ComboFix 08-02-11.2 - Caffetin 2008-02-11 15:52:17.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.470 [GMT 1:00]
Running from: D:\Programs\antivirus\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.
2008-02-11 15:39 . 2008-02-11 15:39
d-------- C:\VundoFix Backups
2008-02-11 15:37 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-02-11 15:19 . 2008-02-11 15:19 d-------- C:\Program Files\InterMute
2008-02-11 15:01 . 2008-02-11 15:01 d-------- C:\Documents and Settings\Caffetin\Application Data\Grisoft
2008-02-11 14:02 . 2004-08-04 13:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-02-11 14:00 . 2004-08-04 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-11 13:59 . 2004-08-04 13:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-11 13:58 . 2004-08-04 13:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-02-11 13:58 . 2008-02-11 13:58 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-11 13:58 . 2008-02-11 13:58 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-11 13:58 . 2008-02-11 13:58 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-11 13:58 . 2008-02-11 13:58 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-11 13:58 . 2008-02-11 13:58 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-11 13:58 . 2008-02-11 13:58 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-11 13:57 . 2004-08-04 13:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll
2008-02-11 13:57 . 2004-08-04 13:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe
2008-02-11 13:55 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-02-11 13:55 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-02-11 13:55 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-02-11 13:55 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-02-11 13:48 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-02-11 12:56 . 2008-02-11 12:56 d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-02-11 12:55 . 2008-02-11 12:55 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-11 12:55 . 2008-02-11 12:55 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-11 12:55 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-11 12:45 . 2008-02-11 12:45 d-------- C:\Documents and Settings\Caffetin\DoctorWeb
2008-02-11 12:32 . 2008-02-11 12:32 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2008-02-11 12:32 . 2008-02-11 12:32 d-------- C:\_backupD
2008-02-11 12:17 . 2004-08-04 13:00 214,528 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe
2008-02-11 12:17 . 2004-08-04 13:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe
2008-02-11 11:57 . 2004-08-04 13:00 1,086,058 -ra------ C:\WINDOWS\SETEE.tmp
2008-02-11 11:57 . 2004-08-04 13:00 1,042,903 -ra------ C:\WINDOWS\SETEB.tmp
2008-02-11 11:57 . 2004-08-04 13:00 13,753 -ra------ C:\WINDOWS\SETFA.tmp
2008-02-11 11:42 . 2008-02-11 11:42 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-09 12:43 . 2008-02-09 12:43 d-------- C:\WINDOWS\system32\regdacl
2008-02-09 12:43 . 2008-02-09 12:40 280,286 --a------ C:\win32delfkil.exe
2008-02-09 12:43 . 2008-02-11 12:32 90,112 --a------ C:\WINDOWS\system32\regdacl.exe
2008-02-09 12:43 . 2008-02-11 12:32 53,248 --a------ C:\WINDOWS\system32\process.exe
2008-02-09 12:43 . 2008-02-11 12:32 16,384 --a------ C:\WINDOWS\system32\restart.exe
2008-02-09 12:43 . 2008-02-11 12:32 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2008-02-09 12:10 . 2008-02-09 12:14 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-09 12:06 . 2008-02-09 12:14 d-------- C:\Documents and Settings\Caffetin\.housecall6.6
2008-02-08 11:44 . 2008-02-08 11:44 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-08 10:46 . 2007-02-08 12:31 d-------- C:\Program Files\dnetc
2008-02-08 09:52 . 2008-02-08 10:07 d-------- C:\Program Files\Magic AAC to MP3 Converter
2008-02-08 09:41 . 2008-02-08 09:41 d-------- C:\Documents and Settings\Caffetin\Application Data\Search Settings
2008-02-08 09:31 . 2008-02-08 09:31 d-------- C:\Program Files\Search Settings
2008-02-08 09:31 . 2008-02-08 09:31 d-------- C:\Program Files\Common Files\SWF Studio
2008-02-08 09:30 . 2008-02-08 09:41 d-------- C:\Program Files\Dealio
2008-02-08 09:29 . 2008-02-08 09:41 d-------- C:\Program Files\Free Audio Pack
2008-02-08 09:29 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-02-08 09:29 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-02-08 09:29 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-02-08 09:29 . 2000-10-01 19:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-02-08 09:29 . 2000-05-22 15:58 115,920 --a------ C:\WINDOWS\system32\msinet.OCX
2008-02-08 09:29 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2008-02-08 09:29 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-02-08 09:29 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2008-02-08 09:29 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2008-02-08 09:22 . 2007-02-09 10:34 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-08 09:18 . 2008-02-08 09:21 d-------- C:\Program Files\audiograbber
2008-02-06 15:38 . 2008-02-06 15:40 d-------- C:\rnids
2008-02-06 09:11 . 2008-01-14 11:00 1,394,954 --a------ C:\temp\MP3REC20.exe
2008-02-06 09:11 . 2008-02-06 09:10 1,371,777 --a------ C:\temp\mp3rec20.zip
2008-02-06 09:11 . 2008-02-06 09:11 0 --a------ C:\WINDOWS\system32\MP3Recorder.key
2008-02-06 09:09 . 2007-01-24 00:05 921,349 --a------ C:\temp\MP3REC10.exe
2008-02-06 09:09 . 2008-02-06 09:09 898,103 --a------ C:\temp\mp3rec10.zip
2008-01-28 11:49 . 2008-02-06 09:24 d-------- C:\Program Files\Winamp
2008-01-28 11:49 . 2008-01-28 12:09 d-------- C:\Documents and Settings\Caffetin\Application Data\Winamp
2008-01-23 11:12 . 2008-01-22 23:29 25,452,544 --a------ C:\temp\AKORD_2007-24012008.exe
2008-01-23 11:12 . 2008-01-22 22:54 24,649,728 --a------ C:\temp\PREHRANA-24012008.exe
2008-01-16 12:58 . 2008-01-16 12:46 11,501 --a------ C:\temp\NordNetCert.zip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 14:49 --------- d-----w C:\Program Files\FlashGet
2008-02-11 14:37 --------- d-----w C:\Documents and Settings\Caffetin\Application Data\Desktop Sidebar
2008-02-11 12:03 --------- d-----w C:\Program Files\Desktop Sidebar
2008-02-11 11:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-02-11 07:46 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-08 21:18 --------- d-----w C:\Program Files\Mail Bomber
2008-02-08 21:15 --------- d-----w C:\Program Files\HotKey
2008-02-08 09:24 --------- d-----w C:\Program Files\Trillian
2008-01-19 09:12 --------- d-----w C:\Program Files\PartyGaming
2007-12-27 09:47 --------- d-----w C:\Program Files\taskix
2007-12-21 15:22 --------- d-----w C:\Program Files\uTorrent
2007-12-20 15:40 --------- d-----w C:\Documents and Settings\Caffetin\Application Data\Nokia Multimedia Player
2007-12-13 08:00 --------- d-----w C:\Program Files\RsReg Manager Client
2007-11-03 10:36 5,628 ----a-w C:\Program Files\install.log
2007-02-26 09:30 35,328 ----a-w C:\Program Files\winbox.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-12-06 11:58 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"SIDEBAR"="C:\Program Files\Desktop Sidebar\dsidebar.exe" [2006-07-09 21:58 1777664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"CAPON"="C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2001-02-05 16:00 22528]
"HotKey"="C:\Program Files\HotKey\hotkey.exe" [2006-03-07 02:32 81920]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 18:06 577536 C:\WINDOWS\soundman.exe]
C:\Documents and Settings\Caffetin\Start Menu\Programs\Startup\
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2007-12-11 1873280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"NTSpool"= NTSpool.exe
[HKLM\~\startupfolder\C:^Documents and Settings^Caffetin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Caffetin^Start Menu^Programs^Startup^Microsoft Update Protection.lnk]
backup=C:\WINDOWS\pss\Microsoft Update Protection.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-04-21 17:03 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
--a------ 2004-12-17 00:38 290816 C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKey]
--a------ 2006-03-07 02:32 81920 C:\Program Files\HotKey\hotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-07-01 10:58 118784 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-07-01 11:02 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-10 11:04 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-12-06 18:37 69216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
--a------ 2007-12-06 11:58 1069920 C:\Program Files\Search Settings\SearchSettings.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSync - ScheduleSync]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-06-13 07:16 528384 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-12-14 18:06 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-21 09:43 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskix]
--a------ 2007-11-22 21:27 64000 c:\Program Files\taskix\Taskix32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 16:51]
R2 RapidPort;RapidPort;C:\WINDOWS\system32\Drivers\CAPLPTN.SYS [2001-02-05 16:00]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-20 14:50]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 10:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 10:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 10:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 10:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 10:33]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Dragan#Adobe Photoshop CS2 (9.0)]
\Shell\AutoRun\command - Z:\Setup.exe -auto
*Newly Created Service* - AVGARCLN
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
C:\Documents and Settings\Caffetin\Application Data\Microsoft\cfgmgr.vbs
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 15:54:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-11 15:56:15
ComboFix-quarantined-files.txt 2008-02-11 14:56:13
ComboFix2.txt 2008-02-11 14:15:36
ComboFix3.txt 2008-02-11 13:33:04
.
2008-01-09 02:01:53 --- E O F ---