ComboFix 08-03-30.2 - sofie 2008-03-31 14:03:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.496 [GMT 2:00] Running from: C:\Documents and Settings\sofie\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\fad.sys . ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 ))))))))))))))))))))))))))))))) . 2008-03-31 11:05 . 2008-03-31 11:05 d-------- C:\WINDOWS\LastGood 2008-03-30 23:10 . 2008-03-30 23:10 d-------- C:\Program Files\Trend Micro 2008-03-30 16:05 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-03-30 16:02 . 2008-03-30 16:10 d-------- C:\Documents and Settings\sofie\Application Data\HouseCall 6.6 2008-03-30 14:44 . 2008-03-30 14:45 d-------- C:\WINDOWS\system32\HouseCall 6.6 2008-03-30 13:56 . 2008-03-30 13:56 d-------- C:\Documents and Settings\sofie\.housecall6.6 2008-03-27 05:29 . 2008-03-27 05:29 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-26 12:11 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-26 12:11 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-26 12:11 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-25 18:10 . 2008-03-25 18:20 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-25 18:09 . 2008-03-30 13:50 d-------- C:\Program Files\Windows Live 2008-03-25 18:09 . 2008-03-25 18:16 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-25 02:04 . 2008-03-25 02:04 d-------- C:\Program Files\Google 2008-03-06 13:18 . 2008-03-06 13:18 d-------- C:\Documents and Settings\sofie\Application Data\Media Player Classic 2008-02-27 17:13 . 2008-03-27 14:38 d-------- C:\Downloads 2008-02-23 04:38 . 2008-02-23 04:38 43,872 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-02-04 17:42 . 2008-02-04 17:42 d-------- C:\Program Files\DivX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-29 22:48 --------- d-----w C:\Program Files\SPSS 2008-03-28 22:44 --------- d-----w C:\Documents and Settings\sofie\Application Data\Skype 2008-03-28 21:25 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-03-26 03:16 --------- d-----w C:\Documents and Settings\sofie\Application Data\U3 2008-03-25 19:34 --------- d-----w C:\Program Files\Azureus 2008-03-25 19:34 --------- d-----w C:\Documents and Settings\sofie\Application Data\Azureus 2008-03-16 06:21 20,861,263 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-03-14 19:57 --------- d-----w C:\Program Files\LimeWire 2008-03-08 18:52 --------- d-----w C:\Program Files\Java 2008-02-27 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995 2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-12-06 11:01 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-12-06 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-04-06 03:32 2,660,864 -c--a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2006-12-13 09:29 616,448 -c--a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2006-11-28 15:02 2,629,120 -c--a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2006-04-18 11:29 1,109,504 -c--a-w C:\WINDOWS\Internet Logs\xDB2.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Parlino"="C:\Program Files\Parlino\Parlino.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 07:13 176128] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 22:00 344064] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-15 11:44 839680] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04 53248] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480] "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14 504080] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 21:49 49152] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 05:05:26 29696] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-04 11:55:56 24576] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 01:28:24 258048] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-05 01:50:52 53248] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 17:46] R3 PortDRv;PST Port I/O Driver;C:\WINDOWS\system32\Drivers\PortDRv.sys [2002-10-25 13:49] R3 SRBoxDRv;PST Serial Response Box Driver;C:\WINDOWS\system32\Drivers\SRBoxDRv.sys [2002-10-25 13:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe . Contents of the 'Scheduled Tasks' folder "2008-03-30 13:30:04 C:\WINDOWS\Tasks\Abakt.job" - C:\PROGRA~1\Abakt\Abakt.exeR-b -m . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-31 14:06:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-31 14:07:57 ComboFix-quarantined-files.txt 2008-03-31 12:07:48 Pre-Run: 31,140,839,424 bytes free Post-Run: 31,155,642,368 bytes free . 2008-03-27 14:50:39 --- E O F ---