webbenji, u rock!!
the program solved it right. And the Kavos and autoruns are deleted to hell. Rawrrr XD
Here's the result u want ^ ^
ComboFix 08-03-14.4 - Aley 2008-03-15 11:29:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.56 [GMT -7:00]
Running from: d:\Downloads\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
C:\WINDOWS\system32\sysdm.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.
2008-03-15 10:24 . 2008-03-15 10:24 <DIR> d-------- C:\New Folder
2008-03-15 10:11 . 2008-03-15 09:09 113,817 -r-hs---- C:\ab.cmd
2008-03-15 09:51 . 2008-03-15 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-15 09:13 . 2004-04-16 11:24 61,440 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-03-15 06:36 . 2008-03-15 06:36 113,439 -r-hs---- C:\fufb6tq3.cmd
2008-03-15 05:51 . 2008-03-10 17:28 116,290 -r-hs---- C:\u.cmd
2008-03-09 17:58 . 2008-03-10 07:29 <DIR> d-------- C:\Documents and Settings\Aley\Application Data\IMVU
2008-03-08 04:31 . 2008-03-08 04:31 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-06 01:43 . 2008-03-14 12:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-06 01:43 . 2008-03-06 01:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-23 20:05 . 2008-02-27 07:15 321 --a------ C:\WINDOWS\WPE PRO.INI
2008-02-23 00:43 . 2004-08-04 01:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-02-23 00:43 . 2004-08-04 01:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-02-23 00:43 . 2004-08-03 23:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-23 00:43 . 2004-08-03 23:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-22 08:43 . 2008-02-22 08:43 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-02-22 08:43 . 2008-03-13 00:01 <DIR> d-------- C:\Documents and Settings\Aley\Application Data\MegauploadToolbar
2008-02-21 09:13 . 2004-08-03 15:56 2,376,192 --a------ C:\WINDOWS\system32\shimgvw.backup
2008-02-20 11:14 . 2008-02-21 17:11 65,536 --a------ C:\WINDOWS\IFinst27.exe
2008-02-20 09:13 . 2008-03-15 09:13 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-02-20 09:13 . 2005-06-01 11:10 463,872 -rah----- C:\WINDOWS\system32\drivers\BLKWGN.sys
2008-02-20 09:13 . 2008-02-20 09:13 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-20 09:11 . 2008-02-20 09:11 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-20 09:11 . 2008-03-15 10:59 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-02-15 18:11 . 2008-03-15 11:29 <DIR> d-------- C:\Documents and Settings\Aley\Application Data\Free Download Manager
2008-02-15 17:05 . 2008-02-15 17:05 <DIR> d-------- C:\Documents and Settings\Aley\Application Data\Media Player Classic
2008-02-15 16:54 . 2008-02-15 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-15 16:54 . 2005-12-08 14:56 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-02-15 16:54 . 2005-12-08 14:56 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-02-15 08:58 . 2008-02-16 01:13 <DIR> d-------- C:\Documents and Settings\Aley\Application Data\DMCache
2008-02-15 01:43 . 2008-02-15 04:12 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 18:30 2,632,480 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-15 17:10 206,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-15 17:07 66,356 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-15 17:07 37,820 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-15 23:52 --------- d-----w C:\Documents and Settings\Aley\Application Data\Winamp
2008-02-15 08:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 19:56 --------- d-----w C:\Documents and Settings\Aley\Application Data\tor
2008-02-10 19:52 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll
2008-02-10 11:58 2,320,640 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-02-10 11:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-10 11:40 --------- d-----w C:\Documents and Settings\Aley\Application Data\TuneUp Software
2008-02-10 11:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-10 10:06 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-02-10 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-10 09:20 --------- d-----w C:\Program Files\Wallpapers
2008-02-10 09:20 --------- d-----w C:\Program Files\Fonts
2008-02-10 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-10 09:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SRS Labs
2008-02-10 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-10 08:47 --------- d-----w C:\Program Files\MSBuild
2008-02-10 08:47 --------- d-----w C:\Program Files\Microsoft Works
2008-02-10 08:36 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-10 08:26 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-10 08:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-10 08:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-10 08:17 --------- d-----w C:\Documents and Settings\Aley\Application Data\Symantec
2008-02-10 08:04 --------- d-----w C:\Program Files\Apoint2K
2008-02-10 07:50 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="D:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-07-30 09:23 3158016]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15:56 15360]
"Free Download Manager"="d:\Program Files\Free Download Manager\fdm.exe" [2006-08-21 00:24 2068527]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 13:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 13:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 13:32 455168]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-02-05 05:01 135168]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-16 19:30 88107 C:\WINDOWS\AGRSMMSG.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-12-14 09:20 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-12-14 09:07 118784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"loadqm"="C:\WINDOWS\system32\pas\loadqm.exe" [2005-05-24 20:58 375296]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 13:31 59392]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2004-08-01 09:09]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 15:56]
R3 BLKWGN;Belkin Wireless G Notebook Card Service;C:\WINDOWS\system32\DRIVERS\BLKWGN.sys [2005-06-01 11:10]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2004-08-01 09:09]
R3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\system32\wlanndi5.SYS [2004-04-21 18:51]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-07 23:52]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{215b52f4-e19e-11dc-baf0-001150d9eb50}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{617cc9de-efc9-11dc-8dd2-c343cce26672}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93b32458-d845-11dc-a72d-0012f0306901}]
\Shell\AutoRun\command - g2p3s.exe
\Shell\explore\Command - g2p3s.exe
\Shell\open\Command - g2p3s.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c4b5d41-db6c-11dc-a736-000d5e425dec}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c4b5f6d-db6c-11dc-a736-000d5e425dec}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c040eb30-d766-11dc-b2ad-806d6172696f}]
\Shell\AutoRun\command - E:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1c23c96-d81c-11dc-a72b-0012f0306901}]
\Shell\AutoRun\command - F:\p3r1ud.exe
\Shell\explore\Command - F:\p3r1ud.exe
\Shell\open\Command - F:\p3r1ud.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff8efa78-d7b9-11dc-b1eb-0012f0306901}]
\Shell\AutoRun\command - G:\u.cmd
\Shell\explore\Command - G:\u.cmd
\Shell\open\Command - G:\u.cmd
.
Contents of the 'Scheduled Tasks' folder
"2008-03-01 01:39:16 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-03-15 11:30:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-15 11:31:43
ComboFix-quarantined-files.txt 2008-03-15 18:31:14
.
2008-03-12 16:43:47 --- E O F ---
Thanks~