ComboFix 08-08-18.05 - cen 2008-08-20 1:13:08.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.55 [GMT 8:00]
Running from: C:\Documents and Settings\cen\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\UserData
C:\Documents and Settings\Administrator\UserData\BAANT5JC\YL[1].xml
C:\Documents and Settings\Administrator\UserData\BAANT5JC\YL[2].xml
C:\Documents and Settings\Administrator\UserData\BAANT5JC\YL[3].xml
C:\Documents and Settings\Administrator\UserData\index.dat
C:\Documents and Settings\Administrator\UserData\VP3JZ9Y8\undefined[1].xml
C:\Documents and Settings\cen\UserData
C:\Documents and Settings\cen\UserData\index.dat
C:\Documents and Settings\cen\UserData\WD6Z4H2B\YL[1].xml
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2008-07-19 to 2008-08-19 )))))))))))))))))))))))))))))))
.
2008-08-19 07:50 . 2008-08-19 07:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-19 07:44 . 2008-08-19 07:44 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-08-19 07:44 . 2008-08-19 07:44 <DIR> d-------- C:\Program Files\AVS4YOU
2008-08-19 07:44 . 2003-05-22 00:50 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-08-19 00:53 . 2008-08-19 00:53 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-19 00:53 . 2008-08-19 00:53 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-19 00:53 . 2008-08-19 00:53 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\Program Files\AVG
2008-08-19 00:29 . 1997-05-13 18:26 3,206,344 --a------ C:\Documents and Settings\cen\HOSPPAT.EXE
2008-08-19 00:29 . 1994-05-31 22:00 265,396 --a------ C:\Documents and Settings\cen\DOS4GW.EXE
2008-08-18 06:19 . 2005-01-22 19:30 163,840 -ra------ C:\WINDOWS\system32\igfxres.dll
2008-08-18 06:10 . 2004-08-03 22:32 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-08-18 06:09 . 2001-08-23 20:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-08-18 06:08 . 2001-08-23 20:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-18 06:07 . 2001-08-23 20:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-08-18 06:06 . 2004-08-04 00:56 369,664 --a------ C:\WINDOWS\system32\dllcache\asp51.dll
2008-08-18 06:05 . 2004-05-13 00:39 876,653 --a------ C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-08-18 06:03 . 2008-08-18 06:03 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-08-18 06:03 . 2008-08-18 06:03 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-18 06:03 . 2008-08-18 06:03 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-18 06:03 . 2008-08-18 06:03 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-08-18 06:03 . 2008-08-18 06:03 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-18 06:03 . 2008-08-18 06:03 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-18 05:57 . 2001-08-23 20:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-08-18 05:57 . 2001-08-23 20:00 24,661 --a------ C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-08-18 05:57 . 2001-08-23 20:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-08-18 05:57 . 2001-08-23 20:00 13,312 --a------ C:\WINDOWS\system32\dllcache\irclass.dll
2008-08-18 05:21 . 2008-08-18 05:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-15 18:07 . 2008-08-15 18:07 <DIR> d-------- C:\Documents and Settings\cen\Saved Games
2008-08-15 14:50 . 2008-08-15 14:50 <DIR> d-------- C:\Program Files\Dream Day Wedding 2
2008-08-13 09:47 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-08-13 08:15 . 2008-08-13 08:15 <DIR> d--hs---- C:\FOUND.080
2008-08-13 07:56 . 2008-08-13 07:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-13 07:55 . 2008-08-13 07:55 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-03 17:45 . 2008-08-03 17:45 <DIR> d--hs---- C:\FOUND.079
2008-07-31 09:42 . 2008-07-31 09:42 <DIR> d-------- C:\Program Files\MSECache
2008-07-31 09:12 . 2008-07-31 09:12 <DIR> d-------- C:\Documents and Settings\cen\Application Data\GeoVid
2008-07-31 08:54 . 2003-03-19 08:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-07-31 08:54 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-07-31 08:53 . 2008-07-31 08:53 <DIR> d-------- C:\Program Files\GeoVid
2008-07-31 08:53 . 2008-07-31 08:53 <DIR> d-------- C:\Program Files\Common Files\GeoVid
2008-07-31 08:53 . 2004-09-06 17:06 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2008-07-30 11:01 . 2008-07-30 11:01 <DIR> d--hs---- C:\FOUND.078
2008-07-28 02:03 . 2008-07-28 02:03 <DIR> d-------- C:\Program Files\CubedLabs YouTube Download Convert
2008-07-27 08:18 . 2008-07-27 08:18 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-27 08:10 . 2008-07-27 07:56 1,232,152 --a------ C:\avgtray.exe
2008-07-27 07:56 . 2008-07-27 07:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 14:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 14:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 14:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-12 02:51 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-03 22:16 0 ----a-w C:\Program Files\temp01
2006-12-08 13:03 2,240,512 ----a-w C:\Documents and Settings\cen\Setup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0514B1E-FEED-40BA-BC1A-477ECCF8141E}]
2008-03-05 02:58 94208 --a------ C:\WINDOWS\system32\inetcpl.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2005-08-24 15:11 61952]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-08-23 15:17 2068527]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 18:11 4670968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-22 19:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-22 19:31 126976]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-07-25 23:19 540672]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-19 00:53 1232152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2005-08-24 15:11 61952]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-08-23 15:17 2068527]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"DisableCAD"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R0 hihckits;hihckits;C:\WINDOWS\system32\drivers\mfrfjnle.dat []
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-19 00:53]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-19 00:53]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-19 00:53]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-19 00:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2008-08-17 C:\WINDOWS\Tasks\AVG Anti-Spyware.job
- C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
Notify-dimsntfy - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\cen\Application Data\Mozilla\Firefox\Profiles\ar1cqj38.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
.
.
------- File Associations (Beta) -------
.
inffile=C:\WINDOWS\system32\NOTEPAD2.EXE %1
inifile=C:\WINDOWS\system32\NOTEPAD2.EXE %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 01:18:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hihckits]
"ImagePath"="system32\drivers\mfrfjnle.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-08-20 1:22:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-19 17:22:34
Pre-Run: 25,788,776,448 bytes free
Post-Run: 26,876,739,584 bytes free
189 --- E O F --- 2008-02-21 19:02:13