ComboFix 08-01-23.1C - Nitin 2008-01-26 15:16:01.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.230 [GMT -6:00] Running from: C:\Documents and Settings\Nitin\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 ))))))))))))))))))))))))))))))) . 2008-01-26 15:04 . 2008-01-26 15:04 d-------- C:\Program Files\Trend Micro 2008-01-20 23:21 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-20 20:28 . 2008-01-20 20:28 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-01-20 20:28 . 2008-01-20 20:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-01-20 13:53 . 2008-01-21 16:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-20 13:53 . 2008-01-20 13:53 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-20 13:52 . 2008-01-20 13:52 d-------- C:\Program Files\iTunes 2008-01-20 13:52 . 2008-01-20 13:52 d-------- C:\Program Files\iPod 2008-01-20 13:51 . 2008-01-20 13:52 d-------- C:\Program Files\QuickTime 2008-01-20 13:51 . 2008-01-20 13:51 d-------- C:\Program Files\Common Files\Apple 2008-01-20 13:51 . 2008-01-20 13:51 d-------- C:\Program Files\Apple Software Update 2008-01-20 11:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-10 00:10 . 2008-01-20 23:28 d-------- C:\Program Files\Proxy Switcher Standard 2008-01-07 23:39 . 2008-01-07 23:39 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll 2008-01-07 23:15 . 2008-01-07 23:15 d-------- C:\Program Files\uTorrent 2008-01-06 11:28 . 2008-01-06 11:29 70,656 --a------ C:\WINDOWS\ScUnin.exe 2008-01-06 11:28 . 2008-01-06 11:29 32,845 --a------ C:\WINDOWS\scunin.dat 2008-01-06 11:28 . 2008-01-06 11:29 967 --a------ C:\WINDOWS\ScUnin.pif 2008-01-06 11:27 . 2008-01-06 11:29 d-------- C:\Program Files\Starcraft 2008-01-05 10:39 . 2008-01-05 10:39 1,158 --a------ C:\WINDOWS\mozver.dat 2007-12-30 15:28 . 2007-12-31 03:05 d-------- C:\Program Files\Journal Macro 2007-12-28 16:39 . 2007-12-28 16:39 d-------- C:\WINDOWS\system32\LogFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-23 04:13 --------- d-----w C:\Program Files\EA SPORTS 2007-12-23 04:12 --------- d-----w C:\Program Files\DAEMON Tools Lite 2007-12-23 04:09 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-23 03:31 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-12-23 03:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-23 03:31 --------- d-----w C:\Program Files\Realtek 2007-12-23 03:31 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-23 03:29 --------- d-----w C:\Program Files\HP 2007-12-22 14:45 --------- d--h--w C:\Program Files\Uninstall Information 2007-12-22 14:31 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-20_11.30.42.46 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-20 17:27:17 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-01-26 21:15:40 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-01-20 17:27:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-26 21:15:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat - 2008-01-20 17:27:17 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT + 2008-01-26 21:15:40 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT - 2008-01-20 17:27:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat + 2008-01-26 21:15:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat - 2008-01-20 17:27:18 1,392,640 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT + 2008-01-26 21:15:40 1,499,136 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT - 2008-01-20 17:27:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-26 21:15:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-20 19:51:41 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe + 2008-01-20 19:53:09 102,400 ----a-r C:\WINDOWS\Installer\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}\iTunesIco.exe + 2008-01-21 02:28:41 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys + 2008-01-21 02:28:45 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys + 2008-01-21 02:28:45 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys + 2008-01-21 14:10:49 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys + 2008-01-21 14:10:43 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys + 2008-01-21 02:28:51 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys + 2006-09-19 20:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys + 2008-01-15 08:39:58 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys + 2006-10-04 01:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll + 2006-12-02 04:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-02 04:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-02 04:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 14:13 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-08-24 11:01 135168] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-08-24 11:01 159744] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-08-24 11:00 131072] "RTHDCPL"="RTHDCPL.EXE" [2007-08-20 15:38 16384512 C:\WINDOWS\RTHDCPL.exe] "MonAppli"="C:\Windows\system32\isys32.exe" [2007-06-01 16:16 151552] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-21 08:10 579072] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-20 20:28 219136] R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-10-17 19:50] *Newly Created Service* - AVGASCLN . Contents of the 'Scheduled Tasks' folder "2008-01-24 16:27:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-26 15:18:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-26 15:18:52 ComboFix-quarantined-files.txt 2008-01-26 21:18:42 ComboFix2.txt 2008-01-20 17:31:01 . 2008-01-10 09:00:37 --- E O F ---