ComboFix 08-01-23.1C - Nat 2008-01-26 14:26:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.241 [GMT 0:00]
Running from: C:\Documents and Settings\Nat\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nat\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\system32\bfofqplo.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bfofqplo.ini
.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.
2008-01-26 00:53 . 2008-01-26 00:53 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-26 00:53 . 2008-01-26 00:53 <DIR> d-------- C:\Program Files\AOD
2008-01-26 00:53 . 2004-02-25 13:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-25 13:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 21:15 . 2008-01-25 14:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-24 14:33 . 2008-01-24 14:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 21:13 . 2008-01-23 21:13 149 --a------ C:\WINDOWS\wininit.ini
2008-01-23 14:57 . 2008-01-23 14:57 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-01-22 19:35 . 2008-01-22 19:35 <DIR> d-------- C:\Program Files\Azureus
2008-01-22 18:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-22 14:38 . 2008-01-24 19:37 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-01-22 14:38 . 2008-01-24 19:37 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-01-22 14:38 . 2008-01-24 19:37 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-01-22 14:36 . 2008-01-24 12:53 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-22 14:10 . 2008-01-22 14:10 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-22 14:02 . 2008-01-22 14:02 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-01-22 13:58 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-01-22 13:58 . 2004-08-03 23:15 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-01-22 13:58 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-01-22 13:58 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-01-22 13:56 . 2005-06-20 14:53 159,825 --a------ C:\WINDOWS\system32\STAC97.CPL
2008-01-22 13:51 . 2005-06-25 23:09 114,688 --a------ C:\WINDOWS\system32\bmpsap.dll
2008-01-22 13:51 . 2005-05-14 11:12 7,552 --a------ C:\WINDOWS\system32\drivers\lgsnd_filter.sys
2008-01-22 13:50 . 2008-01-22 13:50 22 --a------ C:\WINDOWS\system32\ati64hl2.stb
2008-01-22 13:40 . 2008-01-22 13:46 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-22 13:37 . 2005-06-07 22:25 647,808 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-01-22 13:37 . 2005-06-07 22:25 647,808 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 13:37 . 2005-03-10 10:52 58,521 --a------ C:\WINDOWS\system32\drivers\ativckxx.vp
2008-01-22 13:37 . 2001-11-09 11:01 24,064 --a------ C:\WINDOWS\system32\ativcoxx.dll
2008-01-22 13:37 . 2005-06-08 07:26 21,360 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2008-01-22 13:37 . 2005-04-07 11:20 900 --a------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2008-01-22 13:22 . 2005-06-03 09:37 15,104 --a------ C:\WINDOWS\system32\drivers\Ndisipo.sys
2008-01-21 20:44 . 2008-01-21 20:44 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-01-21 20:42 . 2008-01-21 20:42 <DIR> d-------- C:\Program Files\AC3Filter
2008-01-21 20:42 . 2007-08-18 07:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-01-21 20:41 . 2000-04-01 04:11 291,408 --a------ C:\WINDOWS\system32\DivXa32.acm
2008-01-21 20:41 . 2000-04-01 04:11 291,408 --a------ C:\DivXa32.acm
2008-01-21 20:41 . 2002-03-17 12:17 2,634 --a------ C:\DivXAudioCompressor4.02.inf
2008-01-21 20:13 . 2008-01-21 20:13 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-01-21 20:13 . 2008-01-21 20:12 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-01-21 20:12 . 2008-01-21 20:12 <DIR> d-------- C:\WINDOWS\system32\languages
2008-01-21 20:12 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-21 20:12 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-21 20:12 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-21 20:11 . 2008-01-23 15:31 <DIR> d-------- C:\Program Files\Mv2Player
2008-01-21 20:10 . 2008-01-21 20:14 <DIR> d-------- C:\Program Files\GPL MPEG Decoder
2008-01-21 19:36 . 2008-01-21 19:36 17,021,984 --a------ C:\DivXInstaller.exe
2008-01-21 19:22 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-21 18:46 . 2008-01-21 18:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-21 18:44 . 2008-01-21 18:44 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-01-21 18:42 . 2008-01-21 18:44 <DIR> d-------- C:\Inetpub
2008-01-21 18:10 . 2008-01-21 18:10 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-01-21 18:09 . 2008-01-21 18:09 <DIR> d-------- C:\Program Files\BroadJump
2008-01-21 18:09 . 2002-08-02 14:56 663,552 --a------ C:\WINDOWS\system32\libeay32_1-1-0_DDR.dll
2008-01-21 18:09 . 2001-09-23 16:30 532,594 --a------ C:\WINDOWS\system32\xerces-c_1_40_0_DDR.dll
2008-01-21 18:09 . 2001-09-23 15:41 524,377 --a------ C:\WINDOWS\system32\stlport_4_0_0_DDR.dll
2008-01-21 18:09 . 2002-10-18 11:36 307,329 --a------ C:\WINDOWS\system32\BJBase_2-2-2_DDR.dll
2008-01-21 18:09 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-21 18:09 . 2002-08-02 14:56 159,744 --a------ C:\WINDOWS\system32\ssleay32_1-1-0_DDR.dll
2008-01-21 18:09 . 2006-11-23 12:35 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2008-01-21 17:43 . 2008-01-21 22:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-21 17:38 . 2008-01-21 17:38 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-01-21 17:35 . 2004-08-04 12:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-21 17:34 . 2004-08-04 12:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-21 17:33 . 2004-08-04 12:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-21 17:32 . 2004-08-04 12:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-21 17:31 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-21 17:30 . 2008-01-21 17:30 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-01-21 17:30 . 2008-01-21 17:30 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-21 17:30 . 2008-01-21 17:30 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-21 17:30 . 2008-01-21 17:30 2,577 --a------ C:\WINDOWS\system32\CONFIG.NT
2008-01-21 17:30 . 2008-01-21 17:30 0 --a------ C:\WINDOWS\control.ini
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-01-21 17:28 . 2008-01-21 17:28 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-01-21 17:28 . 2008-01-21 17:28 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-21 17:27 . 2004-08-04 12:00 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2008-01-21 17:25 . 2004-08-04 12:00 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2008-01-21 17:24 . 2008-01-21 17:24 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-21 17:24 . 2008-01-21 17:24 37 --a------ C:\WINDOWS\vbaddin.ini
2008-01-21 17:24 . 2008-01-21 17:24 36 --a------ C:\WINDOWS\vb.ini
2008-01-21 17:22 . 2004-08-04 12:00 1,352,192 --a--c--- C:\WINDOWS\system32\dllcache\cimwin32.dll
2008-01-21 17:13 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-21 17:13 . 2001-08-17 13:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-01-21 17:12 . 2004-08-03 22:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-01-21 17:11 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-01-21 17:10 . 2004-08-04 00:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-01-21 17:10 . 2004-08-03 23:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2008-01-21 17:10 . 2001-08-17 13:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-01-21 17:10 . 2001-08-17 13:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2008-01-21 17:10 . 2004-08-03 23:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-01-21 17:07 . 2008-01-22 13:56 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-21 17:05 . 2004-08-04 12:00 1,086,058 -ra------ C:\WINDOWS\SET4.tmp
2008-01-21 17:05 . 2004-08-04 12:00 1,042,903 -ra------ C:\WINDOWS\SET3.tmp
2008-01-21 17:05 . 2004-08-04 12:00 13,753 -ra------ C:\WINDOWS\SET8.tmp
2008-01-21 17:03 . 2008-01-21 17:37 261 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 14:26 --------- d-----w C:\Program Files\SymNetDrv
2008-01-26 14:26 --------- d-----w C:\Program Files\lg_swupdate
2008-01-26 14:26 --------- d-----w C:\Program Files\iTunes
2008-01-26 14:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-26 14:26 --------- d-----w C:\Program Files\AIM
2008-01-22 18:53 --------- d-----w C:\Program Files\Java
2008-01-22 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 20:12 --------- d-----w C:\Program Files\Xvid
2008-01-21 19:45 --------- d-----w C:\Program Files\DivX
2008-01-11 18:38 --------- d-----w C:\Program Files\Soulseek
2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-25 12:48 --------- d-----w C:\Program Files\VZPRP
2007-12-25 12:46 --------- d-----w C:\Program Files\Visual Zip Password Recovery Processor
2007-12-15 21:29 --------- d-----w C:\Program Files\TVU Player
2007-12-10 11:41 --------- d-----w C:\Program Files\Google
2007-12-02 17:55 --------- d-----w C:\Program Files\ffdshow
.
<pre>
----a-w 486,856 2008-01-24 12:53:50 C:\Program Files\DAEMON Tools Lite\daemon .exe
----a-w 486,856 2008-01-24 19:37:27 C:\Program Files\DAEMON Tools Lite\daemon .exe
</pre>
((((((((((((((((((((((((((((( snapshot@2008-01-25_13.39.32.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 13:27:56 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 14:25:38 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-25 13:27:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 14:25:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-25 13:27:57 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-26 14:25:39 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-25 13:27:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 14:25:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-25 13:27:57 2,854,912 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-26 14:25:39 2,854,912 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-25 13:27:57 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 14:25:39 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-25 13:36:04 214,378 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-01-25 19:14:44 214,405 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-01-25 16:33:39 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_728.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon .exe" [2008-01-24 19:37 486856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2008-01-19 10:47 61440]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= C:\WINDOWS\system32\bmpsap.dll [2005-06-25 23:09 114688]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R1 Ndisipo;NDIS Protocol Driver for IPO3;C:\WINDOWS\system32\DRIVERS\ndisipo.sys [2005-06-03 09:37]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 12:00]
R3 lgsnd_filter;lgsnd_filter;C:\WINDOWS\system32\drivers\lgsnd_filter.sys [2005-05-14 11:12]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 14:30:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-26 14:31:02
ComboFix-quarantined-files.txt 2008-01-26 14:30:48
ComboFix2.txt 2008-01-25 13:39:50