ComboFix 08-04-09.1 - Britt 2008-04-10 3:09:41.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.260 [GMT -7:00]
Running from: C:\Documents and Settings\Britt\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Britt\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.
2008-04-09 20:43 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-07 23:40 . 2008-04-07 23:40
d-------- C:\Deckard
2008-04-05 04:48 . 2008-04-05 04:49 d-------- C:\Documents and Settings\Britt\Contacts
2008-04-05 04:25 . 2008-04-05 04:25 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-05 04:24 . 2008-04-05 04:36 d-------- C:\Program Files\Windows Live
2008-04-05 04:24 . 2008-04-05 04:24 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-05 04:22 . 2008-04-05 04:22 d-------- C:\Program Files\MSN Toolbar
2008-04-04 23:59 . 2008-04-05 00:43 d-------- C:\Program Files\Spyware Doctor
2008-04-04 23:59 . 2008-04-04 23:59 d-------- C:\Documents and Settings\Britt\Application Data\PC Tools
2008-04-04 23:59 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-04 23:59 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-04 23:59 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-04 23:59 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-02 06:10 . 2008-04-02 06:10 d-------- C:\Program Files\Trend Micro
2008-04-02 03:58 . 2008-04-02 03:58 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-01 21:03 . 2008-04-01 21:06 d-------- C:\Program Files\Panda Security
2008-04-01 16:08 . 2008-04-01 16:08 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-04-01 14:46 . 2008-04-01 14:46 d-------- C:\Documents and Settings\Britt\Application Data\Grisoft
2008-04-01 14:46 . 2008-04-01 14:46 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 11:03 . 2008-04-01 11:23 d-------- C:\VundoFix Backups
2008-04-01 10:49 . 2008-04-07 23:51 d-------- C:\hijackthis
2008-03-31 13:44 . 2008-03-31 13:44 d-------- C:\Program Files\Red Kawa
2008-03-31 13:44 . 2008-03-31 13:44 d-------- C:\Program Files\AviSynth 2.5
2008-03-28 12:12 . 2008-03-28 12:15 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-03-28 12:12 . 2008-03-28 12:15 32,374 --a------ C:\WINDOWS\scunin.dat
2008-03-28 12:12 . 2008-03-28 12:15 967 --a------ C:\WINDOWS\ScUnin.pif
2008-03-28 12:11 . 2008-03-31 18:01 d-------- C:\Program Files\Starcraft
2008-03-25 18:05 . 2008-03-25 18:37 d-------- C:\Program Files\Kuma Games
2008-03-16 05:49 . 2008-03-16 06:55 d-------- C:\Documents and Settings\Britt\Application Data\Move Networks
2008-03-11 03:11 . 2008-03-11 03:11 d-------- C:\spoolerlogs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 10:09 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-04-10 10:09 --------- d-----w C:\Program Files\Lexmark 2400 Series
2008-04-10 06:13 --------- d-----w C:\Program Files\lx_cats
2008-04-09 05:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-05 08:33 --------- d-----w C:\Program Files\DivX
2008-04-02 12:03 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-11 10:15 --------- d-----w C:\Documents and Settings\Britt\Application Data\AdobeUM
2008-02-24 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-24 16:29 --------- d-----w C:\Documents and Settings\Britt\Application Data\Uniblue
2008-02-22 16:50 --------- d-----w C:\Documents and Settings\Britt\Application Data\MSN6
2008-02-21 05:44 --------- d-----w C:\Documents and Settings\Shadows\Application Data\MySpace
2008-02-19 22:12 --------- d-----w C:\Program Files\MySpace
2008-02-19 16:49 --------- d-----w C:\Program Files\AltoMP3 Gold
2008-02-17 19:47 --------- d-----w C:\Documents and Settings\Shadows\Application Data\AdobeUM
2008-02-17 16:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\FaxCtr
2008-02-16 23:40 --------- d-----w C:\Documents and Settings\Britt\Application Data\FaxCtr
2008-02-14 21:19 --------- d-----w C:\Documents and Settings\Britt\Application Data\MySpace
2008-02-14 02:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-02-12 16:51 --------- d-----w C:\Documents and Settings\Shadows\Application Data\MSN6
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-02 05:03 1481968]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 04:54 65536]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-06-21 17:48 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-06-21 17:44 126976]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 23:25 177416]
"MSDisp32"="C:\WINDOWS\System32\drvrup.dll" [ ]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2008-01-06 05:45 2577632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 13:32 8699904]
C:\Documents and Settings\Shadows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-01-13 18:15:51 557568]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2008-01-04 00:27:54 303104]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-02 05:03 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^Britt^Start Menu^Programs^Startup^hc_tray.lnk]
path=C:\Documents and Settings\Britt\Start Menu\Programs\Startup\hc_tray.lnk
backup=C:\WINDOWS\pss\hc_tray.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-01-06 05:39 1077277 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 14:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\BROOD\\StarCraft.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20967:TCP"= 20967:TCP:BitComet 20967 TCP
"20967:UDP"= 20967:UDP:BitComet 20967 UDP
R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 13:52]
S3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-08-16 22:10]
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
C:\Documents and Settings\Shadows\Application Data\Microsoft\cfgmgr.vbs
.
Contents of the 'Scheduled Tasks' folder
"2008-04-10 05:01:00 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Shadows at 22 01.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 03:13:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-04-10 3:15:29
ComboFix-quarantined-files.txt 2008-04-10 10:14:28
ComboFix2.txt 2008-04-10 10:04:38
ComboFix3.txt 2008-04-09 05:31:37
ComboFix4.txt 2008-01-07 08:32:24
Pre-Run: 39,069,700,096 bytes free
Post-Run: 39,052,349,440 bytes free
.
2008-03-17 10:20:58 --- E O F ---