Hi Dan
Here are 2 log files - I'm uncertain either is correct. When Combofix booted up both times, it stated the CFScript.txt couldn't be found.
In the TEAL or 1st run, I forgot to turn off the spyware and saved the file you sent as "CFScript.txt" on my desktop, where Combofix is.
I decided to rerun the files prior to sending you, so the ROYAL or 2nd run, I turned off all spyware and disabled the internet, saved your file as "CFScript" on my desktop.
Does it may a difference?
I ran Super AntiSpyware twice more:
2nd time found 10 threats (down from 28!) 2 new trojans Trojan.Downloader-NewJuan/VM
3rd time found 6 threats (all cookies, nothing else)
Upon rebooting, 3 error messages:
c:\windows\system32\fryhnvgt.dll
C:\windows\system32\ytulccqx.dll
RPC error for AVAST
Hope this is useful, thank you for your help!
Sandra
btw I'm in Calgary, Alberta Canada, so you're 7 hours ahead of me.
**************************************************************************************************
ComboFix 08-06-20.4 - Sandra Miller 2008-06-28 18:39:47.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.71 [GMT -6:00]
Running from: C:\Documents and Settings\Sandra Miller\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sandra Miller\Desktop\CFScript.txt
FILE ::
C:\Program Files\temp01
C:\WINDOWS\Internet Logs\xDB48.tmp
C:\WINDOWS\Internet Logs\xDB49.tmp
C:\WINDOWS\Internet Logs\xDB4A.tmp
C:\WINDOWS\Internet Logs\xDB4B.tmp
C:\WINDOWS\Internet Logs\xDB4C.tmp
C:\WINDOWS\Internet Logs\xDB4D.tmp
C:\WINDOWS\Internet Logs\xDB4E.tmp
C:\WINDOWS\Internet Logs\xDB4F.tmp
C:\WINDOWS\Internet Logs\xDB50.tmp
C:\WINDOWS\Internet Logs\xDB51.tmp
C:\WINDOWS\Internet Logs\xDB52.tmp
C:\WINDOWS\Internet Logs\xDB53.tmp
C:\WINDOWS\Internet Logs\xDB54.tmp
C:\WINDOWS\Internet Logs\xDB55.tmp
C:\WINDOWS\Internet Logs\xDB56.tmp
C:\WINDOWS\Internet Logs\xDB57.tmp
C:\WINDOWS\Internet Logs\xDB58.tmp
C:\WINDOWS\Internet Logs\xDB59.tmp
C:\WINDOWS\Internet Logs\xDB5A.tmp
C:\WINDOWS\SYSTEM32\bvinbhui.dll
C:\WINDOWS\system32\cbXNETKb.dll
C:\WINDOWS\system32\fryhnvgt.dll
C:\WINDOWS\SYSTEM32\rbolsdby.dll
C:\WINDOWS\system32\vdsutw.dll
C:\WINDOWS\SYSTEM32\vdsutw.dll
C:\WINDOWS\SYSTEM32\waagihti.dll
C:\WINDOWS\system32\ytulccqx.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Internet Logs\xDB48.tmp
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.
2008-06-27 20:02 . 2002-08-29 06:00 132,608 --a------ C:\WINDOWS\SYSTEM32\fxsclntR.dll
2008-06-27 20:02 . 2002-08-29 06:00 132,608 --a------ C:\WINDOWS\SYSTEM32\dllcache\fxsclntr.dll
2008-06-27 20:01 . 2002-08-29 06:00 111,104 --a------ C:\WINDOWS\SYSTEM32\fxscfgwz.dll
2008-06-27 20:01 . 2002-08-29 06:00 111,104 --a------ C:\WINDOWS\SYSTEM32\dllcache\fxscfgwz.dll
2008-06-27 16:08 . 2008-06-27 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-27 16:01 . 2008-06-27 16:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-27 16:01 . 2008-06-27 16:01 <DIR> d-------- C:\Documents and Settings\Sandra Miller\Application Data\SUPERAntiSpyware.com
2008-06-27 10:49 . 2008-06-27 10:49 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-25 15:19 . 2008-06-25 15:19 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-25 15:16 . 2008-06-25 15:16 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-06-25 11:34 . 2008-06-25 11:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-25 11:32 . 2008-06-27 15:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 14:25 . 2008-06-24 14:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-23 23:08 . 2008-06-23 23:08 511 --a------ C:\WINDOWS\Canada
2008-06-23 19:42 . 2008-06-23 19:42 95 --a------ C:\WINDOWS\wininit.ini
2008-06-22 17:24 . 2004-11-13 13:37 6,301,096 --a------ C:\Program Files\Zuma Deluxe.exe
2008-06-11 01:16 . 2008-06-13 07:10 272,128 --------- C:\WINDOWS\SYSTEM32\dllcache\bthport.sys
2008-06-05 13:49 . 2008-06-05 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-04 17:44 . 2008-06-04 17:50 <DIR> d-------- C:\Program Files\Winamp
2008-06-04 17:44 . 2008-06-04 18:13 <DIR> d-------- C:\Documents and Settings\Sandra Miller\Application Data\Winamp
2008-06-03 17:02 . 2008-06-28 02:01 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-06-03 16:52 . 2008-06-28 02:02 <DIR> d-------- C:\Documents and Settings\Sandra Miller\Application Data\Spyware Terminator
2008-06-03 16:52 . 2008-06-28 09:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-03 16:52 . 2008-06-03 16:52 141,312 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys
2008-06-03 16:51 . 2008-06-28 09:11 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-06-03 12:33 . 2008-06-28 00:09 <DIR> d-------- C:\Program Files\XoftSpySE
2008-06-02 21:29 . 2008-06-02 21:29 181 --a------ C:\WINDOWS\ACTPR.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 00:44 149,200,928 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-29 00:11 --------- d-----w C:\Program Files\Plaxo
2008-06-29 00:08 1,749,116 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-28 23:42 --------- d-----w C:\Documents and Settings\Sandra Miller\Application Data\uTorrent
2008-06-27 21:12 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-25 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 19:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-24 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 20:24 --------- d-----w C:\Documents and Settings\Sandra Miller\Application Data\SpinTop
2008-06-05 20:16 --------- d-----w C:\Program Files\Safer Networking
2008-06-04 01:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 03:34 --------- d-----w C:\Program Files\ACT
2008-05-25 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-18 19:52 --------- d-----w C:\Program Files\Alwil Software
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-29 17:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 17:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 17:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2000-11-01 22:51 271 --sha-w C:\Program Files\desktop.ini
2000-08-16 00:25 257,636 ----a-w C:\Program Files\TBM313.TMP
2000-08-16 00:25 252,384 ----a-w C:\Program Files\TBM315.TMP
1998-12-11 10:05 74,336 ----a-w C:\Program Files\casmira_.TTF
1998-12-02 16:33 10,212 ----a-w C:\Program Files\MSCAPE_0.TTF
1998-12-02 16:33 10,212 ----a-w C:\Program Files\MSCAPE.TTF
1998-11-12 14:18 155,528 ----a-w C:\Program Files\BKANT.TTF
1998-11-12 14:18 151,000 ----a-w C:\Program Files\ANTQUAB.TTF
1998-11-12 14:18 150,416 ----a-w C:\Program Files\ANTQUABI.TTF
1998-11-12 14:18 149,092 ----a-w C:\Program Files\ANTQUAI.TTF
1998-11-10 20:52 157,360 ----a-w C:\Program Files\MTCORSVA.TTF
1998-11-04 23:30 162,460 ----a-w C:\Program Files\BOOKOSBI.TTF
1998-11-04 23:30 160,940 ----a-w C:\Program Files\BOOKOS.TTF
1998-11-04 23:30 160,920 ----a-w C:\Program Files\BOOKOSI.TTF
1998-11-04 23:30 154,576 ----a-w C:\Program Files\BOOKOSB.TTF
1998-07-30 04:31 58,088 ----a-w C:\Program Files\Trendy__.TTF
1998-07-30 04:30 51,668 ----a-w C:\Program Files\Radagund.TTF
1998-07-30 04:30 48,508 ----a-w C:\Program Files\Openc___.TTF
1998-07-30 04:29 60,156 ----a-w C:\Program Files\Microdot.TTF
1998-07-30 04:28 54,540 ----a-w C:\Program Files\Mandela_.TTF
1998-07-30 04:28 38,944 ----a-w C:\Program Files\Realv___.TTF
1998-07-30 04:27 52,336 ----a-w C:\Program Files\Shelman_.TTF
1998-07-30 04:26 57,976 ----a-w C:\Program Files\Natur___.TTF
1998-07-30 04:25 64,916 ----a-w C:\Program Files\Pretext_.TTF
1998-07-30 04:25 44,876 ----a-w C:\Program Files\Puppy___.TTF
1998-07-30 04:24 46,212 ----a-w C:\Program Files\Neolith_.TTF
1998-07-30 04:23 61,272 ----a-w C:\Program Files\Matte___.TTF
1998-07-30 04:21 49,960 ----a-w C:\Program Files\Genuine_.TTF
1998-07-30 04:20 63,596 ----a-w C:\Program Files\Alibi___.TTF
1998-07-30 04:18 72,060 ----a-w C:\Program Files\Ellis___.TTF
1998-07-30 04:17 77,384 ----a-w C:\Program Files\Herman__.TTF
1998-07-30 04:17 58,116 ----a-w C:\Program Files\Excess__.TTF
1998-07-30 04:16 104,864 ----a-w C:\Program Files\Isabelle.TTF
1998-07-30 04:15 65,852 ----a-w C:\Program Files\Joan____.TTF
1998-07-30 04:14 63,124 ----a-w C:\Program Files\Helte___.TTF
1998-07-30 04:13 37,180 ----a-w C:\Program Files\Elegance.TTF
1998-07-30 04:10 45,268 ----a-w C:\Program Files\Batavia_.TTF
1998-07-30 04:08 71,068 ----a-w C:\Program Files\Justice_.TTF
1998-07-30 04:02 47,688 ----a-w C:\Program Files\Absalom_.TTF
1998-05-28 21:38 141,328 ----a-w C:\Program Files\ARIALNI.TTF
1998-05-28 21:38 139,056 ----a-w C:\Program Files\ARIALNB.TTF
1998-05-28 21:38 138,468 ----a-w C:\Program Files\ARIALNBI.TTF
1998-05-28 21:38 134,188 ----a-w C:\Program Files\ARIALN.TTF
1998-05-21 19:30 198,540 ----a-w C:\Program Files\GARABD.TTF
1998-05-21 19:30 196,588 ----a-w C:\Program Files\GARA.TTF
1998-05-21 19:30 188,916 ----a-w C:\Program Files\GARAIT.TTF
1998-01-08 23:26 10,028 ----a-w C:\Program Files\OUTLOOK.TTF
1997-10-24 22:42 65,544 ----a-w C:\Program Files\ARBLI___.TTF
1997-03-18 06:49 69,408 ----a-w C:\Program Files\Elepbi__.ttf
1997-03-18 06:49 69,132 ----a-w C:\Program Files\Jolti___.ttf
1997-03-18 06:49 66,652 ----a-w C:\Program Files\Elepi___.ttf
1997-03-18 06:49 65,692 ----a-w C:\Program Files\Vogei___.ttf
1997-03-18 06:49 64,180 ----a-w C:\Program Files\Elepb___.ttf
1997-03-18 06:49 63,908 ----a-w C:\Program Files\Joltn___.ttf
1997-03-18 06:49 63,496 ----a-w C:\Program Files\Joltbi__.ttf
1997-03-18 06:49 61,408 ----a-w C:\Program Files\Vogebi__.ttf
1997-03-18 06:49 60,296 ----a-w C:\Program Files\Joltb___.ttf
1997-03-18 06:49 60,008 ----a-w C:\Program Files\Elepn___.ttf
1997-03-18 06:49 57,556 ----a-w C:\Program Files\Vogen___.ttf
1997-03-18 06:49 56,168 ----a-w C:\Program Files\Vogeb___.ttf
1996-10-23 03:14 66,536 ----a-w C:\Program Files\Presws__.ttf
1996-05-28 17:58 71,052 ----a-w C:\Program Files\Varsity_.ttf
1996-05-06 20:53 65,156 ----a-w C:\Program Files\Willow__.ttf
1996-05-06 20:51 59,004 ----a-w C:\Program Files\Zelda___.ttf
1996-05-06 20:50 47,976 ----a-w C:\Program Files\Zeldi___.ttf
1996-05-06 20:48 49,224 ----a-w C:\Program Files\Tabitha_.ttf
1996-05-06 20:47 48,596 ----a-w C:\Program Files\Treasure.ttf
1996-05-06 20:46 44,236 ----a-w C:\Program Files\Valiant_.ttf
1996-05-06 20:42 51,700 ----a-w C:\Program Files\Vogue___.ttf
1996-05-06 20:41 69,112 ----a-w C:\Program Files\Quill___.ttf
1996-05-06 20:40 102,428 ----a-w C:\Program Files\Rockston.ttf
1996-05-06 20:39 68,968 ----a-w C:\Program Files\Stars___.ttf
1996-05-06 20:39 50,212 ----a-w C:\Program Files\Saloon__.ttf
1996-05-06 20:37 48,500 ----a-w C:\Program Files\Submarin.ttf
1996-05-06 20:36 53,696 ----a-w C:\Program Files\Janis___.ttf
1996-05-06 20:35 60,404 ----a-w C:\Program Files\Papep___.ttf
1996-05-06 20:35 56,516 ----a-w C:\Program Files\Julius__.ttf
1996-05-06 20:34 74,672 ----a-w C:\Program Files\Papercli.ttf
1996-05-06 20:33 81,424 ----a-w C:\Program Files\Partridg.ttf
1996-05-06 20:31 63,540 ----a-w C:\Program Files\Crate___.ttf
1996-05-06 20:30 81,708 ----a-w C:\Program Files\Emeri___.ttf
2006-12-14 14:04 56 --sh--r C:\WINDOWS\SYSTEM32\876B465C25.sys
2007-05-27 17:49 1,890 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-27_23.33.47.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 05:20:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 00:09:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-28 15:17:58 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_500.dat
+ 2008-06-29 00:10:27 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"PlaxoUpdate"="C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe" [2004-12-03 16:20 116736]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 10:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"Motive SmartBridge"="C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [2006-10-19 20:53 393216]
"APL"="C:\Program Files\ACT\ACT for Win 7\APL.exe" [2005-05-24 14:42 20480]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-03 16:52 1817600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:56 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HPAiODevice(hp officejet g series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 17:15:00 151552]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 17:20]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-03 16:52]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 17:16]
R2 MSSQL$ACT7;MSSQL$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 19:02]
S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 DrvFltIp;DrvFltIp;C:\Program Files\MRBDG\DrvFltIp.sys []
S3 SQLAgent$ACT7;SQLAgent$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 UsbFltr;WayTech USB Filter Driver;C:\WINDOWS\system32\Drivers\UsbFltr.sys [2004-05-13 17:14]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 16:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-06-27 13:00:00 C:\WINDOWS\Tasks\SpyHunter Scanner.job"
- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
"2008-06-29 00:10:13 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-06-28 09:00:02 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-28 18:43:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-28 18:47:08
ComboFix-quarantined-files.txt 2008-06-29 00:47:01
ComboFix2.txt 2008-06-29 00:24:02
ComboFix3.txt 2008-06-28 05:34:57
Pre-Run: 47,271,071,744 bytes free
Post-Run: 47,257,526,272 bytes free
262 --- E O F --- 2008-06-28 00:33:59
**********************************************************************************************
ComboFix 08-06-20.4 - Sandra Miller 2008-06-28 17:59:19.2 - NTFSx86
Running from: C:\Documents and Settings\Sandra Miller\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sandra Miller\Desktop\327882R2FWJFW\CFScript.txt
* Created a new restore point
FILE ::
C:\Program Files\temp01
C:\WINDOWS\Internet Logs\xDB48.tmp
C:\WINDOWS\Internet Logs\xDB49.tmp
C:\WINDOWS\Internet Logs\xDB4A.tmp
C:\WINDOWS\Internet Logs\xDB4B.tmp
C:\WINDOWS\Internet Logs\xDB4C.tmp
C:\WINDOWS\Internet Logs\xDB4D.tmp
C:\WINDOWS\Internet Logs\xDB4E.tmp
C:\WINDOWS\Internet Logs\xDB4F.tmp
C:\WINDOWS\Internet Logs\xDB50.tmp
C:\WINDOWS\Internet Logs\xDB51.tmp
C:\WINDOWS\Internet Logs\xDB52.tmp
C:\WINDOWS\Internet Logs\xDB53.tmp
C:\WINDOWS\Internet Logs\xDB54.tmp
C:\WINDOWS\Internet Logs\xDB55.tmp
C:\WINDOWS\Internet Logs\xDB56.tmp
C:\WINDOWS\Internet Logs\xDB57.tmp
C:\WINDOWS\Internet Logs\xDB58.tmp
C:\WINDOWS\Internet Logs\xDB59.tmp
C:\WINDOWS\Internet Logs\xDB5A.tmp
C:\WINDOWS\SYSTEM32\bvinbhui.dll
C:\WINDOWS\system32\cbXNETKb.dll
C:\WINDOWS\system32\fryhnvgt.dll
C:\WINDOWS\SYSTEM32\rbolsdby.dll
C:\WINDOWS\system32\vdsutw.dll
C:\WINDOWS\SYSTEM32\vdsutw.dll
C:\WINDOWS\SYSTEM32\waagihti.dll
C:\WINDOWS\system32\ytulccqx.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Avira
C:\Program Files\Common Files\BOONTY Shared
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
C:\Program Files\temp01
C:\WINDOWS\Internet Logs\xDB48.tmp
C:\WINDOWS\Internet Logs\xDB49.tmp
C:\WINDOWS\Internet Logs\xDB4A.tmp
C:\WINDOWS\Internet Logs\xDB4B.tmp
C:\WINDOWS\Internet Logs\xDB4C.tmp
C:\WINDOWS\Internet Logs\xDB4D.tmp
C:\WINDOWS\Internet Logs\xDB4E.tmp
C:\WINDOWS\Internet Logs\xDB4F.tmp
C:\WINDOWS\Internet Logs\xDB50.tmp
C:\WINDOWS\Internet Logs\xDB51.tmp
C:\WINDOWS\Internet Logs\xDB52.tmp
C:\WINDOWS\Internet Logs\xDB53.tmp
C:\WINDOWS\Internet Logs\xDB54.tmp
C:\WINDOWS\Internet Logs\xDB55.tmp
C:\WINDOWS\Internet Logs\xDB56.tmp
C:\WINDOWS\Internet Logs\xDB57.tmp
C:\WINDOWS\Internet Logs\xDB58.tmp
C:\WINDOWS\Internet Logs\xDB59.tmp
C:\WINDOWS\Internet Logs\xDB5A.tmp
C:\WINDOWS\SYSTEM32\bvinbhui.dll
C:\WINDOWS\SYSTEM32\rbolsdby.dll
C:\WINDOWS\SYSTEM32\waagihti.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.
2008-06-27 20:02 . 2002-08-29 06:00 132,608 --a------ C:\WINDOWS\SYSTEM32\fxsclntR.dll
2008-06-27 20:02 . 2002-08-29 06:00 132,608 --a------ C:\WINDOWS\SYSTEM32\dllcache\fxsclntr.dll
2008-06-27 20:01 . 2002-08-29 06:00 111,104 --a------ C:\WINDOWS\SYSTEM32\fxscfgwz.dll
2008-06-27 20:01 . 2002-08-29 06:00 111,104 --a------ C:\WINDOWS\SYSTEM32\dllcache\fxscfgwz.dll
2008-06-27 16:08 . 2008-06-27 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-27 16:01 . 2008-06-27 16:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-27 16:01 . 2008-06-27 16:01 <DIR> d-------- C:\Documents and Settings\Sandra Miller\Application Data\SUPERAntiSpyware.com
2008-06-27 10:49 . 2008-06-27 10:49 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-25 15:19 . 2008-06-25 15:19 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-06-25 15:16 . 2008-06-25 15:16 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-06-25 11:34 . 2008-06-25 11:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-25 11:32 . 2008-06-27 15:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 14:25 . 2008-06-24 14:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-23 23:08 . 2008-06-23 23:08 511 --a------ C:\WINDOWS\Canada
2008-06-23 19:42 . 2008-06-23 19:42 95 --a------ C:\WINDOWS\wininit.ini
2008-06-22 17:24 . 2004-11-13 13:37 6,301,096 --a------ C:\Program Files\Zuma Deluxe.exe
2008-06-11 01:16 . 2008-06-13 07:10 272,128 --------- C:\WINDOWS\SYSTEM32\dllcache\bthport.sys
2008-06-05 13:49 . 2008-06-05 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-04 17:44 . 2008-06-04 17:50 <DIR> d-------- C:\Program Files\Winamp
2008-06-04 17:44 . 2008-06-04 18:13 <DIR> d-------- C:\Documents and Settings\Sandra Miller\Application Data\Winamp
2008-06-03 17:02 . 2008-06-28 02:01 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-06-03 16:52 . 2008-06-28 02:02 <DIR> d-------- C:\Documents and Settings\Sandra Miller\Application Data\Spyware Terminator
2008-06-03 16:52 . 2008-06-28 09:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-03 16:52 . 2008-06-03 16:52 141,312 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys
2008-06-03 16:51 . 2008-06-28 09:11 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-06-03 12:33 . 2008-06-28 00:09 <DIR> d-------- C:\Program Files\XoftSpySE
2008-06-02 21:29 . 2008-06-02 21:29 181 --a------ C:\WINDOWS\ACTPR.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 00:16 149,172,256 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-29 00:11 --------- d-----w C:\Program Files\Plaxo
2008-06-29 00:08 1,749,116 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-28 23:42 --------- d-----w C:\Documents and Settings\Sandra Miller\Application Data\uTorrent
2008-06-27 21:12 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-25 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 19:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-24 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 20:24 --------- d-----w C:\Documents and Settings\Sandra Miller\Application Data\SpinTop
2008-06-05 20:16 --------- d-----w C:\Program Files\Safer Networking
2008-06-04 01:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 03:34 --------- d-----w C:\Program Files\ACT
2008-05-25 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-18 19:52 --------- d-----w C:\Program Files\Alwil Software
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-29 17:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 17:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 17:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2000-11-01 22:51 271 --sha-w C:\Program Files\desktop.ini
2000-08-16 00:25 257,636 ----a-w C:\Program Files\TBM313.TMP
2000-08-16 00:25 252,384 ----a-w C:\Program Files\TBM315.TMP
1998-12-11 10:05 74,336 ----a-w C:\Program Files\casmira_.TTF
1998-12-02 16:33 10,212 ----a-w C:\Program Files\MSCAPE_0.TTF
1998-12-02 16:33 10,212 ----a-w C:\Program Files\MSCAPE.TTF
1998-11-12 14:18 155,528 ----a-w C:\Program Files\BKANT.TTF
1998-11-12 14:18 151,000 ----a-w C:\Program Files\ANTQUAB.TTF
1998-11-12 14:18 150,416 ----a-w C:\Program Files\ANTQUABI.TTF
1998-11-12 14:18 149,092 ----a-w C:\Program Files\ANTQUAI.TTF
1998-11-10 20:52 157,360 ----a-w C:\Program Files\MTCORSVA.TTF
1998-11-04 23:30 162,460 ----a-w C:\Program Files\BOOKOSBI.TTF
1998-11-04 23:30 160,940 ----a-w C:\Program Files\BOOKOS.TTF
1998-11-04 23:30 160,920 ----a-w C:\Program Files\BOOKOSI.TTF
1998-11-04 23:30 154,576 ----a-w C:\Program Files\BOOKOSB.TTF
1998-07-30 04:31 58,088 ----a-w C:\Program Files\Trendy__.TTF
1998-07-30 04:30 51,668 ----a-w C:\Program Files\Radagund.TTF
1998-07-30 04:30 48,508 ----a-w C:\Program Files\Openc___.TTF
1998-07-30 04:29 60,156 ----a-w C:\Program Files\Microdot.TTF
1998-07-30 04:28 54,540 ----a-w C:\Program Files\Mandela_.TTF
1998-07-30 04:28 38,944 ----a-w C:\Program Files\Realv___.TTF
1998-07-30 04:27 52,336 ----a-w C:\Program Files\Shelman_.TTF
1998-07-30 04:26 57,976 ----a-w C:\Program Files\Natur___.TTF
1998-07-30 04:25 64,916 ----a-w C:\Program Files\Pretext_.TTF
1998-07-30 04:25 44,876 ----a-w C:\Program Files\Puppy___.TTF
1998-07-30 04:24 46,212 ----a-w C:\Program Files\Neolith_.TTF
1998-07-30 04:23 61,272 ----a-w C:\Program Files\Matte___.TTF
1998-07-30 04:21 49,960 ----a-w C:\Program Files\Genuine_.TTF
1998-07-30 04:20 63,596 ----a-w C:\Program Files\Alibi___.TTF
1998-07-30 04:18 72,060 ----a-w C:\Program Files\Ellis___.TTF
1998-07-30 04:17 77,384 ----a-w C:\Program Files\Herman__.TTF
1998-07-30 04:17 58,116 ----a-w C:\Program Files\Excess__.TTF
1998-07-30 04:16 104,864 ----a-w C:\Program Files\Isabelle.TTF
1998-07-30 04:15 65,852 ----a-w C:\Program Files\Joan____.TTF
1998-07-30 04:14 63,124 ----a-w C:\Program Files\Helte___.TTF
1998-07-30 04:13 37,180 ----a-w C:\Program Files\Elegance.TTF
1998-07-30 04:10 45,268 ----a-w C:\Program Files\Batavia_.TTF
1998-07-30 04:08 71,068 ----a-w C:\Program Files\Justice_.TTF
1998-07-30 04:02 47,688 ----a-w C:\Program Files\Absalom_.TTF
1998-05-28 21:38 141,328 ----a-w C:\Program Files\ARIALNI.TTF
1998-05-28 21:38 139,056 ----a-w C:\Program Files\ARIALNB.TTF
1998-05-28 21:38 138,468 ----a-w C:\Program Files\ARIALNBI.TTF
1998-05-28 21:38 134,188 ----a-w C:\Program Files\ARIALN.TTF
1998-05-21 19:30 198,540 ----a-w C:\Program Files\GARABD.TTF
1998-05-21 19:30 196,588 ----a-w C:\Program Files\GARA.TTF
1998-05-21 19:30 188,916 ----a-w C:\Program Files\GARAIT.TTF
1998-01-08 23:26 10,028 ----a-w C:\Program Files\OUTLOOK.TTF
1997-10-24 22:42 65,544 ----a-w C:\Program Files\ARBLI___.TTF
1997-03-18 06:49 69,408 ----a-w C:\Program Files\Elepbi__.ttf
1997-03-18 06:49 69,132 ----a-w C:\Program Files\Jolti___.ttf
1997-03-18 06:49 66,652 ----a-w C:\Program Files\Elepi___.ttf
1997-03-18 06:49 65,692 ----a-w C:\Program Files\Vogei___.ttf
1997-03-18 06:49 64,180 ----a-w C:\Program Files\Elepb___.ttf
1997-03-18 06:49 63,908 ----a-w C:\Program Files\Joltn___.ttf
1997-03-18 06:49 63,496 ----a-w C:\Program Files\Joltbi__.ttf
1997-03-18 06:49 61,408 ----a-w C:\Program Files\Vogebi__.ttf
1997-03-18 06:49 60,296 ----a-w C:\Program Files\Joltb___.ttf
1997-03-18 06:49 60,008 ----a-w C:\Program Files\Elepn___.ttf
1997-03-18 06:49 57,556 ----a-w C:\Program Files\Vogen___.ttf
1997-03-18 06:49 56,168 ----a-w C:\Program Files\Vogeb___.ttf
1996-10-23 03:14 66,536 ----a-w C:\Program Files\Presws__.ttf
1996-05-28 17:58 71,052 ----a-w C:\Program Files\Varsity_.ttf
1996-05-06 20:53 65,156 ----a-w C:\Program Files\Willow__.ttf
1996-05-06 20:51 59,004 ----a-w C:\Program Files\Zelda___.ttf
1996-05-06 20:50 47,976 ----a-w C:\Program Files\Zeldi___.ttf
1996-05-06 20:48 49,224 ----a-w C:\Program Files\Tabitha_.ttf
1996-05-06 20:47 48,596 ----a-w C:\Program Files\Treasure.ttf
1996-05-06 20:46 44,236 ----a-w C:\Program Files\Valiant_.ttf
1996-05-06 20:42 51,700 ----a-w C:\Program Files\Vogue___.ttf
1996-05-06 20:41 69,112 ----a-w C:\Program Files\Quill___.ttf
1996-05-06 20:40 102,428 ----a-w C:\Program Files\Rockston.ttf
1996-05-06 20:39 68,968 ----a-w C:\Program Files\Stars___.ttf
1996-05-06 20:39 50,212 ----a-w C:\Program Files\Saloon__.ttf
1996-05-06 20:37 48,500 ----a-w C:\Program Files\Submarin.ttf
1996-05-06 20:36 53,696 ----a-w C:\Program Files\Janis___.ttf
1996-05-06 20:35 60,404 ----a-w C:\Program Files\Papep___.ttf
1996-05-06 20:35 56,516 ----a-w C:\Program Files\Julius__.ttf
1996-05-06 20:34 74,672 ----a-w C:\Program Files\Papercli.ttf
1996-05-06 20:33 81,424 ----a-w C:\Program Files\Partridg.ttf
1996-05-06 20:31 63,540 ----a-w C:\Program Files\Crate___.ttf
1996-05-06 20:30 81,708 ----a-w C:\Program Files\Emeri___.ttf
2006-12-14 14:04 56 --sh--r C:\WINDOWS\SYSTEM32\876B465C25.sys
2007-05-27 17:49 1,890 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-27_23.33.47.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 05:20:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 00:09:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-28 15:17:58 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_500.dat
+ 2008-06-29 00:10:27 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"PlaxoUpdate"="C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe" [2004-12-03 16:20 116736]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 10:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"Motive SmartBridge"="C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [2006-10-19 20:53 393216]
"APL"="C:\Program Files\ACT\ACT for Win 7\APL.exe" [2005-05-24 14:42 20480]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-03 16:52 1817600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:56 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HPAiODevice(hp officejet g series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 17:15:00 151552]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 17:20]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-03 16:52]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 17:16]
R2 MSSQL$ACT7;MSSQL$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 19:02]
S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 DrvFltIp;DrvFltIp;C:\Program Files\MRBDG\DrvFltIp.sys []
S3 SQLAgent$ACT7;SQLAgent$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 UsbFltr;WayTech USB Filter Driver;C:\WINDOWS\system32\Drivers\UsbFltr.sys [2004-05-13 17:14]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 16:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-06-27 13:00:00 C:\WINDOWS\Tasks\SpyHunter Scanner.job"
- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
"2008-06-29 00:10:13 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-06-28 09:00:02 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-28 18:13:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\DRIVERS\dcfssvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
.
**************************************************************************
.
Completion time: 2008-06-28 18:23:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 00:23:32
ComboFix2.txt 2008-06-28 05:34:57
Pre-Run: 47,182,835,712 bytes free
Post-Run: 47,286,136,832 bytes free
308 --- E O F --- 2008-06-28 00:33:59