smokey10

ComboFix 08-08-06.04 - Cathy McBride 2008-08-07 18:28:57.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.239 [GMT 1:00]
Running from: C:\Documents and Settings\Cathy McBride\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Cathy McBride\Desktop\CFScript.txt
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.

2008-08-06 19:55 . 2008-08-06 19:55 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-06 19:55 . 2008-08-06 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-04 18:40 . 2008-08-04 18:40 <DIR> d-------- C:\Deckard
2008-08-04 18:37 . 2008-08-04 18:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-01 19:18 . 2008-08-03 10:13 <DIR> d-------- C:\Program Files\Google
2008-08-01 19:18 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-30 22:36 . 2008-08-07 18:30 989,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-30 22:36 . 2008-08-06 22:24 12,116 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-30 22:34 . 2008-07-30 22:34 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-07-30 22:32 . 2008-07-30 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-30 22:32 . 2008-07-30 22:34 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-30 22:31 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-07-30 22:31 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-07-30 22:30 . 2008-07-30 22:30 <DIR> d-------- C:\Program Files\Zone Labs
2008-07-30 22:28 . 2008-08-07 18:23 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-07-26 13:37 . 2008-07-26 13:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-26 13:37 . 2008-08-05 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 18:18 --------- d-----w C:\Program Files\Java
2008-07-18 15:25 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-18 15:25 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-18 15:25 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-09 08:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-06-28 22:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-28 18:44 --------- d-----w C:\Documents and Settings\Cathy McBride\Application Data\AVGTOOLBAR
2008-06-28 18:39 --------- d-----w C:\Program Files\AVG
2008-06-28 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-05_23.06.41.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-01 19:21 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-18 16:25 1232152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"EnforceShellExtensionSecurity"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-18 16:25]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-18 16:25]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-18 16:25]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-18 16:25]
S3 ADM851x;ADMtek ADM8513 USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ADM851x.SYS [2002-04-04 04:14]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 18:29:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-07 18:32:41
ComboFix-quarantined-files.txt 2008-08-07 17:32:28
ComboFix2.txt 2008-08-06 18:44:11
ComboFix3.txt 2008-08-05 22:07:44

Pre-Run: 35,764,781,056 bytes free
Post-Run: 35,755,073,536 bytes free

136 --- E O F --- 2008-07-26 16:44:49