ComboFix 07-09-10.6 - "chips" 2007-09-11 1:04:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1033.18.576 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\chips\APPLIC~1\install.dat
C:\DOCUME~1\CHIPS~1.MAT\APPLIC~1\install.dat
C:\DOCUME~1\CHIPS~1.MAT\STARTM~1\Programs\Startup\system.exe
C:\WINDOWS\spooldr.exe
C:\WINDOWS\system32\9_exception.nls
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\home.exe.exe
C:\WINDOWS\system32\spooldr.sys
D:\Autorun.inf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_ICF
-------\LEGACY_RUNTIME
-------\LEGACY_SFSYNC02
-------\ICF
-------\nm
-------\runtime
-------\sfsync02
-------\SysLibrary
((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.
2007-09-11 01:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 00:54 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-11 00:54 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-11 00:54 3,370 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-11 00:54 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-11 00:54 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-11 00:45 7,680 --a------ C:\WINDOWS\system32\winavxx.exe
2007-09-11 00:45 7,680 --a------ C:\WINDOWS\system32\printer.exe
2007-09-11 00:45 39,424 --a------ C:\WINDOWS\system32\vtr.dll
2007-09-10 23:56 <DIR> d---s---- C:\DOCUME~1\ADMINI~1.MAT\UserData
2007-09-09 23:49 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\VyPRESS
2007-09-09 23:49 <DIR> d-------- C:\DOCUME~1\IVAN\APPLIC~1\ATI
2007-09-09 22:50 35,072 --a------ C:\WINDOWS\system32\drivers\runtime2.sys
2007-09-09 22:49 4,096 --a------ C:\WINDOWS\system32\ntsd.dll
2007-09-09 22:49 15,360 --a------ C:\WINDOWS\vmmreg32.exe
2007-09-08 20:01 <DIR> d-------- C:\Program Files\URUSoft
2007-09-08 20:01 <DIR> d-------- C:\DOCUME~1\CHIPS~1.MAT\APPLIC~1\URUSoft
2007-09-03 22:57 <DIR> d-------- C:\DOCUME~1\CHIPS~1.MAT\APPLIC~1\Apple Computer
2007-09-03 22:56 <DIR> d-------- C:\Program Files\QuickTime
2007-09-03 22:56 <DIR> d-------- C:\Program Files\iTunes
2007-09-03 22:56 <DIR> d-------- C:\Program Files\iPod
2007-09-03 22:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
2007-09-03 22:55 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-03 22:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple
2007-09-03 22:11 <DIR> d-------- C:\Program Files\EphPod
2007-09-03 21:53 <DIR> d-------- C:\Program Files\Commandos II
2007-08-29 17:46 <DIR> d-------- C:\MATERIJALNO2007
2007-08-28 23:02 <DIR> d-------- C:\MATERIJALNO
2007-08-22 17:28 <DIR> d-------- C:\Program Files\Cracklock
2007-08-19 18:55 0 --a------ C:\WINDOWS\system32\dummy.dat
2007-08-19 18:55 <DIR> d-------- C:\Program Files\AGLOCO Viewbar
2007-08-17 18:58 <DIR> d-------- C:\Program Files\Cashfiesta
2007-08-17 18:58 <DIR> d-------- C:\DOCUME~1\CHIPS~1.MAT\APPLIC~1\Cashfiesta
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 00:46 374016 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-11 00:46 --------- d-------- C:\DOCUME~1\CHIPS~1.MAT\APPLIC~1\MailWasherPro
2007-09-10 20:19 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-09-08 19:14 --------- d-------- C:\Program Files\Gabest
2007-09-07 18:40 --------- d-------- C:\DOCUME~1\CHIPS~1.MAT\APPLIC~1\Canon
2007-09-06 16:03 --------- d-------- C:\Program Files\STARWARS_TheBattleOfEndor_v21
2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-03 21:53 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-02 11:30 --------- d-------- C:\DOCUME~1\CHIPS~1.MAT\APPLIC~1\uTorrent
2007-07-31 20:59 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-31 20:59 --------- d-------- C:\DOCUME~1\CHIPS~1.MAT\APPLIC~1\SUPERAntiSpyware.com
2007-07-31 20:59 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SUPERAntiSpyware.com
2007-07-31 01:09 --------- d-------- C:\Program Files\SpeedFan
2007-07-31 00:56 --------- d-------- C:\Program Files\ATMEL
2007-07-31 00:53 --------- d-------- C:\Program Files\GIGABYTE
2007-07-29 02:04 --------- d-------- C:\Program Files\Dreamcatcher
2007-07-21 22:05 --------- d-------- C:\Program Files\SmartPCTools
2007-07-19 06:32 --------- d-------- C:\DOCUME~1\CHIPS~1.MAT\APPLIC~1\Spyware Terminator
2007-07-19 00:31 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-07-18 06:18 --------- d-------- C:\Program Files\MP3 Player Utilities 3.68
2007-07-18 01:34 77312 --a------ C:\WINDOWS\ua2.dll
2007-07-13 00:39 --------- d-------- C:\Program Files\Attack on Pearl Harbor
2005-11-23 23:50 286720 --a------ C:\DOCUME~1\chips\WebMagikUninstall.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 22:05]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-29 02:09]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"Acronis True Image Monitor"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-12-17 20:25]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-12-17 20:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57]
"Viewbar"="C:\Program Files\AGLOCO Viewbar\Viewbar.exe" [2007-06-13 11:04]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"WinAVX"="C:\WINDOWS\System32\WinAvXX.exe" [2007-09-11 00:45]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-30 16:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"WinAVX"="C:\WINDOWS\System32\WinAvXX.exe" [2007-09-11 00:45]
C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Programs\Startup\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-06-29 02:09:28]
autorun.exe [2007-09-11 00:45:39]
Vypress Chat StartUp.lnk - C:\WINDOWS\Installer\{A1E1619F-036F-4176-8563-AA9E570113F0}\iconVCAdvertised.exe [2006-08-01 23:09:43]
C:\DOCUME~1\CHIPS~1.MAT\STARTM~1\Programs\Startup\
system.exe [2007-09-11 00:45:39]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoAutoUpdate"=0 (0x0)
"NoControlPanel"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\System32\printer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoSys]
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\System32\DRIVERS\snapman.sys
R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\System32\DRIVERS\timntr.sys
R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\System32\DRIVERS\RMSPPPOE.SYS
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\System32\drivers\CDANT.SYS
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys
S3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;C:\WINDOWS\System32\DRIVERS\NETDLWL.SYS
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\System32\NSNDIS5.SYS
S3 SF-620;Kingsun SF-620 USB Infrared Adapter;C:\WINDOWS\System32\DRIVERS\SF-620.sys
S3 ZD1201U(Gigabyte);Gigabyte GN-WLBZ series IEEE 802.11b Wireless LAN Driver (USB)(Gigabyte);C:\WINDOWS\System32\DRIVERS\zd1201u.sys
S3 ZDNDIS5;ZDNDIS5 Protocol Driver;\??\C:\WINDOWS\System32\ZDNDIS5.SYS
.
Contents of the 'Scheduled Tasks' folder
"2007-09-03 20:55:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-09-12 18:43:14 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-09-11 01:09:16
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-11 1:10:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-11 01:10
.
--- E O F ---