ComboFix 08-03-24.2 - administrator 2008-03-25 8:37:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.154 [GMT -6:00]
Running from: C:\Documents and Settings\administrator\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINNT\default.htm
.
((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.
2008-03-24 11:09 . 2008-03-24 11:09
d-------- C:\Documents and Settings\administrator\DoctorWeb
2008-03-20 14:06 . 2008-03-20 14:06 d-------- C:\Deckard
2008-03-20 12:34 . 2008-03-20 12:34 d-------- C:\WINNT\system32\Kaspersky Lab
2008-03-20 12:34 . 2008-03-20 12:34 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-20 10:01 . 2008-03-20 10:01 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-20 10:01 . 2008-03-20 10:01 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-20 10:01 . 2008-03-20 10:01 d-------- C:\Documents and Settings\administrator\Application Data\Malwarebytes
2008-03-19 16:25 . 2008-03-19 16:25 d-------- C:\Program Files\Trend Micro
2008-03-19 16:11 . 2008-03-19 16:11 d--h----- C:\WINNT\$hf_mig$
2008-03-19 16:11 . 2005-02-24 21:35 22,752 --a------ C:\WINNT\system32\spupdsvc.exe
2008-03-19 15:52 . 2007-07-30 19:19 43,352 --a------ C:\WINNT\system32\wups2.dll
2008-03-19 15:52 . 2007-07-30 19:18 34,136 --a------ C:\WINNT\system32\wucltui.dll.mui
2008-03-19 15:52 . 2007-07-30 19:19 25,944 --a------ C:\WINNT\system32\wuaucpl.cpl.mui
2008-03-19 15:52 . 2007-07-30 19:19 25,944 --a------ C:\WINNT\system32\wuapi.dll.mui
2008-03-19 15:52 . 2007-07-30 19:18 20,312 --a------ C:\WINNT\system32\wuaueng.dll.mui
2008-03-19 15:00 . 2008-03-19 15:00 81,019,630 --a------ C:\WINNT\pav.sig
2008-03-19 14:51 . 2008-03-19 15:01 d-------- C:\WINNT\system32\ASPRO
2008-03-19 14:51 . 2005-10-20 10:34 69,632 --a------ C:\WINNT\system32\asprouni.exe
2008-03-19 14:51 . 2008-03-19 15:27 30,590 --a------ C:\WINNT\system32\pavaspro.ico
2008-03-19 14:51 . 2008-03-19 15:27 2,550 --a------ C:\WINNT\system32\Uninstallpro.ico
2008-03-19 14:51 . 2008-03-19 15:27 1,406 --a------ C:\WINNT\system32\Helppro.ico
2008-03-19 13:44 . 2008-03-19 15:01 d-------- C:\WINNT\system32\ActiveScan
2008-03-19 13:44 . 2008-03-19 15:44 30,590 --a------ C:\WINNT\system32\pavas.ico
2008-03-19 13:44 . 2008-03-19 15:44 2,550 --a------ C:\WINNT\system32\Uninstall.ico
2008-03-19 13:44 . 2008-03-19 15:44 1,406 --a------ C:\WINNT\system32\Help.ico
2008-03-19 11:01 . 2008-03-19 11:01 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-19 11:01 . 2008-03-19 11:01 d-------- C:\Documents and Settings\administrator\Application Data\Grisoft
2008-03-19 11:01 . 2007-05-30 06:10 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2008-03-18 16:34 . 2008-03-18 16:34 d--h----- C:\WINNT\system32\GroupPolicy
2008-02-26 20:26 . 2008-02-26 20:26 262,144 --a------ C:\Documents and Settings\__sbs_netsetup__\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 14:41 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-03-19 21:01 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-19 21:01 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-03-19 21:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-19 20:23 --------- d-----w C:\Program Files\PhoneTools
2008-03-18 14:33 --------- d-----w C:\Documents and Settings\administrator\Application Data\SUPERAntiSpyware.com
2008-03-18 14:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-04 20:09 188,416 ----a-w C:\WINNT\java\PARTYPokerDir\PARTYPokerDA.dll
2008-02-22 16:34 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2008-02-22 16:33 28,672 ----a-w C:\WINNT\system32\drivers\goprot51.sys
2008-02-22 15:47 --------- d--h--w C:\Documents and Settings\administrator\Application Data\GTek
2008-02-22 15:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\Gtek
2008-02-22 15:47 --------- d-----w C:\Documents and Settings\op\Application Data\Gtek
2008-02-22 15:47 --------- d-----w C:\Documents and Settings\mflinn\Application Data\Gtek
2008-02-22 15:47 --------- d-----w C:\Documents and Settings\kzimmermAN\Application Data\Gtek
2008-01-16 22:39 99,160 ----a-w C:\Documents and Settings\administrator\Application Data\GDIPFONTCACHEV1.DAT
2005-01-12 14:36 92,824 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06 1667584]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 08:59 224248]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 09:36 143360]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 11:01 392832]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GWMDMMSG"="GWMDMMSG.exe" [2002-03-06 09:08 101611 C:\WINNT\GWMDMMSG.exe]
"CapFax"="C:\Program Files\PhoneTools\CapFax.EXE" [2001-11-07 13:25 20480]
"nwiz"="nwiz.exe" [2002-05-03 09:06 364544 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [2005-04-01 15:16 86016]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 13:50 66048 C:\WINNT\system32\SK9910DM.EXE]
"Synchronization Manager"="C:\WINNT\system32\mobsync.exe" [2004-08-03 23:56 143360]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 15:44 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 14:18 124128]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 10:38 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 03:50 19968 C:\WINNT\LOGI_MWX.EXE]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-01 09:01 53248]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-01 09:01 114688]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]
"P17Helper"="P17.dll" [2005-05-03 05:38 64512 C:\WINNT\system32\P17.dll]
"UpdReg"="C:\WINNT\UpdReg.EXE" [2000-05-11 01:00 90112]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 08:59 224248]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-10-25 14:24:27 169472]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-11-15 04:31:34 806912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\winav.exe"=
R3 LCcfltr;Logitech USB Filter Driver;C:\WINNT\system32\Drivers\LCcFltr.Sys [2003-11-07 03:50]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\system32\DRIVERS\usbprint.sys [2004-08-03 22:01]
S2 diperto3b97-6fe8;diperto3b97-6fe8;C:\WINNT\system32\diperto3b97-6fe8.sys []
S2 NMSSvc;Intel(R) NMS;C:\WINNT\System32\NMSSvc.exe [2002-05-03 11:36]
S3 EPUSBSTOR;EPSON USB Storage Driver;C:\WINNT\system32\DRIVERS\epusbsto.sys [2001-09-09 18:00]
S3 PCDRDRV;Pcdr Helper Driver;C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
S3 scsiscan;SCSI Scanner Driver;C:\WINNT\system32\DRIVERS\scsiscan.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 14:42:21 C:\WINNT\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 08:42:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\system32\Rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
.
**************************************************************************
.
Completion time: 2008-03-25 8:44:29 - machine was rebooted [administrator]
ComboFix-quarantined-files.txt 2008-03-25 14:44:26