ComboFix 08-01-23.1C - Nitin 2008-01-26 15:16:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.230 [GMT -6:00]
Running from: C:\Documents and Settings\Nitin\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.
2008-01-26 15:04 . 2008-01-26 15:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-20 23:21 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-20 20:28 . 2008-01-20 20:28 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-20 20:28 . 2008-01-20 20:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-20 13:53 . 2008-01-21 16:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-20 13:53 . 2008-01-20 13:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-20 13:52 . 2008-01-20 13:52 <DIR> d-------- C:\Program Files\iTunes
2008-01-20 13:52 . 2008-01-20 13:52 <DIR> d-------- C:\Program Files\iPod
2008-01-20 13:51 . 2008-01-20 13:52 <DIR> d-------- C:\Program Files\QuickTime
2008-01-20 13:51 . 2008-01-20 13:51 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-20 13:51 . 2008-01-20 13:51 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-20 11:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-10 00:10 . 2008-01-20 23:28 <DIR> d-------- C:\Program Files\Proxy Switcher Standard
2008-01-07 23:39 . 2008-01-07 23:39 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-01-07 23:15 . 2008-01-07 23:15 <DIR> d-------- C:\Program Files\uTorrent
2008-01-06 11:28 . 2008-01-06 11:29 70,656 --a------ C:\WINDOWS\ScUnin.exe
2008-01-06 11:28 . 2008-01-06 11:29 32,845 --a------ C:\WINDOWS\scunin.dat
2008-01-06 11:28 . 2008-01-06 11:29 967 --a------ C:\WINDOWS\ScUnin.pif
2008-01-06 11:27 . 2008-01-06 11:29 <DIR> d-------- C:\Program Files\Starcraft
2008-01-05 10:39 . 2008-01-05 10:39 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-30 15:28 . 2007-12-31 03:05 <DIR> d-------- C:\Program Files\Journal Macro
2007-12-28 16:39 . 2007-12-28 16:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 04:13 --------- d-----w C:\Program Files\EA SPORTS
2007-12-23 04:12 --------- d-----w C:\Program Files\DAEMON Tools Lite
2007-12-23 04:09 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-23 03:31 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-23 03:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 03:31 --------- d-----w C:\Program Files\Realtek
2007-12-23 03:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-23 03:29 --------- d-----w C:\Program Files\HP
2007-12-22 14:45 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-22 14:31 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-20_11.30.42.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-20 17:27:17 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000001\NTUSER.DAT
+ 2008-01-26 21:15:40 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000001\NTUSER.DAT
- 2008-01-20 17:27:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000002\UsrClass.dat
+ 2008-01-26 21:15:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000002\UsrClass.dat
- 2008-01-20 17:27:17 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000003\NTUSER.DAT
+ 2008-01-26 21:15:40 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000003\NTUSER.DAT
- 2008-01-20 17:27:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000004\UsrClass.dat
+ 2008-01-26 21:15:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000004\UsrClass.dat
- 2008-01-20 17:27:18 1,392,640 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000005\NTUSER.DAT
+ 2008-01-26 21:15:40 1,499,136 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000005\NTUSER.DAT
- 2008-01-20 17:27:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000006\UsrClass.dat
+ 2008-01-26 21:15:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000006\UsrClass.dat
+ 2008-01-20 19:51:41 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2008-01-20 19:53:09 102,400 ----a-r C:\WINDOWS\Installer\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}\iTunesIco.exe
+ 2008-01-21 02:28:41 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2008-01-21 02:28:45 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2008-01-21 02:28:45 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2008-01-21 14:10:49 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2008-01-21 14:10:43 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-01-21 02:28:51 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
+ 2006-09-19 20:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-01-15 08:39:58 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
+ 2006-10-04 01:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2006-12-02 04:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 04:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 04:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 14:13 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-08-24 11:01 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-08-24 11:01 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-08-24 11:00 131072]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 15:38 16384512 C:\WINDOWS\RTHDCPL.exe]
"MonAppli"="C:\Windows\system32\isys32.exe" [2007-06-01 16:16 151552]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-21 08:10 579072]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-20 20:28 219136]
R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-10-17 19:50]
*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2008-01-24 16:27:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-26 15:18:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-26 15:18:52
ComboFix-quarantined-files.txt 2008-01-26 21:18:42
ComboFix2.txt 2008-01-20 17:31:01
.
2008-01-10 09:00:37 --- E O F ---