ComboFix 08-02-17.2 - KD 2008-02-17 18:44:57.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.209 [GMT -6:00] Running from: C:\Documents and Settings\KD\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\KD\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\SpywareDetector C:\Program Files\SpywareDetector\AntiRootKitDLL.dll C:\Program Files\SpywareDetector\blockActivex.reg C:\Program Files\SpywareDetector\BlockActivexSD.ini C:\Program Files\SpywareDetector\Data\host.DB C:\Program Files\SpywareDetector\Data\RSite.DB C:\Program Files\SpywareDetector\Data\SD1.DB C:\Program Files\SpywareDetector\Data\SD10.DB C:\Program Files\SpywareDetector\Data\SD11.DB C:\Program Files\SpywareDetector\Data\SD12.DB C:\Program Files\SpywareDetector\Data\SD13.DB C:\Program Files\SpywareDetector\Data\SD14.DB C:\Program Files\SpywareDetector\Data\SD15.DB C:\Program Files\SpywareDetector\Data\SD16.DB C:\Program Files\SpywareDetector\Data\SD18.DB C:\Program Files\SpywareDetector\Data\SD19.DB C:\Program Files\SpywareDetector\Data\SD2.DB C:\Program Files\SpywareDetector\Data\SD20.DB C:\Program Files\SpywareDetector\Data\SD21.DB C:\Program Files\SpywareDetector\Data\SD22.DB C:\Program Files\SpywareDetector\Data\SD23.DB C:\Program Files\SpywareDetector\Data\SD24.DB C:\Program Files\SpywareDetector\Data\SD25.DB C:\Program Files\SpywareDetector\Data\SD26.DB C:\Program Files\SpywareDetector\Data\SD27.DB C:\Program Files\SpywareDetector\Data\SD28.DB C:\Program Files\SpywareDetector\Data\SD3.DB C:\Program Files\SpywareDetector\Data\SD4.DB C:\Program Files\SpywareDetector\Data\SD5.DB C:\Program Files\SpywareDetector\Data\SD6.DB C:\Program Files\SpywareDetector\Data\SD7.DB C:\Program Files\SpywareDetector\Data\SD8.DB C:\Program Files\SpywareDetector\Data\SD9.DB C:\Program Files\SpywareDetector\Data\SM1.db C:\Program Files\SpywareDetector\Data\SM2.db C:\Program Files\SpywareDetector\Data\Worms.ini C:\Program Files\SpywareDetector\DisasmEngineDll.dll C:\Program Files\SpywareDetector\ExcludeDB.db C:\Program Files\SpywareDetector\exe.dat C:\Program Files\SpywareDetector\ExecSDLog.txt C:\Program Files\SpywareDetector\exefile.dat C:\Program Files\SpywareDetector\Export.txt C:\Program Files\SpywareDetector\Export.zip C:\Program Files\SpywareDetector\ExpWrmMailBody.htm C:\Program Files\SpywareDetector\FileSignature.dll C:\Program Files\SpywareDetector\HeurSDLog.txt C:\Program Files\SpywareDetector\HostDummy.ini C:\Program Files\SpywareDetector\hostInsert.ini C:\Program Files\SpywareDetector\hostlistSD C:\Program Files\SpywareDetector\hostlistSD.ini C:\Program Files\SpywareDetector\hosts.backup C:\Program Files\SpywareDetector\Infolsp.dll C:\Program Files\SpywareDetector\KeyLoggerHandler.dll C:\Program Files\SpywareDetector\KeyLoggerScanner.dll C:\Program Files\SpywareDetector\KeyLoggerScanner.exe C:\Program Files\SpywareDetector\LiveUpdateSD.exe C:\Program Files\SpywareDetector\Log.htm C:\Program Files\SpywareDetector\MD5SDLog.txt C:\Program Files\SpywareDetector\News.txt C:\Program Files\SpywareDetector\Option.dll C:\Program Files\SpywareDetector\Restricted.reg C:\Program Files\SpywareDetector\RootKitLog.log C:\Program Files\SpywareDetector\RootKitWhiteDB.ini C:\Program Files\SpywareDetector\SDActualTrackingCookies.ini C:\Program Files\SpywareDetector\SDAntiRtKt.sys C:\Program Files\SpywareDetector\SDLiveupdate\ManualUpdate\SDUpdate.exe C:\Program Files\SpywareDetector\SDLiveupdate\SDProduct.exe C:\Program Files\SpywareDetector\SDLiveupdate\ServerVersion.txt C:\Program Files\SpywareDetector\SDLog.txt C:\Program Files\SpywareDetector\SDRestrictedSites.ini C:\Program Files\SpywareDetector\SDService.exe C:\Program Files\SpywareDetector\SDSystemtray.chm C:\Program Files\SpywareDetector\SDSystemTray.exe C:\Program Files\SpywareDetector\SDTrackingCookies.ini C:\Program Files\SpywareDetector\SDWormsToDelete.ini C:\Program Files\SpywareDetector\SendReport.exe C:\Program Files\SpywareDetector\SignatureScanner.dll C:\Program Files\SpywareDetector\SMTPDll.dll C:\Program Files\SpywareDetector\SpecialSpyHandler.dll C:\Program Files\SpywareDetector\SpywareDetector.chm C:\Program Files\SpywareDetector\SpywareDetector.dll C:\Program Files\SpywareDetector\SpywareDetector.exe C:\Program Files\SpywareDetector\Tips.txt C:\Program Files\SpywareDetector\TipsDll.dll C:\Program Files\SpywareDetector\TrayPopUp.exe C:\Program Files\SpywareDetector\ui_bg.jpg C:\Program Files\SpywareDetector\unins000.dat C:\Program Files\SpywareDetector\unins000.exe C:\Program Files\SpywareDetector\UnReg.reg C:\Program Files\SpywareDetector\UpdatePopUp.exe C:\Program Files\SpywareDetector\VchReg.dll C:\Program Files\SpywareDetector\VoucherLog.txt C:\Program Files\SpywareDetector\WinsockBkp-Win2K.reg C:\Program Files\SpywareDetector\WinsockBkp-Win98.reg C:\Program Files\SpywareDetector\WinsockBkp-WinME.reg C:\Program Files\SpywareDetector\WinsockBkp-WinVista.reg C:\Program Files\SpywareDetector\WinsockBkp-WinXP.reg C:\Program Files\SpywareDetector\WinsockBkp-WinXPHE.reg C:\Program Files\SpywareDetector\wormcounts.ini . ((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))) . 2008-02-16 13:59 . 2008-02-16 13:59 d-------- C:\VundoFix Backups 2008-02-14 07:48 . 2007-12-04 07:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-02-14 07:48 . 2007-12-04 06:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-02-14 07:48 . 2007-12-04 08:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-02-14 07:48 . 2007-12-04 08:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-02-14 07:48 . 2007-12-04 08:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-02-14 07:48 . 2007-12-04 08:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-02-14 07:48 . 2007-12-04 08:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-02-12 20:53 . 2008-02-12 20:55 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-01-31 10:13 . 2004-01-09 03:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-17 22:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-17 22:55 --------- d-----w C:\Program Files\QuickTime 2008-02-17 22:55 --------- d-----w C:\Program Files\ltmoh 2008-02-17 22:55 --------- d-----w C:\Program Files\Apoint2K 2008-02-01 02:22 --------- d-----w C:\Program Files\Napster 2008-02-01 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster 2008-02-01 02:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-01 02:20 --------- d-----w C:\Program Files\Quicken 2008-02-01 02:19 --------- d-----w C:\Program Files\Toshiba 2008-02-01 02:17 --------- d-----w C:\Program Files\MySpace 2008-01-22 14:42 164 ----a-w C:\install.dat 2008-01-04 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-01-04 02:57 --------- d-----w C:\Documents and Settings\KD\Application Data\AVG7 2008-01-04 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-01 17:34 --------- d-----w C:\Program Files\Google 2007-12-31 05:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-31 05:11 44,288 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-12-31 04:50 258,048 ----a-w C:\WINDOWS\system32\[u]0[/u]0THotkey.exe 2007-12-31 04:50 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe 2007-12-31 04:50 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe 2007-12-31 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-29 19:30 --------- d-----w C:\Program Files\Java 2007-12-28 13:20 --------- d-----w C:\Program Files\RcvSystem 2007-12-26 23:12 --------- d-----w C:\Program Files\Plaxo 2007-12-24 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-12-24 03:40 --------- d-----w C:\Program Files\Yahoo! 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-11 00:57 67,024 ----a-w C:\WINDOWS\system32\CloseAll.exe 2007-12-09 00:30 11,728 ----a-w C:\WINDOWS\system32\SDEarlyDelete.exe 2007-12-07 03:20 36,296 ----a-w C:\Documents and Settings\KD\Application Data\GDIPFONTCACHEV1.DAT 2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-10-30 13:41 1,508 ----a-w C:\Documents and Settings\KD\Application Data\wklnhst.dat 2007-05-29 05:59 32 ----a-r C:\Documents and Settings\All Users\hash.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "000StTHK"="000StTHK.exe" [2001-06-23 21:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 16:00 88363 C:\WINDOWS\agrsmmsg.exe] "TFNF5"="TFNF5.exe" [2003-12-02 15:15 73728 C:\WINDOWS\system32\TFNF5.exe] "TPSMain"="TPSMain.exe" [2004-06-01 21:43 278528 C:\WINDOWS\system32\TPSMain.exe] "SDAutoScan"="C:\Program Files\SpywareDetector\SpywareDetector.exe" [ ] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-02-14 07:43 49152] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-02-14 07:43 483328] R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 02:05] S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 13:50] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 04:24] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-17 18:47:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-17 18:48:01 ComboFix-quarantined-files.txt 2008-02-18 00:47:44 ComboFix2.txt 2008-02-17 23:02:50 ComboFix3.txt 2008-02-17 21:35:10 . 2008-02-13 02:58:45 --- E O F ---