ComboFix 07-10-23.2 - Michael Armendariz 2007-10-23 6:10:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.828 [GMT -4:00]
Running from: C:\Download\ComboFix\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Michael Armendariz\Application Data\macromedia\Flash Player\#SharedObjects\B6EP69UL\www.broadcaster.com
C:\Documents and Settings\Michael Armendariz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Michael Armendariz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\setup.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 )))))))))))))))))))))))))))))))
.
2007-10-23 06:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-23 05:42
d-------- C:\Program Files\AboutBuster
2007-10-23 05:01 d-------- C:\aboutBuster
2007-10-22 08:00 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-22 07:50 d-------- C:\ERDNT
2007-10-22 07:24 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-22 07:24 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-22 07:24 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-22 07:24 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-22 07:23 d-------- C:\Program Files\Spyware Doctor
2007-10-22 07:23 d-------- C:\Documents and Settings\Michael Armendariz\Application Data\PC Tools
2007-10-22 07:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-19 14:26 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-10-19 14:25 d-------- C:\Program Files\PANTONE COLORVISION
2007-10-10 05:05 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 16:41 151,040 --a------ C:\WINDOWS\system\IR32.DLL
2007-10-09 16:41 77,664 --a------ C:\WINDOWS\system\IR21_R.DLL
2007-10-09 16:41 49,616 --a------ C:\WINDOWS\system\MSACM.DLL
2007-10-09 16:41 27,648 --a------ C:\WINDOWS\system\WAVMIX16.DLL
2007-10-09 16:41 12,800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL
2007-10-09 16:41 7,168 --a------ C:\WINDOWS\system\DISPDIB.DLL
2007-10-09 16:40 d-------- C:\MSKIDS
2007-10-09 16:40 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL
2007-10-09 16:40 92,208 --a------ C:\WINDOWS\system\WING.DLL
2007-10-09 16:40 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2007-10-09 16:40 10,197 --a------ C:\WINDOWS\system\MSPAM.REG
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-23 10:14 7,616,032 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-23 08:20 621,344 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-23 08:20 33,524 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-23 08:20 103,160 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-22 23:43 --------- d-----w C:\Program Files\Windows Defender
2007-10-22 23:39 --------- d-----w C:\Program Files\Palm
2007-10-22 23:33 --------- d-----w C:\Program Files\Google
2007-10-19 17:22 --------- d-----w C:\Documents and Settings\Michael Armendariz\Application Data\Canon
2007-09-04 08:21 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-09-04 08:21 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-25 16:10 60,968 ----a-w C:\Documents and Settings\Michael Armendariz\GoToAssistDownloadHelper.exe
2006-10-02 12:48 1,267,223 ----a-w C:\Documents and Settings\Michael Armendariz\Application Data\CitrixSAClient.exe
2006-03-20 00:16 823,493 ----a-w C:\Program Files\Damaged Screen Zoom.pdf
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 14:29]
"VMConsole.exe"="C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" [2004-02-25 09:08]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 07:36]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-15 21:00]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 14:43 C:\WINDOWS\AGRSMMSG.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-28 15:49]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-16 04:56]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 17:35]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
R3 Net6IM;Net6;C:\WINDOWS\system32\DRIVERS\net6im51.sys
R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys
S3 cvspydr2;ColorVision Spyder 2;C:\WINDOWS\system32\DRIVERS\cvspydr2.sys
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-23 08:24:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2005-01-01 11:07:14 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2007-10-23 10:14:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 06:13:58
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-23 6:14:53
.
--- E O F ---