ComboFix 07-09-21.2 - “Karin” 2007-09-24 15:59:49.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.143 [GMT 2:00]
.
((((((((((((((((((((((((( Files Created from 2007-08-24 to 2007-09-24 )))))))))))))))))))))))))))))))
.
2007-09-22 21:39 <DIR> d————C:\Rustbfix
2007-09-21 10:09 <DIR> d—h——- C:\WINDOWS\PIF
2007-09-18 11:32 <DIR> d——c—- C:\WINDOWS\system32\DRVSTORE
2007-09-14 09:34 <DIR> d————C:\WINDOWS\ERUNT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-24 14:06————- d————C:\Programmer\SpywareBlaster
2007-09-24 14:00————- d————C:\Programmer\SpywareGuard
2007-09-21 11:15————- d————C:\Programmer\SUPERAntiSpyware
2007-09-21 09:00 63—a———C:\Programmer\counter
2007-09-21 09:00 496—a———C:\Programmer\errdbg.cf
2007-09-21 09:00 4557014—a———C:\Programmer\raw_system.cf
2007-09-21 09:00 28625—a———C:\Programmer\raw_enum.cf
2007-09-21 09:00 2098—a———C:\Programmer\ComboFix.txt
2007-09-21 09:00 18377—a———C:\Programmer\enum.cf
2007-09-21 09:00 104—a———C:\Programmer\rawreg.cf
2007-09-21 08:59 1081—a———C:\Programmer\active_setup.cf
2007-09-21 08:57 0—a———C:\Programmer\whitedone.cf
2007-09-21 08:57 0—a———C:\Programmer\ExecB.cf
2007-09-14 09:31 823—a———C:\WINDOWS\system32\drivers\fwdrv.err
2007-08-23 12:14————- d————C:\DOCUME~1\Karin\APPLIC~1\OpenOffice.org1.9.82
2007-08-14 18:04 90768—a———C:\WINDOWS\xobglu32.dll
2007-08-14 18:04 63488—a———C:\WINDOWS\xobglu16.dll
2007-08-09 16:13————- d————C:\Programmer\EsetOnlineScanner
2007-08-09 15:06————- d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-08 16:30 19456—a———C:\WINDOWS\system32\OnlineScannerLang.dll
2007-08-02 18:11 253952—a———C:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-08-02 18:11 241664—a———C:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-07-30 19:19 92504—a———C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720—a———C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080—a———C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352—a———C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976—a———C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096—a———C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984—a———C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624—a———C:\WINDOWS\system32\wups.dll
2007-07-27 15:49 225355—a———C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 15:49 196683—a———C:\WINDOWS\system32\lnod32apiA.dll
2007-07-25 17:55————- d————C:\Programmer\Magnus & Myggen - Quizkampen
2007-06-26 08:10 1104896—a———C:\WINDOWS\system32\msxml3.dll
————- C:\Programmer\LEGO Øen
————- C:\Programmer\Fælles filer
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Run StartupMonitor”=“StartupMonitor.exe” [2000-05-20 17:23 C:\WINDOWS\StartupMonitor.exe]
“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2007-09-14 09:06]
“OpwareSE2”=“C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe” [2003-05-08 12:00]
“OPSE reminder”=“C:\Programmer\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe” [2003-07-07 10:29]
“DataLayer”=“C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe” []
“WheelMouse”=“C:\PROGRA~1\OPTICA~1\4DMAIN.EXE” [2000-05-08 09:54]
“!AVG Anti-Spyware”=“C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-18 22:32]
“SunJavaUpdateSched”=“C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-27 02:53]
“SUPERAntiSpyware”=“C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-06-28 11:38]
“ccleaner”=“C:\Programmer\CCleaner\ccleaner.exe” [2007-07-13 11:10]
C:\DOCUME~1\Karin\MENUEN~1\PROGRA~1\Start\
SpywareGuard.lnk - C:\Programmer\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL 2007-04-27 13:48 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS
R2 AttackShield;Attack Shield WS;C:\Programmer\Sana Security\Attack Shield\AttackShieldAgent.exe
R2 SPF4;Sunbelt Personal Firewall 4;“C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe”
R3 AttackShieldDriver;AttackShieldDriver;\??\C:\Programmer\Sana Security\Attack Shield\AttackShieldDriver.Sys
R3 AttackShieldShim;AttackShieldShim;\??\C:\Programmer\Sana Security\Attack Shield\AttackShieldShim.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\_Autorun\DefaultIcon]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\_Autorun\DefaultIcon- D:\fscommand/fk_icon.ico]
*Newly Created Service* - GMER
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-24 16:06:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
“ImagePath”=“System32\DRIVERS\viaagp.sys”
.
Completion time: 2007-09-24 16:10:16
C:\ComboFix-quarantined-files.txt ... 2007-09-21 21:44
C:\ComboFix2.txt ... 2007-09-21 21:44
C:\ComboFix3.txt ... 2007-09-21 08:57
.
—- E O F—-
