ComboFix 07-12-15.1 - Jerry 2007-12-16 11:26:05.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.203 [GMT -8:00]
Running from: C:\Documents and Settings\Jerry\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jerry\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-11-16 to 2007-12-16 )))))))))))))))))))))))))))))))
.
2007-12-12 15:17 . 2007-12-12 15:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-12 15:17 . 2007-12-12 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-10 10:43 . 2007-12-10 10:43 16,384 --a------ C:\WINDOWS\ddexxz.exe
2007-12-09 16:16 . 2007-12-09 16:16 159,408 --a------ C:\WINDOWS\bagvdg.exe
2007-12-09 16:09 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-09 16:09 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-09 16:09 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-09 16:09 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-09 16:09 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-09 15:53 . 2007-12-09 15:53 <DIR> d-------- C:\Documents and Settings\Jerry\Application Data\Grisoft
2007-12-09 15:52 . 2007-12-09 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-09 15:52 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-09 11:25 . 2007-12-10 08:44 2,530 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-09 11:07 . 2007-12-09 11:07 59,392 --a------ C:\WINDOWS\derc32xz.exe
2007-12-07 16:19 . 2007-12-07 16:19 159,408 --a------ C:\WINDOWS\bagzdg.exe
2007-12-07 14:05 . 2007-12-07 14:05 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-12-07 12:27 . 2007-12-07 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-07 12:14 . 2007-12-07 12:14 <DIR> d-------- C:\Documents and Settings\Jerry\Application Data\TrojanHunter
2007-12-07 11:41 . 2007-12-07 11:42 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-12-07 11:11 . 2007-12-07 11:11 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-06 12:49 . 2007-12-06 12:49 198,279 --a------ C:\WINDOWS\ddubbv.exe
2007-12-06 10:19 . 2007-12-16 11:28 1,828,896 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-06 10:19 . 2007-12-16 11:18 22,316 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-06 10:17 . 2007-12-06 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-06 09:02 . 2007-12-06 09:02 291,328 --a------ C:\WINDOWS\system32\libcurl.dll
2007-12-06 09:02 . 2007-12-06 09:02 138,240 --a------ C:\WINDOWS\xnnnav.exe
2007-12-04 09:52 . 2007-12-06 09:00 18,432 --a------ C:\Documents and Settings\Jerry\nax.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-15 17:06 11,058,205 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-06 19:23 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-06-08 13:36 5,592,532 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_06_08_06_35_41_full.dmp.zip
.
((((((((((((((((((((((((((((( snapshot@2007-12-13_ 9.04.53.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-23 02:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-14 05:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-16 19:18:51 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_578.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 10:37]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 14:29]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-07-12 11:17 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 16:14]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 08:50]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 15:17]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00]
"Motive SmartBridge"="C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [2006-11-17 06:52]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:56]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
IEEE 802.11g USB Wireless LAN Utility.lnk - C:\Program Files\Wireless LAN\WlanUtil.exe [2005-10-30 12:56:16]
TELUS eCare.lnk - C:\Program Files\TELUS eCare\bin\matcli.exe [2006-10-09 17:50:02]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS
R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 11:28:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-16 11:29:23
C:\ComboFix2.txt ... 2007-12-15 09:21
C:\ComboFix3.txt ... 2007-12-15 09:13