ComboFix 08-03-24.2 - administrator 2008-03-25 8:37:18.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.154 [GMT -6:00] Running from: C:\Documents and Settings\administrator\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINNT\default.htm . ((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))) . 2008-03-24 11:09 . 2008-03-24 11:09 d-------- C:\Documents and Settings\administrator\DoctorWeb 2008-03-20 14:06 . 2008-03-20 14:06 d-------- C:\Deckard 2008-03-20 12:34 . 2008-03-20 12:34 d-------- C:\WINNT\system32\Kaspersky Lab 2008-03-20 12:34 . 2008-03-20 12:34 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-20 10:01 . 2008-03-20 10:01 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-03-20 10:01 . 2008-03-20 10:01 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-03-20 10:01 . 2008-03-20 10:01 d-------- C:\Documents and Settings\administrator\Application Data\Malwarebytes 2008-03-19 16:25 . 2008-03-19 16:25 d-------- C:\Program Files\Trend Micro 2008-03-19 16:11 . 2008-03-19 16:11 d--h----- C:\WINNT\$hf_mig$ 2008-03-19 16:11 . 2005-02-24 21:35 22,752 --a------ C:\WINNT\system32\spupdsvc.exe 2008-03-19 15:52 . 2007-07-30 19:19 43,352 --a------ C:\WINNT\system32\wups2.dll 2008-03-19 15:52 . 2007-07-30 19:18 34,136 --a------ C:\WINNT\system32\wucltui.dll.mui 2008-03-19 15:52 . 2007-07-30 19:19 25,944 --a------ C:\WINNT\system32\wuaucpl.cpl.mui 2008-03-19 15:52 . 2007-07-30 19:19 25,944 --a------ C:\WINNT\system32\wuapi.dll.mui 2008-03-19 15:52 . 2007-07-30 19:18 20,312 --a------ C:\WINNT\system32\wuaueng.dll.mui 2008-03-19 15:00 . 2008-03-19 15:00 81,019,630 --a------ C:\WINNT\pav.sig 2008-03-19 14:51 . 2008-03-19 15:01 d-------- C:\WINNT\system32\ASPRO 2008-03-19 14:51 . 2005-10-20 10:34 69,632 --a------ C:\WINNT\system32\asprouni.exe 2008-03-19 14:51 . 2008-03-19 15:27 30,590 --a------ C:\WINNT\system32\pavaspro.ico 2008-03-19 14:51 . 2008-03-19 15:27 2,550 --a------ C:\WINNT\system32\Uninstallpro.ico 2008-03-19 14:51 . 2008-03-19 15:27 1,406 --a------ C:\WINNT\system32\Helppro.ico 2008-03-19 13:44 . 2008-03-19 15:01 d-------- C:\WINNT\system32\ActiveScan 2008-03-19 13:44 . 2008-03-19 15:44 30,590 --a------ C:\WINNT\system32\pavas.ico 2008-03-19 13:44 . 2008-03-19 15:44 2,550 --a------ C:\WINNT\system32\Uninstall.ico 2008-03-19 13:44 . 2008-03-19 15:44 1,406 --a------ C:\WINNT\system32\Help.ico 2008-03-19 11:01 . 2008-03-19 11:01 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-19 11:01 . 2008-03-19 11:01 d-------- C:\Documents and Settings\administrator\Application Data\Grisoft 2008-03-19 11:01 . 2007-05-30 06:10 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys 2008-03-18 16:34 . 2008-03-18 16:34 d--h----- C:\WINNT\system32\GroupPolicy 2008-02-26 20:26 . 2008-02-26 20:26 262,144 --a------ C:\Documents and Settings\__sbs_netsetup__\NTUSER.DAT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-25 14:41 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-03-19 21:01 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-03-19 21:01 --------- d-----w C:\Program Files\Linksys EasyLink Advisor 2008-03-19 21:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-19 20:23 --------- d-----w C:\Program Files\PhoneTools 2008-03-18 14:33 --------- d-----w C:\Documents and Settings\administrator\Application Data\SUPERAntiSpyware.com 2008-03-18 14:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-04 20:09 188,416 ----a-w C:\WINNT\java\PARTYPokerDir\PARTYPokerDA.dll 2008-02-22 16:34 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek 2008-02-22 16:33 28,672 ----a-w C:\WINNT\system32\drivers\goprot51.sys 2008-02-22 15:47 --------- d--h--w C:\Documents and Settings\administrator\Application Data\GTek 2008-02-22 15:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\Gtek 2008-02-22 15:47 --------- d-----w C:\Documents and Settings\op\Application Data\Gtek 2008-02-22 15:47 --------- d-----w C:\Documents and Settings\mflinn\Application Data\Gtek 2008-02-22 15:47 --------- d-----w C:\Documents and Settings\kzimmermAN\Application Data\Gtek 2008-01-16 22:39 99,160 ----a-w C:\Documents and Settings\administrator\Application Data\GDIPFONTCACHEV1.DAT 2005-01-12 14:36 92,824 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06 1667584] "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 08:59 224248] "Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 09:36 143360] "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 11:01 392832] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GWMDMMSG"="GWMDMMSG.exe" [2002-03-06 09:08 101611 C:\WINNT\GWMDMMSG.exe] "CapFax"="C:\Program Files\PhoneTools\CapFax.EXE" [2001-11-07 13:25 20480] "nwiz"="nwiz.exe" [2002-05-03 09:06 364544 C:\WINNT\system32\nwiz.exe] "NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [2005-04-01 15:16 86016] "Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 13:50 66048 C:\WINNT\system32\SK9910DM.EXE] "Synchronization Manager"="C:\WINNT\system32\mobsync.exe" [2004-08-03 23:56 143360] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 15:44 66680] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 14:18 124128] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 10:38 892928] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 03:50 19968 C:\WINNT\LOGI_MWX.EXE] "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-01 09:01 53248] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-01 09:01 114688] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344] "P17Helper"="P17.dll" [2005-05-03 05:38 64512 C:\WINNT\system32\P17.dll] "UpdReg"="C:\WINNT\UpdReg.EXE" [2000-05-11 01:00 90112] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 08:59 224248] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-10-25 14:24:27 169472] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-11-15 04:31:34 806912] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\system32\\winav.exe"= R3 LCcfltr;Logitech USB Filter Driver;C:\WINNT\system32\Drivers\LCcFltr.Sys [2003-11-07 03:50] R3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\system32\DRIVERS\usbprint.sys [2004-08-03 22:01] S2 diperto3b97-6fe8;diperto3b97-6fe8;C:\WINNT\system32\diperto3b97-6fe8.sys [] S2 NMSSvc;Intel(R) NMS;C:\WINNT\System32\NMSSvc.exe [2002-05-03 11:36] S3 EPUSBSTOR;EPSON USB Storage Driver;C:\WINNT\system32\DRIVERS\epusbsto.sys [2001-09-09 18:00] S3 PCDRDRV;Pcdr Helper Driver;C:\Atf\Qctest\PCDoc\PCDRDRV.sys [] S3 scsiscan;SCSI Scanner Driver;C:\WINNT\system32\DRIVERS\scsiscan.sys [] . Contents of the 'Scheduled Tasks' folder "2008-03-25 14:42:21 C:\WINNT\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-25 08:42:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\system32\CTsvcCDA.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINNT\system32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINNT\system32\wdfmgr.exe C:\WINNT\system32\Rundll32.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe . ************************************************************************** . Completion time: 2008-03-25 8:44:29 - machine was rebooted [administrator] ComboFix-quarantined-files.txt 2008-03-25 14:44:26