Hi Askey127,
I hope I was able to do this correctly. When I dropped the CFScript file into ComboFix, it said I needed an update, so I did and then it ran the scan again.
Here are the results of the scan.
Thank you.
ComboFix 10-10-28.09 - Dani Allen 10/29/2010 14:42:41.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.254 [GMT -7:00]
Running from: c:\documents and settings\Dani Allen\Desktop\zzz.exe
Command switches used :: c:\documents and settings\Dani Allen\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\program files\Internet Explorer\audio3dupdate20080913.exe"
"c:\program files\Internet Explorer\nbtstat20080918.exe"
"c:\program files\Internet Explorer\nbtstat20080919.exe"
"c:\program files\Internet Explorer\nbtstat20080921.exe"
"c:\program files\Internet Explorer\nbtstat20080922.exe"
"c:\program files\Internet Explorer\nbtstat20080926.exe"
"c:\program files\Internet Explorer\spaceupdate20081029.exe"
.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))
.
2010-10-29 13:43 . 2010-10-29 13:43 -------- d-----w- c:\program files\ESET
2010-10-25 21:48 . 2010-10-25 21:48 -------- d-----w- c:\program files\Common Files\Java
2010-10-25 21:47 . 2010-10-25 21:46 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-25 21:47 . 2010-10-25 21:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-25 21:47 . 2010-10-25 21:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-21 05:29 . 2010-10-21 05:30 -------- d-----w- c:\documents and settings\Dani Allen\Local Settings\Application Data\Deployment
2010-10-21 01:02 . 2010-10-21 01:02 -------- d-----w- c:\documents and settings\Dani Allen\Application Data\ElevatedDiagnostics
2010-10-18 14:25 . 2010-10-18 14:25 -------- d-----w- c:\documents and settings\DESKTOP
2010-10-12 19:02 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-12 19:02 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-22 20:01 . 2004-03-19 22:38 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2010-09-24 21:58 . 2010-09-24 21:58 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-24 21:58 . 2010-09-24 21:58 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-24 21:58 . 2010-09-24 21:58 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-24 21:58 . 2010-09-24 21:58 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-18 19:23 . 2004-03-19 22:38 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-03-19 22:38 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-03-19 22:38 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-03-19 22:38 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-03-19 22:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-03-19 22:38 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-03-19 22:33 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2003-09-25 14:35 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-03-19 22:43 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-03-19 22:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2003-03-28 11:54 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 23:17 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-03-19 22:34 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-03-19 22:43 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-03-06 02:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-15 15:11 . 2010-07-15 15:11 1704744 ----a-w- c:\program files\SkypeSetup.exe
2010-02-13 23:35 . 2010-02-13 23:35 2107696 -c--a-w- c:\program files\Install_Facebook_Plug-In_1.0.1.exe
2010-01-29 21:04 . 2010-01-29 21:01 16194992 -c--a-w- c:\program files\pdf_creator.exe
2009-09-01 23:11 . 2009-09-01 23:08 44983296 -c--a-w- c:\program files\BookSmart_2.0.2.exe
2009-07-15 18:00 . 2009-07-15 17:53 75637184 -c--a-w- c:\program files\Quicken_Deluxe_2009.exe
2009-07-15 17:57 . 2009-07-15 17:54 13112552 -c--a-w- c:\program files\Quicken_WillMaker_Plus_2009.exe
2007-05-09 02:48 . 2007-05-09 02:47 1904913 -c--a-w- c:\program files\aac-setup.exe
2007-04-24 16:22 . 2007-04-24 16:22 37860928 -c--a-w- c:\program files\iTunesSetup.exe
2004-10-01 22:00 . 2007-04-25 17:57 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ExtremeSync Background Scheduler"="c:\program files\rsync.net Backup Agent\extremeSyncService.exe" [2008-11-22 6502400]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-24 21:58 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp psc 700 series) - 1.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk
backup=c:\windows\pss\HPAiODevice(hp psc 700 series) - 1.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=c:\windows\pss\ImageMixer for HDD Camcorder.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 23:51 177440 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 11:40 218032 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 -c--a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24 32768 -c--a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AdobeActiveFileMonitor4.0"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup
"PhotoShow Deluxe Media Manager"=c:\progra~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"PowerBar"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"IgfxTray"=c:\windows\System32\igfxtray.exe
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"MMTray"=c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"mmtask"=c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
"GoogleUpdate"=c:\program files\Internet Explorer\orz.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\cygwin\\bin\\rsync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 ntcdrdrv;ntcdrdrv;c:\windows\SYSTEM32\DRIVERS\ntcdrdrv.sys [5/8/2007 7:49 PM 13184]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [9/24/2010 2:58 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [9/24/2010 2:58 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/24/2010 2:57 PM 308136]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [5/6/2008 5:06 PM 11520]
.
Contents of the 'Scheduled Tasks' folder
2010-10-26 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-01-10 22:31]
2009-11-21 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-11-26 22:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}
mWindow Title =
uInternet Settings,ProxyOverride = *.local
TCP: {618F8427-67C7-4CFC-BFD9-E6762FAD1C69} = 8.8.8.8,4.2.2.1
FF - ProfilePath - c:\documents and settings\Dani Allen\Application Data\Mozilla\Firefox\Profiles\yoxpqzmn.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage -
hxxp://www.msn.com/FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Dani Allen\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-10-29 15:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\1e2640d2-31c2-42ee-858b-071806cfe9a6.tmp 0 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-10-29 15:20:27
ComboFix-quarantined-files.txt 2010-10-29 22:19
ComboFix2.txt 2010-10-25 05:12
Pre-Run: 34,350,157,824 bytes free
Post-Run: 34,453,643,264 bytes free
- - End Of File - - 5A2791CDAC7DF372D1A29A2DA613D90A