ComboFix 08-02-17.2 - KD 2008-02-16 15:20:38.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.116 [GMT -6:00] Running from: C:\Documents and Settings\KD\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\koos.exe C:\WINDOWS\system32\kprof C:\WINDOWS\system32\poof C:\WINDOWS\system32\sstsp.dll C:\Program Files\SpywareDetector\LiveUpdateSD.exe C:\Program Files\SpywareDetector\SDSystemTray.exe C:\WINDOWS\cookies.ini C:\WINDOWS\hosts C:\WINDOWS\system32\epfhbwbv.ini C:\WINDOWS\system32\epfhbwbv.tmp C:\WINDOWS\system32\pstss.ini C:\WINDOWS\system32\pstss.ini2 C:\WINDOWS\system32\qmyykmvf.ini C:\WINDOWS\system32\rkshtrdh.ini C:\WINDOWS\system32\sccrnnql.ini C:\WINDOWS\system32\siglunte.ini C:\WINDOWS\system32\sstsp.dll C:\WINDOWS\system32\uposfweu.ini C:\WINDOWS\system32\vbwbhfpe.dll . ((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))) . 2008-02-16 13:59 . 2008-02-16 13:59 d-------- C:\VundoFix Backups 2008-02-14 20:49 . 2008-02-16 14:39 344,064 --a------ C:\WINDOWS\system32\sstsp.exe 2008-02-14 07:48 . 2007-12-04 07:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-02-14 07:48 . 2007-12-04 06:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-02-14 07:48 . 2007-12-04 08:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-02-14 07:48 . 2007-12-04 08:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-02-14 07:48 . 2007-12-04 08:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-02-14 07:48 . 2007-12-04 08:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-02-14 07:48 . 2007-12-04 08:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-02-12 20:53 . 2008-02-12 20:55 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-01-31 10:13 . 2004-01-09 03:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-17 21:26 --------- d-----w C:\Program Files\SpywareDetector 2008-02-01 02:22 --------- d-----w C:\Program Files\Napster 2008-02-01 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster 2008-02-01 02:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-01 02:20 --------- d-----w C:\Program Files\Quicken 2008-02-01 02:19 --------- d-----w C:\Program Files\Toshiba 2008-02-01 02:17 --------- d-----w C:\Program Files\MySpace 2008-01-22 14:42 164 ----a-w C:\install.dat 2008-01-04 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-01-04 02:57 --------- d-----w C:\Documents and Settings\KD\Application Data\AVG7 2008-01-04 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-03 14:34 --------- d-----w C:\Program Files\QuickTime 2008-01-01 17:34 --------- d-----w C:\Program Files\Google 2008-01-01 17:31 --------- d-----w C:\Program Files\Apoint2K 2007-12-31 05:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-31 05:11 44,288 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-12-31 02:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2007-12-31 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-29 19:30 --------- d-----w C:\Program Files\Java 2007-12-29 15:51 --------- d-----w C:\Program Files\ltmoh 2007-12-28 13:20 --------- d-----w C:\Program Files\RcvSystem 2007-12-26 23:12 --------- d-----w C:\Program Files\Plaxo 2007-12-24 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-12-24 03:40 --------- d-----w C:\Program Files\Yahoo! 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-07 03:20 36,296 ----a-w C:\Documents and Settings\KD\Application Data\GDIPFONTCACHEV1.DAT 2007-10-30 13:41 1,508 ----a-w C:\Documents and Settings\KD\Application Data\wklnhst.dat 2007-05-29 05:59 32 ----a-r C:\Documents and Settings\All Users\hash.dat . [code]
----a-w           483,328 2008-02-14 13:43:19  C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
----a-w           192,512 2007-12-31 04:50:24  C:\Program Files\Apoint2K\Apoint .exe
----a-w            49,152 2007-12-31 04:51:18  C:\Program Files\Brother\Brmfl04g\BrStDvPt .exe
----a-w           864,256 2007-12-31 04:51:24  C:\Program Files\Brother\ControlCenter2\brctrcen .exe
----a-w           155,648 2007-12-31 04:51:14  C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
----a-w            68,856 2007-12-31 04:51:42  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w         6,731,312 2007-12-29 20:33:23  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas           .exe
----a-w            49,152 2008-02-14 13:43:15  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w           132,496 2007-12-29 19:15:21  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w           132,496 2007-12-31 04:51:23  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w           184,320 2007-12-29 15:54:17  C:\Program Files\ltmoh\Ltmoh .exe
----a-w         1,694,208 2007-12-31 04:51:53  C:\Program Files\Messenger\msmsgs .exe
----a-w           226,890 2007-12-26 22:48:15  C:\Program Files\Plaxo\2.13.1.2\PlaxoHelper .exe
----a-w            98,304 2008-01-01 17:32:06  C:\Program Files\QuickTime\qttask                                    .exe
----a-w            40,960 2007-12-31 04:51:18  C:\Program Files\ScanSoft\PaperPort\IndexSearch .exe
----a-w            57,393 2007-12-31 04:51:16  C:\Program Files\ScanSoft\PaperPort\pptd40nt .exe
----a-w            86,073 2007-12-31 04:50:30  C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon .exe
----a-w         1,460,560 2007-12-31 02:48:00  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w           419,280 2008-02-16 20:41:58  C:\Program Files\SpywareDetector\LiveUpdateSD .exe
----a-w           706,000 2008-02-16 20:41:59  C:\Program Files\SpywareDetector\SDSystemTray .exe
----a-w         3,257,808 2008-02-16 20:42:07  C:\Program Files\SpywareDetector\SpywareDetector .exe
----a-w            65,536 2007-12-31 04:51:34  C:\Program Files\Toshiba\TOSCDSPD\toscdspd .exe
----a-w           135,168 2007-12-31 04:50:53  C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView .exe
----a-w         1,089,589 2007-12-31 04:50:49  C:\Program Files\Toshiba\Touch and Launch\PadExe .exe
----a-w           126,976 2007-12-31 04:50:57  C:\Program Files\Toshiba\TouchED\TouchED .Exe
----a-w           151,552 2007-12-31 04:51:06  C:\TOSHIBA\IVP\ISM\pinger .exe
----a-w           258,048 2007-12-31 04:50:18  C:\WINDOWS\system32\[u]0[/u]0THotkey .exe
----a-w            15,360 2008-01-21 16:55:19  C:\WINDOWS\system32\ctfmon .exe
----a-w           118,784 2007-12-31 04:50:25  C:\WINDOWS\system32\hkcmd .exe
----a-w           155,648 2007-12-31 04:50:24  C:\WINDOWS\system32\igfxtray .exe
----a-w           122,939 2007-12-31 04:51:04  C:\WINDOWS\system32\dla\tfswctrl .exe
[/code] -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "000StTHK"="000StTHK.exe" [2001-06-23 21:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 16:00 88363 C:\WINDOWS\agrsmmsg.exe] "TFNF5"="TFNF5.exe" [2003-12-02 15:15 73728 C:\WINDOWS\system32\TFNF5.exe] "TPSMain"="TPSMain.exe" [2004-06-01 21:43 278528 C:\WINDOWS\system32\TPSMain.exe] "SDAutoScan"="C:\Program Files\SpywareDetector\SpywareDetector.exe" [2008-02-08 10:36 3257808] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-02-16 14:38 395264] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-02-16 14:39 833536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkkkl] R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 02:05] S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 13:50] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 04:24] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-17 15:30:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ACS.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\SpywareDetector\SDService.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Completion time: 2008-02-17 15:35:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-17 21:34:59 . 2008-02-13 02:58:45 --- E O F ---