ComboFix 08-01-03.3 - Asha 2008-01-03 20:44:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.622 [GMT 0:00]
Running from: C:\Documents and Settings\Asha\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bcsprsrcc.dll
C:\WINDOWS\system32\dpnete.dll
C:\WINDOWS\system32\drivers\gykrvpys.dat
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\Tasks.\At1.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_EGTOVYXB
-------\LEGACY_KOUKVANW
-------\LEGACY_POOF
-------\egtovyxb
-------\koukvanw
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.
2008-01-03 20:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 02:37 . 2008-01-03 05:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-03 02:37 . 2008-01-03 02:37 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 02:19 . 2007-12-31 02:19 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-22 19:00 . 2007-12-22 19:00 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-22 19:00 . 2007-12-22 19:00 741,632 --a------ C:\WINDOWS\system32\ggempgum.dat
2007-12-22 19:00 . 2007-12-22 19:00 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-22 19:00 . 2007-12-25 19:23 120,576 --a------ C:\WINDOWS\system32\vastqgrq.dat
2007-12-22 19:00 . 2007-12-22 19:00 42,240 --a------ C:\WINDOWS\system32\kwlondop.dat
2007-12-22 19:00 . 2007-12-22 19:00 36,096 --a------ C:\WINDOWS\system32\ebegvisf.dat
2007-12-22 19:00 . 2007-12-22 19:00 35,072 --a------ C:\WINDOWS\system32\zdmrqigk.dat
2007-12-22 17:31 . 2005-10-29 06:49 84,480 --a------ C:\WINDOWS\system32\bcsprsrcc.dll.bak
2007-12-22 17:30 . 2007-12-22 17:30 15,872 --a------ C:\WINDOWS\system32\538cy1.exe
2007-12-13 17:29 . 2007-12-13 17:29 244 --ah----- C:\sqmnoopt00.sqm
2007-12-13 17:29 . 2007-12-13 17:29 232 --ah----- C:\sqmdata00.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 16:45 --------- d-----w C:\Program Files\XP Repair Pro 2007
2007-12-08 12:44 --------- d-----w C:\Documents and Settings\Asha\Application Data\Canon
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-22 16:06 --------- d-----w C:\Program Files\Java
2007-11-13 14:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2007-11-13 14:56 --------- d-----w C:\Program Files\Nokia
2007-11-13 14:56 --------- d-----w C:\Program Files\Common Files\Nokia
2007-11-13 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-11-13 14:52 --------- d-----w C:\Documents and Settings\Asha\Application Data\Nokia Multimedia Player
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"538cy1"="C:\WINDOWS\system32\538cy1.exe" [2007-12-22 17:30 15872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2007-06-28 11:53 258048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 22:02 282624]
"538cy1"="C:\WINDOWS\system32\538cy1.exe" [2007-12-22 17:30 15872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-12-19 11:00 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 05:06 5181440]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 14:43]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-03 20:52:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-03 20:54:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-03 20:53:58
.
2007-12-21 12:25:48 --- E O F ---