ComboFix 07-11-06.4 - Kevin 2007-11-08 16:10:44.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.280 [GMT -5:00]
Running from: C:\ctrldownloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kevin\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\SYSTEM32\aifsyepk.dll
C:\WINDOWS\SYSTEM32\igkfuyne.dll
C:\WINDOWS\SYSTEM32\soblpeqd.dll
C:\WINDOWS\SYSTEM32\tdvlbnyn.exe
C:\WINDOWS\SYSTEM32\vxszngjm.dll
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Kevin\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Kevin\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Kevin\Favorites\Online Security Guide.lnk
C:\Temp\mZOr
C:\Temp\mZOr\tOasF.log
C:\WINDOWS\SYSTEM32\aifsyepk.dll
C:\WINDOWS\SYSTEM32\igkfuyne.dll
C:\WINDOWS\SYSTEM32\Mz02r
C:\WINDOWS\SYSTEM32\Mz02r\Mz02r1065.exe
C:\WINDOWS\SYSTEM32\soblpeqd.dll
C:\WINDOWS\SYSTEM32\tdvlbnyn.exe
C:\WINDOWS\SYSTEM32\vxszngjm.dll
C:\WINDOWS\system32\vxszngjm.dllbox
.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.
2007-11-05 08:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-20 19:29 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\Viewpoint
2007-10-14 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
2007-10-14 13:59 <DIR> d-------- C:\Program Files\JumpStart
2007-10-14 13:59 <DIR> d-------- C:\Program Files\Common Files\Knowledge Adventure
2007-10-09 23:42 582,656 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 21:05 --------- d-----w C:\Documents and Settings\Kevin\Application Data\ComcastToolbar
2007-11-01 17:48 --------- d-----w C:\Documents and Settings\Christina\Application Data\ComcastToolbar
2007-11-01 17:21 --------- d-----w C:\Program Files\Trend Micro
2007-10-29 16:12 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-10-21 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-19 01:13 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-10-14 19:11 --------- d-----w C:\Program Files\The Learning Company
2007-10-01 21:03 --------- d-----w C:\Program Files\Common Files\Scanner
2007-09-28 20:05 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-09-28 20:05 --------- d-----w C:\Program Files\Real
2007-09-22 18:16 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Common Files
2007-09-10 16:38 --------- d-----w C:\Program Files\iTunes
2007-09-10 16:38 --------- d-----w C:\Program Files\iPod
2007-08-14 14:37 65,536 ----a-w C:\WINDOWS\bmfirmwareapex3.dll
2007-08-14 14:37 151,552 ----a-w C:\WINDOWS\bmupgradeapex24.dll
2007-08-14 14:37 1,409,024 ----a-w C:\WINDOWS\bmusbapex3.dll
2007-08-14 14:36 73,728 ----a-w C:\WINDOWS\bmcommapex3.dll
2007-08-14 14:36 114,688 ----a-w C:\WINDOWS\bmserialapex24.dll
2006-10-03 17:20 21,290,704 ----a-w C:\Program Files\AdbeRdr708_en_US.exe
2001-07-26 21:58 47 ----a-w C:\Program Files\ACMonitor_X73.ini
2001-07-05 17:46 8,116 ----a-w C:\Program Files\OSLO3071b2.USB
2001-05-11 16:39 53,248 ----a-w C:\Program Files\ACMonitor_X73.exe
2001-05-08 21:36 114,688 ----a-w C:\Program Files\lxarscan.dll
2001-04-23 19:22 1,437 ----a-w C:\Program Files\gtx73.ini
2001-02-22 14:54 768 ----a-w C:\Program Files\x73_lut.dat
.
((((((((((((((((((((((((((((( snapshot@2007-11-05_ 8.34.46.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-04-02 19:21:27 139,776 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
+ 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
+ 2007-11-08 21:18:26 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_594.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93485A6A-AD65-4516-A443-E456C7835361}]
C:\Program Files\MSN Gaming Zone\meroxeC:\WINDOWS\system32\e2\caws83122.exe.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 09:39]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 17:03]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 20:07]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-07-05 05:17]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders.lnk
backup=C:\WINDOWS\pss\Event Planner Reminders.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_CC]
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1148942623\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
S3 umpusbxp;BodyMedia Serial Port Driver;C:\WINDOWS\system32\DRIVERS\umpusbxp.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f88638f-2bd3-11db-9f38-000d56cb5145}]
\Shell\AutoRun\command - D:\ygo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{952823c0-0166-11dc-9f78-000d56cb5145}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-26 00:21:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-03-02 20:59:59 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\SYSTEM32\cleanmgr.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-08 16:19:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-08 16:21:37 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-06 15:56
C:\ComboFix3.txt ... 2007-11-05 08:36
.
--- E O F ---