ComboFix 08-02-17.2 - KD 2008-02-17 16:56:18.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.214 [GMT -6:00] Running from: C:\Documents and Settings\KD\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\KD\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\WINDOWS\system32\sstsp.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\sstsp.exe . ((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))) . 2008-02-16 13:59 . 2008-02-16 13:59 d-------- C:\VundoFix Backups 2008-02-14 07:48 . 2007-12-04 07:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-02-14 07:48 . 2007-12-04 06:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-02-14 07:48 . 2007-12-04 08:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-02-14 07:48 . 2007-12-04 08:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-02-14 07:48 . 2007-12-04 08:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-02-14 07:48 . 2007-12-04 08:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-02-14 07:48 . 2007-12-04 08:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-02-12 20:53 . 2008-02-12 20:55 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-01-31 10:13 . 2004-01-09 03:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-17 22:59 --------- d-----w C:\Program Files\SpywareDetector 2008-02-17 22:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-17 22:55 --------- d-----w C:\Program Files\QuickTime 2008-02-17 22:55 --------- d-----w C:\Program Files\ltmoh 2008-02-17 22:55 --------- d-----w C:\Program Files\Apoint2K 2008-02-01 02:22 --------- d-----w C:\Program Files\Napster 2008-02-01 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster 2008-02-01 02:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-01 02:20 --------- d-----w C:\Program Files\Quicken 2008-02-01 02:19 --------- d-----w C:\Program Files\Toshiba 2008-02-01 02:17 --------- d-----w C:\Program Files\MySpace 2008-01-22 14:42 164 ----a-w C:\install.dat 2008-01-04 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-01-04 02:57 --------- d-----w C:\Documents and Settings\KD\Application Data\AVG7 2008-01-04 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-01 17:34 --------- d-----w C:\Program Files\Google 2007-12-31 05:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-31 05:11 44,288 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-12-31 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-29 19:30 --------- d-----w C:\Program Files\Java 2007-12-28 13:20 --------- d-----w C:\Program Files\RcvSystem 2007-12-26 23:12 --------- d-----w C:\Program Files\Plaxo 2007-12-24 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-12-24 03:40 --------- d-----w C:\Program Files\Yahoo! 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-07 03:20 36,296 ----a-w C:\Documents and Settings\KD\Application Data\GDIPFONTCACHEV1.DAT 2007-10-30 13:41 1,508 ----a-w C:\Documents and Settings\KD\Application Data\wklnhst.dat 2007-05-29 05:59 32 ----a-r C:\Documents and Settings\All Users\hash.dat . [code]
----a-w           258,048 2007-12-31 04:50:18  C:\WINDOWS\system32\[u]0[/u]0THotkey .exe
[/code] ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "000StTHK"="000StTHK.exe" [2001-06-23 21:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 16:00 88363 C:\WINDOWS\agrsmmsg.exe] "TFNF5"="TFNF5.exe" [2003-12-02 15:15 73728 C:\WINDOWS\system32\TFNF5.exe] "TPSMain"="TPSMain.exe" [2004-06-01 21:43 278528 C:\WINDOWS\system32\TPSMain.exe] "SDAutoScan"="C:\Program Files\SpywareDetector\SpywareDetector.exe" [2008-02-16 14:42 3257808] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-02-14 07:43 49152] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-02-14 07:43 483328] R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 02:05] S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 13:50] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 04:24] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-17 16:59:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ACS.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\SpywareDetector\SDService.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Completion time: 2008-02-17 17:02:50 - machine was rebooted [KD] ComboFix-quarantined-files.txt 2008-02-17 23:02:46 ComboFix2.txt 2008-02-17 21:35:10 . 2008-02-13 02:58:45 --- E O F ---