Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.211 [GMT -5:00]
Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jeff\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\prx.exe
C:\WINDOWS\system32\h.exe
C:\WINDOWS\system32\wkssvc.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\prx.exe
C:\WINDOWS\system32\wkssvc.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.
2007-10-14 19:06 225,509 --a------ C:\WINDOWS\system32\ifspcag.exe
2007-10-14 19:03 225,509 --a------ C:\WINDOWS\system32\fokjbzskezsc.exe
2007-10-14 18:54 225,509 --a------ C:\WINDOWS\system32\ojqnbfddki.exe
2007-10-14 18:19 225,509 --a------ C:\WINDOWS\system32\uckif.exe
2007-10-13 15:31 224,655 --a------ C:\WINDOWS\system32\wkc.exe
2007-10-12 06:23 224,655 --a------ C:\WINDOWS\system32\mfjqxf.exe
2007-10-12 00:33 224,655 --a------ C:\WINDOWS\system32\qkxtv.exe
2007-10-12 00:31 224,655 --a------ C:\WINDOWS\system32\ywe.exe
2007-10-11 21:43 224,655 --a------ C:\WINDOWS\system32\cmeq.exe
2007-10-11 20:42 224,655 --a------ C:\WINDOWS\system32\cqwnhhguqu.exe
2007-10-11 20:05 224,655 --a------ C:\WINDOWS\system32\fjv.exe
2007-10-11 19:56 226,914 --a------ C:\WINDOWS\system32\zkn.exe
2007-10-11 19:45 226,914 --a------ C:\WINDOWS\system32\brkq.exe
2007-10-11 07:59 226,914 --a------ C:\WINDOWS\system32\ijdpafam.exe
2007-10-11 07:28 226,914 --a------ C:\WINDOWS\system32\lcvbb.exe
2007-10-10 11:57 <DIR> d--hs---- C:\WINDOWS\SmVmZiBKb2huc29u
2007-10-10 11:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-10-09 14:29 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 11:34 <DIR> d-------- C:\Program Files\Temporary
2007-10-07 14:07 104,448 --a------ C:\WINDOWS\system32\gluynfh.exe
2007-10-07 10:06 104,448 --a------ C:\WINDOWS\system32\iyl.exe
2007-10-07 06:04 104,448 --a------ C:\WINDOWS\system32\awmnhcduwn.exe
2007-10-06 14:42 <DIR> d-------- C:\Program Files\iTunes
2007-10-04 20:02 104,448 --a------ C:\WINDOWS\system32\vtcebxpe.exe
2007-10-04 16:11 104,448 --a------ C:\WINDOWS\system32\vwvgthpj.exe
2007-10-04 02:29 104,448 --a------ C:\WINDOWS\system32\blyxcffzwem.exe
2007-10-03 07:48 104,448 --a------ C:\WINDOWS\system32\mijic.exe
2007-10-02 20:17 104,448 --a------ C:\WINDOWS\system32\rpdi.exe
2007-09-28 08:43 104,448 --a------ C:\WINDOWS\system32\oymtqvmmmssj.exe
2007-09-28 07:55 104,448 --a------ C:\WINDOWS\system32\mewi.exe
2007-09-27 03:49 104,448 --a------ C:\WINDOWS\system32\xozzotc.exe
2007-09-26 21:14 104,448 --a------ C:\WINDOWS\system32\uqxls.exe
2007-09-26 20:58 104,448 --a------ C:\WINDOWS\system32\ojfw.exe
2007-09-22 14:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-22 09:00 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-17 17:15 <DIR> d-------- C:\Documents and Settings\Jeff\Application Data\U3
2007-09-17 01:28 <DIR> d--h----- C:\system32
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 19:42 --------- d-----w C:\Program Files\iPod
2007-10-04 00:01 --------- d-----w C:\Program Files\SpyZooka
2007-09-26 21:06 --------- d-----w C:\Program Files\Apple Software Update
2007-09-19 01:36 --------- d-----w C:\Program Files\MSN Messenger
2007-09-15 11:18 --------- d-----w C:\Documents and Settings\JJ\Application Data\tunebite
2007-08-28 02:15 --------- d-----w C:\Program Files\The Odyssey Online Classic
2007-08-26 22:59 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Apple Computer
2007-08-22 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-20 00:15 --------- d-----w C:\Program Files\AIM
2007-08-20 00:15 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Aim
2007-08-20 00:14 --------- d-----w C:\Program Files\AOD
2007-08-16 07:59 29,745 ----a-w C:\booterhelp.exe
2007-08-15 02:19 --------- d-----w C:\Program Files\Maxis
2007-08-14 06:48 89,088 ----a-w C:\upload2.exe
2007-08-14 06:43 89,088 ----a-w C:\uploadx.exe
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 00:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2005-11-06 00:07 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-05-31 22:36:06 89,600 --sh--r C:\WINDOWS\Help\msiexec.exe
2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\SmVmZiBKb2huc29u\mApAt214vZ1RwZ6R.vbs
2007-02-12 15:02:23 992,569 --sha-w C:\WINDOWS\system32\dccdd.bak1
2007-02-14 00:19:59 997,560 --sh--w C:\WINDOWS\system32\dccdd.bak2
2007-02-10 14:24:57 994,338 --sha-w C:\WINDOWS\system32\ppqss.bak1
2007-02-11 21:15:08 990,485 --sha-w C:\WINDOWS\system32\ppqss.bak2
2007-02-12 12:42:27 993,793 --sha-w C:\WINDOWS\system32\ppqss.ini2
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\system32 ----
2007-09-17 01:28 69120 ---h----- C:\system32\nsmss.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 12:06]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Microsoft (R) Windows Network Service Monitor"="C:\system32\nsmss.exe" [2007-09-17 01:28]
"Microsoft Spooler"="wkssvc.exe" []
"ojfw"="C:\WINDOWS\system32\ojfw.exe" [2007-09-26 20:59]
"rpdi"="C:\WINDOWS\system32\rpdi.exe" [2007-10-02 20:17]
"vtcebxpe"="C:\WINDOWS\system32\vtcebxpe.exe" [2007-10-04 20:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"lcvbb"="C:\WINDOWS\system32\lcvbb.exe" [2007-10-11 07:28]
"fjv"="C:\WINDOWS\system32\fjv.exe" [2007-10-11 20:05]
"mfjqxf"="C:\WINDOWS\system32\mfjqxf.exe" [2007-10-12 06:23]
"wkc"="C:\WINDOWS\system32\wkc.exe" [2007-10-13 15:31]
"uckif"="C:\WINDOWS\system32\uckif.exe" [2007-10-14 18:19]
"ojqnbfddki"="C:\WINDOWS\system32\ojqnbfddki.exe" [2007-10-14 18:54]
"fokjbzskezsc"="C:\WINDOWS\system32\fokjbzskezsc.exe" [2007-10-14 19:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"Okexob"="C:\Documents and Settings\Jeff\Application Data\A?pPatch\m?config.exe" []
"Zpsit"="C:\Program Files\Common Files\??sembly\?hkdsk.exe" []
"Mdnsw"="C:\WINDOWS\system32\?icrosoft.NET\??erinit.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"h"=C:\WINDOWS\system32\h.exe
"ojfw"=C:\WINDOWS\system32\ojfw.exe
"rpdi"=C:\WINDOWS\system32\rpdi.exe
"vtcebxpe"=C:\WINDOWS\system32\vtcebxpe.exe
"lcvbb"=C:\WINDOWS\system32\lcvbb.exe
"fjv"=C:\WINDOWS\system32\fjv.exe
"mfjqxf"=C:\WINDOWS\system32\mfjqxf.exe
"wkc"=C:\WINDOWS\system32\wkc.exe
"uckif"=C:\WINDOWS\system32\uckif.exe
"ojqnbfddki"=C:\WINDOWS\system32\ojqnbfddki.exe
"fokjbzskezsc"=C:\WINDOWS\system32\fokjbzskezsc.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 16:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R2 Win_MSI-Installer;WINDOWS MSI Installer Application;"C:\WINDOWS\help\msiexec.exe"
R3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys
S2 LogBusDrv;Logical Bus Drive;"C:\WINDOWS\system32\lsmvc.exe"
S2 nsmss;Windows Network Service Monitor;C:\system32\nsmss.exe
S2 yiuyym7aj;Print Spooler Service;C:\WINDOWS\system32\ifspcag.exe /service
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\E:\INSTAL~E\Core\BVRPMPR5.SYS
S3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{825fe160-656b-11dc-a65c-000bdbc2244a}]
AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-10-06 19:11:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 19:18:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-14 19:19:42
C:\ComboFix-quarantined-files.txt ... 2007-09-22 15:02
C:\ComboFix2.txt ... 2007-10-14 19:07
C:\ComboFix3.txt ... 2007-09-22 15:02
.
--- E O F ---