ComboFix 07-10-23.2 - Michael Armendariz 2007-10-23 6:10:45.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.828 [GMT -4:00] Running from: C:\Download\ComboFix\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Michael Armendariz\Application Data\macromedia\Flash Player\#SharedObjects\B6EP69UL\www.broadcaster.com C:\Documents and Settings\Michael Armendariz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Michael Armendariz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\WINDOWS\setup.exe . ((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 ))))))))))))))))))))))))))))))) . 2007-10-23 06:09 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-23 05:42 d-------- C:\Program Files\AboutBuster 2007-10-23 05:01 d-------- C:\aboutBuster 2007-10-22 08:00 d-------- C:\WINDOWS\system32\ActiveScan 2007-10-22 07:50 d-------- C:\ERDNT 2007-10-22 07:24 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-10-22 07:24 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-10-22 07:24 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-10-22 07:24 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-10-22 07:23 d-------- C:\Program Files\Spyware Doctor 2007-10-22 07:23 d-------- C:\Documents and Settings\Michael Armendariz\Application Data\PC Tools 2007-10-22 07:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-19 14:26 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-10-19 14:25 d-------- C:\Program Files\PANTONE COLORVISION 2007-10-10 05:05 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-09 16:41 151,040 --a------ C:\WINDOWS\system\IR32.DLL 2007-10-09 16:41 77,664 --a------ C:\WINDOWS\system\IR21_R.DLL 2007-10-09 16:41 49,616 --a------ C:\WINDOWS\system\MSACM.DLL 2007-10-09 16:41 27,648 --a------ C:\WINDOWS\system\WAVMIX16.DLL 2007-10-09 16:41 12,800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL 2007-10-09 16:41 7,168 --a------ C:\WINDOWS\system\DISPDIB.DLL 2007-10-09 16:40 d-------- C:\MSKIDS 2007-10-09 16:40 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL 2007-10-09 16:40 92,208 --a------ C:\WINDOWS\system\WING.DLL 2007-10-09 16:40 12,800 --a------ C:\WINDOWS\system\WING32.DLL 2007-10-09 16:40 10,197 --a------ C:\WINDOWS\system\MSPAM.REG . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-23 10:14 7,616,032 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-10-23 08:20 621,344 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-10-23 08:20 33,524 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-10-23 08:20 103,160 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-10-22 23:43 --------- d-----w C:\Program Files\Windows Defender 2007-10-22 23:39 --------- d-----w C:\Program Files\Palm 2007-10-22 23:33 --------- d-----w C:\Program Files\Google 2007-10-19 17:22 --------- d-----w C:\Documents and Settings\Michael Armendariz\Application Data\Canon 2007-09-04 08:21 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2007-09-04 08:21 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-25 16:10 60,968 ----a-w C:\Documents and Settings\Michael Armendariz\GoToAssistDownloadHelper.exe 2006-10-02 12:48 1,267,223 ----a-w C:\Documents and Settings\Michael Armendariz\Application Data\CitrixSAClient.exe 2006-03-20 00:16 823,493 ----a-w C:\Program Files\Damaged Screen Zoom.pdf . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 14:29] "VMConsole.exe"="C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" [2004-02-25 09:08] "VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 07:36] "VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-15 21:00] "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 14:43 C:\WINDOWS\AGRSMMSG.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-28 15:49] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-16 04:56] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 17:35] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe R3 Net6IM;Net6;C:\WINDOWS\system32\DRIVERS\net6im51.sys R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys S3 cvspydr2;ColorVision Spyder 2;C:\WINDOWS\system32\DRIVERS\cvspydr2.sys S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-10-23 08:24:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2005-01-01 11:07:14 C:\WINDOWS\Tasks\Registration reminder 2.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe "2007-10-23 10:14:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-23 06:13:58 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-23 6:14:53 . --- E O F ---