ComboFix 08-02-11.2 - Caffetin 2008-02-11 16:18:19.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.574 [GMT 1:00] Running from: D:\Programs\antivirus\ComboFix.exe Command switches used :: C:\Documents and Settings\Caffetin\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))) . 2008-02-11 16:02 . 2008-02-11 16:02 121 --a------ C:\WINDOWS\bdagent.INI 2008-02-11 16:00 . 2008-02-11 16:00 d-------- C:\Documents and Settings\Caffetin\Application Data\BitDefender 2008-02-11 15:59 . 2008-02-11 15:59 d-------- C:\Program Files\BitDefender 2008-02-11 15:59 . 2008-02-11 16:08 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-02-11 15:39 . 2008-02-11 15:39 d-------- C:\VundoFix Backups 2008-02-11 15:37 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-02-11 15:19 . 2008-02-11 15:19 d-------- C:\Program Files\InterMute 2008-02-11 15:01 . 2008-02-11 15:01 d-------- C:\Documents and Settings\Caffetin\Application Data\Grisoft 2008-02-11 14:02 . 2004-08-04 13:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls 2008-02-11 14:00 . 2004-08-04 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-02-11 13:59 . 2004-08-04 13:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-02-11 13:58 . 2004-08-04 13:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe 2008-02-11 13:58 . 2008-02-11 13:58 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-02-11 13:58 . 2008-02-11 13:58 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-02-11 13:58 . 2008-02-11 13:58 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-02-11 13:58 . 2008-02-11 13:58 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-02-11 13:58 . 2008-02-11 13:58 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-02-11 13:58 . 2008-02-11 13:58 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-02-11 13:57 . 2004-08-04 13:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll 2008-02-11 13:57 . 2004-08-04 13:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe 2008-02-11 13:55 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe 2008-02-11 13:55 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2008-02-11 13:55 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll 2008-02-11 13:55 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2008-02-11 13:48 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2008-02-11 12:56 . 2008-02-11 12:56 d-------- C:\Documents and Settings\Administrator\DoctorWeb 2008-02-11 12:55 . 2008-02-11 12:55 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-11 12:55 . 2008-02-11 12:55 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft 2008-02-11 12:55 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-11 12:45 . 2008-02-11 12:45 d-------- C:\Documents and Settings\Caffetin\DoctorWeb 2008-02-11 12:32 . 2008-02-11 12:32 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson 2008-02-11 12:32 . 2008-02-11 12:32 d-------- C:\_backupD 2008-02-11 12:17 . 2004-08-04 13:00 214,528 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe 2008-02-11 12:17 . 2004-08-04 13:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe 2008-02-11 11:57 . 2004-08-04 13:00 1,086,058 -ra------ C:\WINDOWS\SETEE.tmp 2008-02-11 11:57 . 2004-08-04 13:00 1,042,903 -ra------ C:\WINDOWS\SETEB.tmp 2008-02-11 11:57 . 2004-08-04 13:00 13,753 -ra------ C:\WINDOWS\SETFA.tmp 2008-02-11 11:42 . 2008-02-11 16:19 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-02-09 12:43 . 2008-02-09 12:43 d-------- C:\WINDOWS\system32\regdacl 2008-02-09 12:43 . 2008-02-09 12:40 280,286 --a------ C:\win32delfkil.exe 2008-02-09 12:43 . 2008-02-11 12:32 90,112 --a------ C:\WINDOWS\system32\regdacl.exe 2008-02-09 12:43 . 2008-02-11 12:32 53,248 --a------ C:\WINDOWS\system32\process.exe 2008-02-09 12:43 . 2008-02-11 12:32 16,384 --a------ C:\WINDOWS\system32\restart.exe 2008-02-09 12:43 . 2008-02-11 12:32 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2008-02-09 12:10 . 2008-02-09 12:14 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-02-09 12:06 . 2008-02-09 12:14 d-------- C:\Documents and Settings\Caffetin\.housecall6.6 2008-02-08 11:44 . 2008-02-08 11:44 54,764 --a------ C:\WINDOWS\system32\4fdw.dll 2008-02-08 10:46 . 2007-02-08 12:31 d-------- C:\Program Files\dnetc 2008-02-08 09:52 . 2008-02-08 10:07 d-------- C:\Program Files\Magic AAC to MP3 Converter 2008-02-08 09:41 . 2008-02-08 09:41 d-------- C:\Documents and Settings\Caffetin\Application Data\Search Settings 2008-02-08 09:31 . 2008-02-08 09:31 d-------- C:\Program Files\Search Settings 2008-02-08 09:31 . 2008-02-08 09:31 d-------- C:\Program Files\Common Files\SWF Studio 2008-02-08 09:30 . 2008-02-08 09:41 d-------- C:\Program Files\Dealio 2008-02-08 09:29 . 2008-02-08 09:41 d-------- C:\Program Files\Free Audio Pack 2008-02-08 09:29 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX 2008-02-08 09:29 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX 2008-02-08 09:29 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL 2008-02-08 09:29 . 2000-10-01 19:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL 2008-02-08 09:29 . 2000-05-22 15:58 115,920 --a------ C:\WINDOWS\system32\msinet.OCX 2008-02-08 09:29 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll 2008-02-08 09:29 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL 2008-02-08 09:29 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL 2008-02-08 09:29 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL 2008-02-08 09:22 . 2007-02-09 10:34 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-08 09:18 . 2008-02-08 09:21 d-------- C:\Program Files\audiograbber 2008-02-06 15:38 . 2008-02-06 15:40 d-------- C:\rnids 2008-02-06 09:11 . 2008-01-14 11:00 1,394,954 --a------ C:\temp\MP3REC20.exe 2008-02-06 09:11 . 2008-02-06 09:10 1,371,777 --a------ C:\temp\mp3rec20.zip 2008-02-06 09:11 . 2008-02-06 09:11 0 --a------ C:\WINDOWS\system32\MP3Recorder.key 2008-02-06 09:09 . 2007-01-24 00:05 921,349 --a------ C:\temp\MP3REC10.exe 2008-02-06 09:09 . 2008-02-06 09:09 898,103 --a------ C:\temp\mp3rec10.zip 2008-01-28 11:49 . 2008-02-06 09:24 d-------- C:\Program Files\Winamp 2008-01-28 11:49 . 2008-01-28 12:09 d-------- C:\Documents and Settings\Caffetin\Application Data\Winamp 2008-01-23 11:12 . 2008-01-22 23:29 25,452,544 --a------ C:\temp\AKORD_2007-24012008.exe 2008-01-23 11:12 . 2008-01-22 22:54 24,649,728 --a------ C:\temp\PREHRANA-24012008.exe 2008-01-16 12:58 . 2008-01-16 12:46 11,501 --a------ C:\temp\NordNetCert.zip . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-11 15:02 --------- d-----w C:\Documents and Settings\Caffetin\Application Data\Desktop Sidebar 2008-02-11 14:59 --------- d-----w C:\Program Files\Common Files\BitDefender 2008-02-11 14:49 --------- d-----w C:\Program Files\FlashGet 2008-02-11 12:03 --------- d-----w C:\Program Files\Desktop Sidebar 2008-02-11 11:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-02-11 07:46 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-02-08 21:18 --------- d-----w C:\Program Files\Mail Bomber 2008-02-08 21:15 --------- d-----w C:\Program Files\HotKey 2008-02-08 09:24 --------- d-----w C:\Program Files\Trillian 2008-01-19 09:12 --------- d-----w C:\Program Files\PartyGaming 2007-12-27 09:47 --------- d-----w C:\Program Files\taskix 2007-12-21 15:22 --------- d-----w C:\Program Files\uTorrent 2007-12-20 15:40 --------- d-----w C:\Documents and Settings\Caffetin\Application Data\Nokia Multimedia Player 2007-12-13 08:00 --------- d-----w C:\Program Files\RsReg Manager Client 2007-11-03 10:36 5,628 ----a-w C:\Program Files\install.log 2007-02-26 09:30 35,328 ----a-w C:\Program Files\winbox.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] 2007-12-06 11:58 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} {2318C2B1-4965-11D4-9B18-009027A5CD4F} {381FFDE8-2394-4F90-B10D-FC6124A40F8C} [HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}] [HKEY_CLASSES_ROOT\BitDefender Toolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "SIDEBAR"="C:\Program Files\Desktop Sidebar\dsidebar.exe" [2006-07-09 21:58 1777664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "CAPON"="C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2001-02-05 16:00 22528] "HotKey"="C:\Program Files\HotKey\hotkey.exe" [2006-03-07 02:32 81920] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "SoundMan"="SOUNDMAN.EXE" [2005-12-14 18:06 577536 C:\WINDOWS\soundman.exe] "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-07-17 19:26 249856] C:\Documents and Settings\Caffetin\Start Menu\Programs\Startup\ Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2007-12-11 1873280] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "NTSpool"= NTSpool.exe [HKLM\~\startupfolder\C:^Documents and Settings^Caffetin^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Caffetin^Start Menu^Programs^Startup^Microsoft Update Protection.lnk] backup=C:\WINDOWS\pss\Microsoft Update Protection.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent] --a------ 2007-07-17 19:26 249856 C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-04-21 17:03 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-08-22 16:05 81920 C:\Program Files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro] --a------ 2004-12-17 00:38 290816 C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKey] --a------ 2006-03-07 02:32 81920 C:\Program Files\HotKey\hotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2004-07-01 10:58 118784 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2004-07-01 11:02 155648 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-02-10 11:04 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2006-12-06 18:37 69216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings] --a------ 2007-12-06 11:58 1069920 C:\Program Files\Search Settings\SearchSettings.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSync - ScheduleSync] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2007-06-13 07:16 528384 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2005-12-14 18:06 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-21 09:43 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskix] --a------ 2007-11-22 21:27 64000 c:\Program Files\taskix\Taskix32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2007-07-10 14:47] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 16:51] R2 RapidPort;RapidPort;C:\WINDOWS\system32\Drivers\CAPLPTN.SYS [2001-02-05 16:00] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-07-10 14:47] R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-07-12 16:28] R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-07-02 16:29] R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-20 14:50] S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 10:33] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 10:33] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 10:33] S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 10:33] S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 10:33] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan *Newly Created Service* - 7051BE2F *Newly Created Service* - BDFSFLTR *Newly Created Service* - PROFOS *Newly Created Service* - TRUFOS [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}] C:\Documents and Settings\Caffetin\Application Data\Microsoft\cfgmgr.vbs . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-11 16:20:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ . Completion time: 2008-02-11 16:21:13 ComboFix-quarantined-files.txt 2008-02-11 15:21:09 ComboFix2.txt 2008-02-11 14:56:16 ComboFix3.txt 2008-02-11 14:15:36 ComboFix4.txt 2008-02-11 13:33:04 . 2008-01-09 02:01:53 --- E O F ---