ComboFix 08-02-17.2 - KD 2008-02-17 18:44:57.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.209 [GMT -6:00]
Running from: C:\Documents and Settings\KD\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\KD\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\SpywareDetector
C:\Program Files\SpywareDetector\AntiRootKitDLL.dll
C:\Program Files\SpywareDetector\blockActivex.reg
C:\Program Files\SpywareDetector\BlockActivexSD.ini
C:\Program Files\SpywareDetector\Data\host.DB
C:\Program Files\SpywareDetector\Data\RSite.DB
C:\Program Files\SpywareDetector\Data\SD1.DB
C:\Program Files\SpywareDetector\Data\SD10.DB
C:\Program Files\SpywareDetector\Data\SD11.DB
C:\Program Files\SpywareDetector\Data\SD12.DB
C:\Program Files\SpywareDetector\Data\SD13.DB
C:\Program Files\SpywareDetector\Data\SD14.DB
C:\Program Files\SpywareDetector\Data\SD15.DB
C:\Program Files\SpywareDetector\Data\SD16.DB
C:\Program Files\SpywareDetector\Data\SD18.DB
C:\Program Files\SpywareDetector\Data\SD19.DB
C:\Program Files\SpywareDetector\Data\SD2.DB
C:\Program Files\SpywareDetector\Data\SD20.DB
C:\Program Files\SpywareDetector\Data\SD21.DB
C:\Program Files\SpywareDetector\Data\SD22.DB
C:\Program Files\SpywareDetector\Data\SD23.DB
C:\Program Files\SpywareDetector\Data\SD24.DB
C:\Program Files\SpywareDetector\Data\SD25.DB
C:\Program Files\SpywareDetector\Data\SD26.DB
C:\Program Files\SpywareDetector\Data\SD27.DB
C:\Program Files\SpywareDetector\Data\SD28.DB
C:\Program Files\SpywareDetector\Data\SD3.DB
C:\Program Files\SpywareDetector\Data\SD4.DB
C:\Program Files\SpywareDetector\Data\SD5.DB
C:\Program Files\SpywareDetector\Data\SD6.DB
C:\Program Files\SpywareDetector\Data\SD7.DB
C:\Program Files\SpywareDetector\Data\SD8.DB
C:\Program Files\SpywareDetector\Data\SD9.DB
C:\Program Files\SpywareDetector\Data\SM1.db
C:\Program Files\SpywareDetector\Data\SM2.db
C:\Program Files\SpywareDetector\Data\Worms.ini
C:\Program Files\SpywareDetector\DisasmEngineDll.dll
C:\Program Files\SpywareDetector\ExcludeDB.db
C:\Program Files\SpywareDetector\exe.dat
C:\Program Files\SpywareDetector\ExecSDLog.txt
C:\Program Files\SpywareDetector\exefile.dat
C:\Program Files\SpywareDetector\Export.txt
C:\Program Files\SpywareDetector\Export.zip
C:\Program Files\SpywareDetector\ExpWrmMailBody.htm
C:\Program Files\SpywareDetector\FileSignature.dll
C:\Program Files\SpywareDetector\HeurSDLog.txt
C:\Program Files\SpywareDetector\HostDummy.ini
C:\Program Files\SpywareDetector\hostInsert.ini
C:\Program Files\SpywareDetector\hostlistSD
C:\Program Files\SpywareDetector\hostlistSD.ini
C:\Program Files\SpywareDetector\hosts.backup
C:\Program Files\SpywareDetector\Infolsp.dll
C:\Program Files\SpywareDetector\KeyLoggerHandler.dll
C:\Program Files\SpywareDetector\KeyLoggerScanner.dll
C:\Program Files\SpywareDetector\KeyLoggerScanner.exe
C:\Program Files\SpywareDetector\LiveUpdateSD.exe
C:\Program Files\SpywareDetector\Log.htm
C:\Program Files\SpywareDetector\MD5SDLog.txt
C:\Program Files\SpywareDetector\News.txt
C:\Program Files\SpywareDetector\Option.dll
C:\Program Files\SpywareDetector\Restricted.reg
C:\Program Files\SpywareDetector\RootKitLog.log
C:\Program Files\SpywareDetector\RootKitWhiteDB.ini
C:\Program Files\SpywareDetector\SDActualTrackingCookies.ini
C:\Program Files\SpywareDetector\SDAntiRtKt.sys
C:\Program Files\SpywareDetector\SDLiveupdate\ManualUpdate\SDUpdate.exe
C:\Program Files\SpywareDetector\SDLiveupdate\SDProduct.exe
C:\Program Files\SpywareDetector\SDLiveupdate\ServerVersion.txt
C:\Program Files\SpywareDetector\SDLog.txt
C:\Program Files\SpywareDetector\SDRestrictedSites.ini
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\SpywareDetector\SDSystemtray.chm
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\SpywareDetector\SDTrackingCookies.ini
C:\Program Files\SpywareDetector\SDWormsToDelete.ini
C:\Program Files\SpywareDetector\SendReport.exe
C:\Program Files\SpywareDetector\SignatureScanner.dll
C:\Program Files\SpywareDetector\SMTPDll.dll
C:\Program Files\SpywareDetector\SpecialSpyHandler.dll
C:\Program Files\SpywareDetector\SpywareDetector.chm
C:\Program Files\SpywareDetector\SpywareDetector.dll
C:\Program Files\SpywareDetector\SpywareDetector.exe
C:\Program Files\SpywareDetector\Tips.txt
C:\Program Files\SpywareDetector\TipsDll.dll
C:\Program Files\SpywareDetector\TrayPopUp.exe
C:\Program Files\SpywareDetector\ui_bg.jpg
C:\Program Files\SpywareDetector\unins000.dat
C:\Program Files\SpywareDetector\unins000.exe
C:\Program Files\SpywareDetector\UnReg.reg
C:\Program Files\SpywareDetector\UpdatePopUp.exe
C:\Program Files\SpywareDetector\VchReg.dll
C:\Program Files\SpywareDetector\VoucherLog.txt
C:\Program Files\SpywareDetector\WinsockBkp-Win2K.reg
C:\Program Files\SpywareDetector\WinsockBkp-Win98.reg
C:\Program Files\SpywareDetector\WinsockBkp-WinME.reg
C:\Program Files\SpywareDetector\WinsockBkp-WinVista.reg
C:\Program Files\SpywareDetector\WinsockBkp-WinXP.reg
C:\Program Files\SpywareDetector\WinsockBkp-WinXPHE.reg
C:\Program Files\SpywareDetector\wormcounts.ini
.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.
2008-02-16 13:59 . 2008-02-16 13:59
d-------- C:\VundoFix Backups
2008-02-14 07:48 . 2007-12-04 07:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-14 07:48 . 2007-12-04 06:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-14 07:48 . 2007-12-04 08:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-14 07:48 . 2007-12-04 08:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-14 07:48 . 2007-12-04 08:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-14 07:48 . 2007-12-04 08:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-14 07:48 . 2007-12-04 08:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-12 20:53 . 2008-02-12 20:55 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-31 10:13 . 2004-01-09 03:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 22:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-17 22:55 --------- d-----w C:\Program Files\QuickTime
2008-02-17 22:55 --------- d-----w C:\Program Files\ltmoh
2008-02-17 22:55 --------- d-----w C:\Program Files\Apoint2K
2008-02-01 02:22 --------- d-----w C:\Program Files\Napster
2008-02-01 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-02-01 02:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 02:20 --------- d-----w C:\Program Files\Quicken
2008-02-01 02:19 --------- d-----w C:\Program Files\Toshiba
2008-02-01 02:17 --------- d-----w C:\Program Files\MySpace
2008-01-22 14:42 164 ----a-w C:\install.dat
2008-01-04 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-04 02:57 --------- d-----w C:\Documents and Settings\KD\Application Data\AVG7
2008-01-04 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-01 17:34 --------- d-----w C:\Program Files\Google
2007-12-31 05:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-31 05:11 44,288 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-31 04:50 258,048 ----a-w C:\WINDOWS\system32\[u]0[/u]0THotkey.exe
2007-12-31 04:50 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-31 04:50 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe
2007-12-31 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-29 19:30 --------- d-----w C:\Program Files\Java
2007-12-28 13:20 --------- d-----w C:\Program Files\RcvSystem
2007-12-26 23:12 --------- d-----w C:\Program Files\Plaxo
2007-12-24 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-24 03:40 --------- d-----w C:\Program Files\Yahoo!
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-11 00:57 67,024 ----a-w C:\WINDOWS\system32\CloseAll.exe
2007-12-09 00:30 11,728 ----a-w C:\WINDOWS\system32\SDEarlyDelete.exe
2007-12-07 03:20 36,296 ----a-w C:\Documents and Settings\KD\Application Data\GDIPFONTCACHEV1.DAT
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-10-30 13:41 1,508 ----a-w C:\Documents and Settings\KD\Application Data\wklnhst.dat
2007-05-29 05:59 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"000StTHK"="000StTHK.exe" [2001-06-23 21:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 16:00 88363 C:\WINDOWS\agrsmmsg.exe]
"TFNF5"="TFNF5.exe" [2003-12-02 15:15 73728 C:\WINDOWS\system32\TFNF5.exe]
"TPSMain"="TPSMain.exe" [2004-06-01 21:43 278528 C:\WINDOWS\system32\TPSMain.exe]
"SDAutoScan"="C:\Program Files\SpywareDetector\SpywareDetector.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-02-14 07:43 49152]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-02-14 07:43 483328]
R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 02:05]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 13:50]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 04:24]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 18:47:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-17 18:48:01
ComboFix-quarantined-files.txt 2008-02-18 00:47:44
ComboFix2.txt 2008-02-17 23:02:50
ComboFix3.txt 2008-02-17 21:35:10
.
2008-02-13 02:58:45 --- E O F ---