ComboFix 08-02-17.2 - Nadene 2008-02-16 16:08:13.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.185 [GMT -5:00] Running from: C:\Documents and Settings\Nadene\Local Settings\Temporary Internet Files\Content.IE5\7XUVXZKW\ComboFix[1].exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\7_exception.nls C:\WINDOWS\system32\drivers\Vdi30.sys C:\WINDOWS\system32\ksvcl.dll C:\WINDOWS\Temp\126291.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_VDI30 -------\Vdi30 ((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))) . 2008-02-16 10:00 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-02-16 09:11 . 2008-02-16 09:11 d-------- C:\WINDOWS\ERUNT 2008-02-16 09:00 . 2008-02-16 09:36 d----c--- C:\SDFix 2008-02-15 20:19 . 2008-02-16 16:00 6,656 --a------ C:\WINDOWS\system32\WLCtrl32.dll 2008-02-15 09:29 . 2008-02-15 10:13 655 --a------ C:\WINDOWS\wininit.ini 2008-02-15 08:52 . 2008-02-15 08:53 d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-15 08:52 . 2008-02-15 09:32 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-14 10:56 . 2008-02-14 10:56 d-------- C:\Program Files\Trend Micro 2008-02-14 10:10 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys 2008-02-14 09:56 . 2008-02-14 09:57 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-14 09:55 . 2008-02-14 09:57 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-14 09:33 . 2008-02-16 07:57 d-------- C:\Program Files\SUPERAntiSpyware 2008-02-14 09:33 . 2008-02-14 09:33 d----c--- C:\Documents and Settings\Nadene\Application Data\SUPERAntiSpyware.com 2008-02-14 09:33 . 2008-02-14 09:33 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-14 09:31 . 2008-02-14 09:31 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-14 08:06 . 2008-02-14 08:06 76 --a------ C:\WINDOWS\system32\ikhcore.cfg 2008-02-12 19:39 . 2008-02-12 19:39 d-------- C:\Documents and Settings\LocalService\Application Data\AOL 2008-02-12 19:06 . 2008-02-14 08:08 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-30 10:41 . 2008-01-30 10:46 d-------- C:\WINDOWS\SxsCaPendDel 2008-01-30 10:20 . 2008-01-30 10:22 5,120 --a------ C:\WINDOWS\system32\drivers\F9FF439A-8EE4-4EF3-9FEF-94EA9965D927.cxv 2008-01-30 10:18 . 2008-01-30 10:18 5,120 --a------ C:\WINDOWS\system32\drivers\C33D22E3-EA4B-4375-8B2A-B04DC6C0CD21.cxv 2008-01-30 10:15 . 2008-01-30 10:15 d-------- C:\Program Files\Common Files\iS3 2008-01-30 10:15 . 2008-01-30 10:40 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2008-01-30 09:33 . 2008-01-30 09:33 d--h----- C:\WINDOWS\PIF 2008-01-17 15:06 . 2008-01-30 08:57 24,673 --a------ C:\WINDOWS\system32\kcopt.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-17 21:13 --------- dc-h--w C:\Documents and Settings\Nadene\Application Data\AVG7 2008-02-16 14:56 --------- d--h--w C:\Documents and Settings\All Users\Application Data\avg7 2008-02-15 01:19 --------- dc----w C:\Documents and Settings\Nadene\Application Data\OpenOffice.org2 2008-02-15 01:08 --------- d-----w C:\Program Files\EMCO Malware Destroyer 2008-02-14 15:49 --------- d-----w C:\Program Files\Java 2008-02-14 15:11 --------- d-----w C:\Program Files\AOL 9.0 2008-02-14 15:10 --------- d-----w C:\Program Files\Dell TrueMobile 5100 2008-01-02 17:06 --------- d-----w C:\Program Files\Common Files\aol 2008-01-01 04:31 21,760 ----a-w C:\WINDOWS\Inq47.sys 2008-01-01 02:25 21,760 ----a-w C:\WINDOWS\system32\drivers\Inq47.sys 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-10 15:46 525 ----a-w C:\Program Files\Office..lnk 2007-12-09 22:29 167 ----a-w C:\Program Files\vuepro32.ini 1999-01-31 16:02 991,232 ----a-w C:\Program Files\vuepro32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:00 110592 C:\WINDOWS\system32\bthprops.cpl] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 13:35 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 13:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 13:36 114688] "GC75-Manager-Class"="C:\Program Files\Dell TrueMobile 5100\GPRSMgr.exe" [2004-03-27 02:10 721017] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 12:08 1347584] "ZCfgSvc.exe"="C:\WINDOWS\system32\ZCfgSvc.exe" [2005-07-05 04:32 639040] "PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 11:31 135168] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-22 18:36 579072] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "HostManager"="C:\Program Files\Common Files\AOL\1197238540\ee\AOLSoftware.exe" [2006-09-25 19:52 50736] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-09 11:20 219136] "AOL Fast Start"="C:\PROGRA~1\AOL9~1.0\AOL.exe" [2007-04-18 01:49 50736] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] C:\WINDOWS\system32\LgNotify.dll 2005-07-05 04:33 188482 C:\WINDOWS\system32\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32] WLCtrl32.dll 2008-02-16 16:00 6656 C:\WINDOWS\system32\WLCtrl32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\WINDOWS\system32\svchtr.dll R0 Inq47;Inq47;C:\WINDOWS\system32\Drivers\Inq47.sys [2007-12-31 21:25] R0 Kos26;Kos26;C:\WINDOWS\system32\Drivers\Kos26.sys [2008-02-17 16:14] R3 GTICARD;GTICARD;C:\WINDOWS\system32\DRIVERS\gticard.sys [2003-10-23 20:04] S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-11-22 23:01] *Newly Created Service* - KOS26 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-17 16:14:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxsrvc.exe . ************************************************************************** . Completion time: 2008-02-17 16:16:20 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-17 21:15:34 . 2008-02-14 13:13:45 --- E O F ---