ComboFix 08-06-20.4 - Steve 2008-06-29 10:40:37.1 - NTFSx86

Running from: C:\Documents and Settings\Steve\Desktop\ComboFix.exe

* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\hosts

C:\WINDOWS\Tasks.\At1.job

C:\WINDOWS\system32\avtapip.dll . . . . failed to delete

C:\WINDOWS\system32\vqzzxks.dll . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://www.hhdsoftware.com

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GTAHVETZ

-------\Service_gtahvetz

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))

.

2008-06-28 23:35 . 2008-06-28 23:35 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-06-28 23:34 . 2008-06-28 23:34 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware

2008-06-28 23:34 . 2008-06-28 23:34 <DIR> d----c--- C:\Documents and Settings\Steve\Application Data\SUPERAntiSpyware.com

2008-06-28 23:33 . 2008-06-28 23:33 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-28 23:25 . 2008-06-28 23:25 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Citrix

2008-06-28 23:20 . 2008-06-28 23:20 61,224 --a--c--- C:\Documents and Settings\Steve\GoToAssistDownloadHelper.exe

2008-06-28 20:59 . 2008-06-28 20:59 <DIR> d-------- C:\WINDOWS\Mozilla

2008-06-28 20:54 . 2008-06-29 00:21 <DIR> d----c--- C:\!KillBox

2008-06-28 20:10 . 2008-06-28 20:10 <DIR> d----c--- C:\Program Files\GiPo@Utilities

2008-06-28 20:10 . 2008-06-28 20:10 <DIR> d----c--- C:\Program Files\Common Files\Gibinsoft Shared

2008-06-28 17:10 . 2008-06-28 17:10 <DIR> d----c--- C:\Program Files\IDM Computer Solutions

2008-06-28 17:10 . 2008-06-28 17:10 <DIR> d----c--- C:\Documents and Settings\Steve\Application Data\IDMComp

2008-06-28 14:16 . 2008-06-28 14:16 <DIR> d----c--- C:\Documents and Settings\LocalService\Application Data\McAfee

2008-06-24 09:03 . 2008-06-29 10:58 6,072 --a------ C:\WINDOWS\system32\drivers\kgpfr2.cfg

2008-06-21 13:13 . 2008-06-29 10:58 12,544 --a------ C:\WINDOWS\system32\drivers\kgpcpy.cfg

2008-06-21 13:10 . 2008-06-29 09:59 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SITEguard

2008-06-21 13:08 . 2008-06-21 13:08 <DIR> d----c--- C:\Program Files\STOPzilla!

2008-06-21 13:08 . 2008-06-21 13:08 <DIR> d----c--- C:\Program Files\Common Files\iS3

2008-06-21 13:08 . 2008-06-29 11:00 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\STOPzilla!

2008-06-21 11:14 . 2008-06-21 11:14 <DIR> d----c--- C:\Documents and Settings\Steve\Application Data\Uniblue

2008-06-12 15:09 . 2008-06-12 15:09 258,048 -ra------ C:\WINDOWS\system32\SZBase5.dll

2008-06-12 15:08 . 2008-06-12 15:08 401,408 -ra------ C:\WINDOWS\system32\SZComp5.dll

2008-06-12 10:11 . 2008-06-12 10:11 364,544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll

2008-06-12 10:11 . 2008-06-12 10:11 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll

2008-06-12 10:10 . 2008-06-12 10:10 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll

2008-06-12 10:10 . 2008-06-12 10:10 61,440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll

2008-06-12 10:10 . 2008-06-12 10:10 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll

2008-06-12 10:09 . 2008-06-12 10:09 196,608 -ra------ C:\WINDOWS\system32\IS3Win325.dll

2008-06-12 10:08 . 2008-06-12 10:08 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll

2008-06-12 10:08 . 2008-06-12 10:08 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll

2008-06-12 10:05 . 2008-06-12 10:05 708,608 -ra------ C:\WINDOWS\system32\IS3Base5.dll

2008-06-10 19:18 . 2008-06-10 19:18 <DIR> d----c--- C:\Documents and Settings\NetworkService\Application Data\meidifwt

2008-06-10 18:23 . 2008-06-10 18:23 <DIR> d----c--- C:\Documents and Settings\Steve\Application Data\meidifwt

2008-06-10 11:15 . 2008-06-10 18:23 <DIR> d----c--- C:\Program Files\Common Files\Mozilla Shared

2008-06-10 11:04 . 2008-06-10 11:04 <DIR> d----c--- C:\Archive

2008-06-07 09:49 . 2002-11-06 11:02 128,000 --a--c--- C:\WINDOWS\system32\Cp5dll32i.dll

2008-06-07 09:49 . 2008-06-29 10:49 88,064 --a--c--- C:\WINDOWS\system32\avtapip.dll

2008-06-06 23:14 . 2008-06-06 23:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-06-06 23:14 . 2008-06-06 23:14 1,409 --a------ C:\WINDOWS\QTFont.for

2008-06-05 13:12 . 2008-06-05 13:12 <DIR> d----c--- C:\Program Files\Common Files\Business Objects

2008-06-05 13:12 . 2008-06-05 13:12 <DIR> d----c--- C:\Inertia 3

2008-06-05 13:12 . 2008-06-05 13:12 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\regcrypt

2008-06-05 13:12 . 2008-06-05 13:12 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Macrovision

2008-06-04 15:47 . 2008-06-04 15:47 <DIR> d----c--- C:\Program Files\Microsoft.NET

2008-06-04 15:44 . 2008-06-04 15:44 <DIR> d----c--- C:\Program Files\MSXML 6.0

2008-06-03 15:19 . 2008-06-27 18:30 <DIR> d----c--- C:\Program Files\Legal & General

2008-06-03 15:19 . 2008-06-03 15:19 <DIR> d----c--- C:\Program Files\Common Files\F1

2008-05-29 11:20 . 2008-05-29 11:20 <DIR> d-------- C:\WINDOWS\Crystal

2008-05-29 11:20 . 2008-05-29 11:20 <DIR> d----c--- C:\Program Files\Seagate Software

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-28 22:05 --------- dc----w C:\Documents and Settings\All Users\Application Data\McAfee

2008-06-28 22:00 --------- dc----w C:\Documents and Settings\Steve\Application Data\McAfee

2008-06-28 21:04 --------- dc----w C:\Program Files\MarkInfo

2008-06-28 13:08 --------- dc----w C:\Program Files\McAfee

2008-06-27 19:21 --------- dc----w C:\Program Files\mortgageLink Enterprise

2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-09 18:43 --------- dc----w C:\Program Files\Google

2008-06-05 12:05 --------- d-----w C:\Program Files\Microsoft SQL Server

2008-05-29 10:22 --------- dc-h--w C:\Program Files\InstallShield Installation Information

2008-05-29 10:22 --------- dc----w C:\Program Files\Intermediary Mortgages

2008-05-15 12:25 --------- dc----w C:\Program Files\Coupon Printer

2008-05-13 09:03 34,432 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-24 10:07 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-03-12 12:14 84,808 -c--a-w C:\Documents and Settings\Steve\Application Data\GDIPFONTCACHEV1.DAT

2005-11-23 14:55 62 -c-ha-w C:\Program Files\AppUpdate.log

2005-05-11 18:07 4,811 -c--a-w C:\Program Files\INSTALL.LOG

2001-09-28 16:00 164,864 -c--a-w C:\Program Files\UNWISE.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94CFA39F-389A-4D00-86C2-04F49C10A2D6}]

2003-03-31 13:00 84992 --a------ c:\windows\system32\vqzzxks.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F92C5901-4970-4121-9B82-C52AD1E53785}]

2008-06-29 10:49 88064 --a--c--- C:\WINDOWS\system32\avtapip.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]

"mount.exe"="C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 16:17 374272]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-09-19 14:35 114688]

"SigmaTel StacMon"="C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 19:19 45056]

"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 11:29 40960]

"VAIO Update 2"="C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" [2003-11-18 14:55 135168]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

"StartSQLManager"="C:\Program Files\Microsoft SQL Server\90\Tools\Binn\sqlmangr.exe" [ ]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-01-28 14:49 77824]

"BHR"="C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe" [ ]

"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoBandCustomize"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\videolib\sonydv.dll

"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk

backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Customer Focus Alert.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Customer Focus Alert.lnk

backup=C:\WINDOWS\pss\Customer Focus Alert.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP LaserJet Director.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk

backup=C:\WINDOWS\pss\HP LaserJet Director.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerPanel.lnk

backup=C:\WINDOWS\pss\PowerPanel.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a--c--- 2007-03-09 12:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a--c--- 2007-05-11 04:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEAutoRun]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fub2]

C:\WINDOWS\system32\fub2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]

--a------ 2003-08-14 11:00 90112 C:\Program Files\Sony\HotKey Utility\HKserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP AutoIndexer]

--a--c--- 2002-04-22 13:57 90112 C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP SchedIndexer]

--a--c--- 2002-04-22 13:56 94208 C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a--c--- 2005-02-17 00:11 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a--c--- 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]

--a------ 2002-03-14 17:46 45056 C:\WINDOWS\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a--c--- 2004-01-28 14:49 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]

--a--c--- 2004-02-27 18:29 61440 C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]

--a--c--- 2004-05-20 17:40 188416 C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

--a--c--- 2007-10-31 11:19 378784 C:\Program Files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Abacast\\Abaclient.exe"=

"C:\\WINDOWS\\system32\\msiexec.exe"=

"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

"C:\\StubInstaller.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\WINDOWS\\kdx\\KHost.exe"=

"C:\\Program Files\\KService\\KService.exe"=

"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=

"C:\\Inertia 3\\System\\PSL.Development.MainApp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6346:TCP"= 6346:TCP:iMp3Downloading

"6346:UDP"= 6346:UDP:iMp3Downloading

"5541:TCP"= 5541:TCP:@xpsp2res.dll,-22009

"80:TCP"= 80:TCP:@xpsp2res.dll,-22009

R0 mhksjmhy;mhksjmhy;C:\WINDOWS\system32\drivers\mhksjmhy.sys [2003-03-31 13:00]

R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-05-13 10:03]

R2 MSSQL$INERTIA3_SQL2005;SQL Server (INERTIA3_SQL2005);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sINERTIA3_SQL2005 []

R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-08-26 17:27]

R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 11:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\AUTOPLAY.EXE id=10000020000015000011 ver=1.0.0.0

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd5e0a3e-6b44-11db-959d-080046d2bc2e}]

\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-03-15 09:04:56 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

"2008-03-01 01:00:28 C:\WINDOWS\Tasks\McQcTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-29 10:55:22

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\McAfee\MPF\MpfSrv.exe

C:\Program Files\McAfee\MSK\msksrver.exe

C:\Program Files\Apoint\ApntEx.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\STOPzilla!\STOPzilla.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\McAfee\MSC\mcuimgr.exe