12-12 14:55 . 2007-12-20 21:31 d-------- C:\Documents and Settings\Turid\Application Data\AVG7 2007-12-12 14:52 . 2007-12-12 14:52 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-12 14:51 . 2007-12-12 14:51 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-12 14:51 . 2007-12-20 12:11 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-12-10 23:30 . 2007-12-11 00:02 d-------- C:\Documents and Settings\Turid\Application Data\Winamp 2007-12-10 22:45 . 2007-12-22 13:53 d-------- C:\Program Files\CCleaner 2007-12-10 20:03 . 2007-12-20 11:37 d-------- C:\Program Files\Spyware Doctor 2007-12-10 20:03 . 2007-12-10 20:03 d-------- C:\Documents and Settings\Turid\Application Data\PC Tools 2007-12-10 20:03 . 2007-12-22 13:25 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-10 20:03 . 2007-12-14 08:36 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-10 20:03 . 2007-12-14 08:36 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-10 20:03 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-10 20:03 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-12-10 20:02 . 2007-12-10 20:02 d-------- C:\Program Files\Common Files\Download Manager 2007-12-10 20:02 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-10 16:20 . 2007-12-10 16:20 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-10 16:19 . 2007-12-21 00:55 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-06 00:33 . 2007-12-06 00:33 d-------- C:\Program Files\Windows Defender . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-22 16:23 --------- d-----w C:\Documents and Settings\Turid\Application Data\Skype 2007-12-22 12:25 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys 2007-12-19 14:35 --------- d-----w C:\Documents and Settings\Turid\Application Data\OpenOffice.org2 2007-12-16 18:05 --------- d-----w C:\Documents and Settings\Turid\Application Data\AdobeUM 2007-12-14 14:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-14 14:22 --------- d-----w C:\Program Files\Winamp 2007-12-12 20:03 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-12-12 19:42 --------- d-----w C:\Program Files\Opera 2007-12-12 19:39 --------- d-----w C:\Program Files\Opera7 2007-12-12 13:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-10 15:20 --------- d-----w C:\Program Files\Lavasoft 2007-12-10 10:11 --------- d-----w C:\Program Files\Google 2007-12-05 23:31 5,154,304 ----a-w C:\Program Files\WindowsDefender.msi 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 13:32 --------- d-----w C:\Program Files\eMule 2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-23 10:24 --------- d-----w C:\Program Files\Java 2007-09-26 11:01 1,056 --sha-w C:\zvnjawt3.sys . ((((((((((((((((((((((((((((( snapshot@2007-12-21_22.51.46.54 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-21 16:09:20 60,556 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-12-22 12:29:22 60,556 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-21 16:09:20 397,718 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-12-22 12:29:22 397,718 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 16:20] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-10 11:11] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TISDNMonitor"="C:\Program Files\TELES\ISDN Tools\tisdnmon.exe" [2000-06-26 10:59] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 09:55] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 09:51] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-10-23 08:37] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-10-14 13:44] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-10-27 22:38] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-05-06 17:22] "SbUsb AudCtrl"="RunDll32 sbusbdll.dll" [] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "CTSysVol"="C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe" [2003-02-17 17:25] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31] "IMONTRAY"="C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe" [2004-03-10 21:02] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-10 11:33] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 C:\WINDOWS\SOUNDMAN.EXE] "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2005-07-11 09:44] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-12-10 20:32] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-12 14:51] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-12 14:51] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-27 22:35:14] EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2003-11-05 21:50:43] EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [1999-10-22 00:10:00] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-01-06 19:38:44] Logo Calibration Loader.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2005-12-02 17:03:08] ProfileReminder.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2005-12-02 17:02:34] Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-06-03 22:40:18] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R0 SiSRaid;SiSRaid;C:\WINDOWS\system32\DRIVERS\SiSRaid.sys [2003-12-09 08:43] R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2007-12-22 13:25] R2 PDIHWCTL;PDIHWCTL;C:\WINDOWS\system32\drivers\pdihwctl.sys [2005-10-30 06:19] R3 3dfxvs;3dfxvs;C:\WINDOWS\system32\DRIVERS\3dfxvsm.sys [2001-08-17 13:48] R3 tnt1tr6;tnt1tr6;C:\WINDOWS\system32\DRIVERS\tnt1tr6.sys [2000-06-26 10:44] R3 tnt8208;tnt8208;C:\WINDOWS\system32\DRIVERS\tnt8208.sys [2000-06-26 10:46] R3 tntcapi;tntcapi;C:\WINDOWS\system32\DRIVERS\tntcapi.sys [2000-06-26 10:45] R3 tntdss1;tntdss1;C:\WINDOWS\system32\DRIVERS\tntdss1.sys [2000-06-26 10:45] R3 tnthdlc;tnthdlc;C:\WINDOWS\system32\DRIVERS\tnthdlc.sys [2000-06-26 10:46] R3 tntkrn;tntkrn;C:\WINDOWS\system32\DRIVERS\tntkrn.sys [2000-06-26 10:47] R3 tnts0cfg;tnts0cfg;C:\WINDOWS\system32\DRIVERS\tnts0cfg.sys [2000-06-26 10:48] R3 tnts0pci;tnts0pci;C:\WINDOWS\system32\DRIVERS\tnts0pci.sys [2000-06-26 10:49] R3 tntt30;tntt30;C:\WINDOWS\system32\DRIVERS\tntt30.sys [2000-06-26 10:47] R3 tntv110;tntv110;C:\WINDOWS\system32\DRIVERS\tntv110.sys [2000-06-26 10:50] R3 tntwan;tntwan;C:\WINDOWS\system32\DRIVERS\tntwan.sys [2000-06-26 10:50] S3 eyeonedp;eye-one display;C:\WINDOWS\system32\DRIVERS\eyeonedp.sys [2005-11-01 05:17] S3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys [] S3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [] *Newly Created Service* - WEBNTACCESS . Contents of the 'Scheduled Tasks' folder "2007-12-21 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe "2007-12-22 12:28:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2007-12-19 22:14:47 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-12-19 22:14:45 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-12-20 00:35:46 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2007-12-20 00:24:39 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-22 17:22:18 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-22 17:24:33 C:\ComboFix2.txt ... 2007-12-22 02:45 C:\ComboFix3.txt ... 2007-12-21 22:52 . 2007-12-21 12:23:17 --- E O F ---