ComboFix 08-02-17.2 - Lauren 2008-02-18 18:54:47.6 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.139 [GMT -7:00] Running from: D:\ComboFix.exe Command switches used :: D:\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\FOUND.000 D:\FOUND.000\FILE0000.CHK D:\FOUND.001 D:\FOUND.001\FILE0000.CHK D:\FOUND.002 D:\FOUND.002\FILE0000.CHK D:\FOUND.002\FILE0001.CHK D:\FOUND.002\FILE0002.CHK D:\FOUND.003 D:\FOUND.003\FILE0000.CHK D:\FOUND.003\FILE0001.CHK D:\FOUND.003\FILE0002.CHK D:\FOUND.004 D:\FOUND.004\FILE0000.CHK D:\FOUND.004\FILE0001.CHK D:\FOUND.004\FILE0002.CHK D:\FOUND.004\FILE0003.CHK D:\FOUND.004\FILE0004.CHK D:\FOUND.005 D:\FOUND.005\FILE0000.CHK D:\FOUND.005\FILE0001.CHK D:\FOUND.006 D:\FOUND.006\FILE0000.CHK D:\FOUND.006\FILE0001.CHK D:\FOUND.006\FILE0002.CHK D:\FOUND.006\FILE0003.CHK D:\FOUND.006\FILE0004.CHK D:\FOUND.006\FILE0005.CHK D:\FOUND.006\FILE0006.CHK D:\FOUND.006\FILE0007.CHK D:\FOUND.007 D:\FOUND.007\FILE0000.CHK D:\FOUND.007\FILE0001.CHK D:\FOUND.007\FILE0002.CHK D:\FOUND.008 D:\FOUND.008\FILE0000.CHK D:\FOUND.008\FILE0001.CHK D:\FOUND.008\FILE0002.CHK D:\FOUND.008\FILE0003.CHK D:\FOUND.008\FILE0004.CHK D:\FOUND.008\FILE0005.CHK D:\FOUND.009 D:\FOUND.009\FILE0000.CHK D:\FOUND.009\FILE0001.CHK D:\FOUND.009\FILE0002.CHK D:\FOUND.009\FILE0003.CHK D:\FOUND.009\FILE0004.CHK D:\FOUND.009\FILE0005.CHK D:\FOUND.009\FILE0006.CHK D:\FOUND.010 D:\FOUND.010\FILE0000.CHK D:\FOUND.011 D:\FOUND.011\FILE0000.CHK D:\FOUND.011\FILE0001.CHK D:\FOUND.011\FILE0002.CHK D:\FOUND.011\FILE0003.CHK D:\FOUND.011\FILE0004.CHK D:\FOUND.011\FILE0005.CHK D:\FOUND.011\FILE0006.CHK D:\FOUND.011\FILE0007.CHK D:\FOUND.011\FILE0008.CHK D:\FOUND.011\FILE0009.CHK D:\FOUND.011\FILE0010.CHK D:\FOUND.011\FILE0011.CHK D:\FOUND.011\FILE0012.CHK D:\FOUND.011\FILE0013.CHK D:\FOUND.011\FILE0014.CHK D:\FOUND.011\FILE0015.CHK D:\FOUND.011\FILE0016.CHK D:\FOUND.011\FILE0017.CHK D:\FOUND.011\FILE0018.CHK D:\FOUND.011\FILE0019.CHK D:\FOUND.011\FILE0020.CHK D:\FOUND.011\FILE0021.CHK D:\FOUND.011\FILE0022.CHK D:\FOUND.011\FILE0023.CHK D:\FOUND.011\FILE0024.CHK D:\FOUND.011\FILE0025.CHK D:\FOUND.011\FILE0026.CHK D:\FOUND.011\FILE0027.CHK D:\FOUND.011\FILE0028.CHK D:\FOUND.011\FILE0029.CHK D:\FOUND.011\FILE0030.CHK D:\FOUND.011\FILE0031.CHK D:\FOUND.011\FILE0032.CHK D:\FOUND.011\FILE0033.CHK D:\FOUND.011\FILE0034.CHK D:\FOUND.011\FILE0035.CHK D:\FOUND.011\FILE0036.CHK D:\FOUND.011\FILE0037.CHK D:\FOUND.011\FILE0038.CHK D:\FOUND.011\FILE0039.CHK D:\FOUND.011\FILE0040.CHK D:\FOUND.011\FILE0041.CHK D:\FOUND.011\FILE0042.CHK D:\FOUND.011\FILE0043.CHK D:\FOUND.011\FILE0044.CHK D:\FOUND.011\FILE0045.CHK D:\FOUND.011\FILE0046.CHK D:\FOUND.011\FILE0047.CHK D:\FOUND.011\FILE0048.CHK D:\FOUND.011\FILE0049.CHK D:\FOUND.011\FILE0050.CHK D:\FOUND.011\FILE0051.CHK D:\FOUND.011\FILE0052.CHK D:\FOUND.011\FILE0053.CHK D:\FOUND.011\FILE0054.CHK D:\FOUND.011\FILE0055.CHK D:\FOUND.011\FILE0056.CHK D:\FOUND.011\FILE0057.CHK D:\FOUND.011\FILE0058.CHK D:\FOUND.011\FILE0059.CHK D:\FOUND.011\FILE0060.CHK D:\FOUND.011\FILE0061.CHK D:\FOUND.011\FILE0062.CHK D:\FOUND.011\FILE0063.CHK D:\FOUND.011\FILE0064.CHK D:\FOUND.011\FILE0065.CHK D:\FOUND.011\FILE0066.CHK D:\FOUND.011\FILE0067.CHK D:\FOUND.011\FILE0068.CHK D:\FOUND.011\FILE0069.CHK D:\FOUND.011\FILE0070.CHK D:\FOUND.011\FILE0071.CHK D:\FOUND.011\FILE0072.CHK D:\FOUND.011\FILE0073.CHK D:\FOUND.011\FILE0074.CHK D:\FOUND.011\FILE0075.CHK D:\FOUND.011\FILE0076.CHK D:\FOUND.011\FILE0077.CHK D:\FOUND.011\FILE0078.CHK D:\FOUND.011\FILE0079.CHK D:\FOUND.011\FILE0080.CHK D:\FOUND.011\FILE0081.CHK D:\FOUND.011\FILE0082.CHK D:\FOUND.011\FILE0083.CHK D:\FOUND.011\FILE0084.CHK D:\FOUND.011\FILE0085.CHK D:\FOUND.011\FILE0086.CHK D:\FOUND.011\FILE0087.CHK D:\FOUND.011\FILE0088.CHK D:\FOUND.011\FILE0089.CHK D:\FOUND.011\FILE0090.CHK D:\FOUND.011\FILE0091.CHK D:\FOUND.011\FILE0092.CHK D:\FOUND.011\FILE0093.CHK D:\FOUND.011\FILE0094.CHK D:\FOUND.011\FILE0095.CHK D:\FOUND.011\FILE0096.CHK D:\FOUND.011\FILE0097.CHK D:\FOUND.011\FILE0098.CHK D:\FOUND.011\FILE0099.CHK D:\FOUND.011\FILE0100.CHK D:\FOUND.011\FILE0101.CHK D:\FOUND.011\FILE0102.CHK D:\FOUND.011\FILE0103.CHK D:\FOUND.011\FILE0104.CHK D:\FOUND.011\FILE0105.CHK D:\FOUND.011\FILE0106.CHK D:\FOUND.011\FILE0107.CHK D:\FOUND.011\FILE0108.CHK D:\FOUND.011\FILE0109.CHK D:\FOUND.011\FILE0110.CHK D:\FOUND.011\FILE0111.CHK D:\FOUND.011\FILE0112.CHK D:\FOUND.011\FILE0113.CHK D:\FOUND.011\FILE0114.CHK D:\FOUND.011\FILE0115.CHK D:\FOUND.011\FILE0116.CHK D:\FOUND.011\FILE0117.CHK D:\FOUND.011\FILE0118.CHK D:\FOUND.011\FILE0119.CHK D:\FOUND.011\FILE0120.CHK D:\FOUND.011\FILE0121.CHK D:\FOUND.011\FILE0122.CHK D:\FOUND.011\FILE0123.CHK D:\FOUND.011\FILE0124.CHK D:\FOUND.011\FILE0125.CHK D:\FOUND.011\FILE0126.CHK D:\FOUND.011\FILE0127.CHK D:\FOUND.011\FILE0128.CHK D:\FOUND.011\FILE0129.CHK D:\FOUND.011\FILE0130.CHK D:\FOUND.011\FILE0131.CHK D:\FOUND.011\FILE0132.CHK D:\FOUND.011\FILE0133.CHK D:\FOUND.011\FILE0134.CHK D:\FOUND.011\FILE0135.CHK D:\FOUND.011\FILE0136.CHK D:\FOUND.011\FILE0137.CHK D:\FOUND.011\FILE0138.CHK D:\FOUND.011\FILE0139.CHK D:\FOUND.011\FILE0140.CHK D:\FOUND.011\FILE0141.CHK D:\FOUND.011\FILE0142.CHK D:\FOUND.011\FILE0143.CHK D:\FOUND.011\FILE0144.CHK D:\FOUND.011\FILE0145.CHK D:\FOUND.011\FILE0146.CHK D:\FOUND.011\FILE0147.CHK D:\FOUND.011\FILE0148.CHK D:\FOUND.011\FILE0149.CHK D:\FOUND.011\FILE0150.CHK D:\FOUND.011\FILE0151.CHK D:\FOUND.011\FILE0152.CHK D:\FOUND.011\FILE0153.CHK D:\FOUND.011\FILE0154.CHK D:\FOUND.011\FILE0155.CHK D:\FOUND.011\FILE0156.CHK D:\FOUND.011\FILE0157.CHK D:\FOUND.011\FILE0158.CHK D:\FOUND.011\FILE0159.CHK D:\FOUND.011\FILE0160.CHK D:\FOUND.011\FILE0161.CHK D:\FOUND.011\FILE0162.CHK D:\FOUND.011\FILE0163.CHK D:\FOUND.011\FILE0164.CHK D:\FOUND.011\FILE0165.CHK D:\FOUND.011\FILE0166.CHK D:\FOUND.011\FILE0167.CHK D:\FOUND.011\FILE0168.CHK D:\FOUND.011\FILE0169.CHK D:\FOUND.011\FILE0170.CHK D:\FOUND.011\FILE0171.CHK D:\FOUND.011\FILE0172.CHK D:\FOUND.011\FILE0173.CHK D:\FOUND.011\FILE0174.CHK D:\FOUND.011\FILE0175.CHK D:\FOUND.011\FILE0176.CHK D:\FOUND.011\FILE0177.CHK D:\FOUND.011\FILE0178.CHK D:\FOUND.011\FILE0179.CHK D:\FOUND.011\FILE0180.CHK D:\FOUND.011\FILE0181.CHK D:\FOUND.011\FILE0182.CHK D:\FOUND.011\FILE0183.CHK D:\FOUND.011\FILE0184.CHK D:\FOUND.011\FILE0185.CHK D:\FOUND.011\FILE0186.CHK D:\FOUND.011\FILE0187.CHK D:\FOUND.011\FILE0188.CHK D:\FOUND.011\FILE0189.CHK D:\FOUND.011\FILE0190.CHK D:\FOUND.011\FILE0191.CHK D:\FOUND.011\FILE0192.CHK D:\FOUND.011\FILE0193.CHK D:\FOUND.011\FILE0194.CHK D:\FOUND.011\FILE0195.CHK D:\FOUND.011\FILE0196.CHK D:\FOUND.011\FILE0197.CHK D:\FOUND.011\FILE0198.CHK D:\FOUND.011\FILE0199.CHK D:\FOUND.011\FILE0200.CHK D:\FOUND.011\FILE0201.CHK D:\FOUND.011\FILE0202.CHK D:\FOUND.011\FILE0203.CHK D:\FOUND.011\FILE0204.CHK D:\FOUND.011\FILE0205.CHK D:\FOUND.011\FILE0206.CHK D:\FOUND.011\FILE0207.CHK D:\FOUND.011\FILE0208.CHK D:\FOUND.011\FILE0209.CHK D:\FOUND.011\FILE0210.CHK D:\FOUND.011\FILE0211.CHK D:\FOUND.011\FILE0212.CHK D:\FOUND.011\FILE0213.CHK D:\FOUND.011\FILE0214.CHK D:\FOUND.011\FILE0215.CHK D:\FOUND.011\FILE0216.CHK D:\FOUND.011\FILE0217.CHK D:\FOUND.011\FILE0218.CHK D:\FOUND.011\FILE0219.CHK D:\FOUND.011\FILE0220.CHK D:\FOUND.011\FILE0221.CHK D:\FOUND.011\FILE0222.CHK D:\FOUND.011\FILE0223.CHK D:\FOUND.011\FILE0224.CHK D:\FOUND.011\FILE0225.CHK D:\FOUND.011\FILE0226.CHK D:\FOUND.011\FILE0227.CHK D:\FOUND.011\FILE0228.CHK D:\FOUND.011\FILE0229.CHK D:\FOUND.011\FILE0230.CHK D:\FOUND.011\FILE0231.CHK D:\FOUND.011\FILE0232.CHK D:\FOUND.011\FILE0233.CHK D:\FOUND.011\FILE0234.CHK D:\FOUND.011\FILE0235.CHK D:\FOUND.011\FILE0236.CHK D:\FOUND.011\FILE0237.CHK D:\FOUND.011\FILE0238.CHK D:\FOUND.011\FILE0239.CHK D:\FOUND.011\FILE0240.CHK D:\FOUND.011\FILE0241.CHK D:\FOUND.011\FILE0242.CHK D:\FOUND.011\FILE0243.CHK D:\FOUND.011\FILE0244.CHK D:\FOUND.011\FILE0245.CHK D:\FOUND.011\FILE0246.CHK D:\FOUND.011\FILE0247.CHK D:\FOUND.011\FILE0248.CHK D:\FOUND.011\FILE0249.CHK D:\FOUND.011\FILE0250.CHK D:\FOUND.011\FILE0251.CHK D:\FOUND.011\FILE0252.CHK D:\FOUND.011\FILE0253.CHK D:\FOUND.011\FILE0254.CHK D:\FOUND.011\FILE0255.CHK D:\FOUND.011\FILE0256.CHK D:\FOUND.011\FILE0257.CHK D:\FOUND.011\FILE0258.CHK D:\FOUND.012 D:\FOUND.012\FILE0000.CHK D:\FOUND.012\FILE0001.CHK D:\FOUND.013 D:\FOUND.013\FILE0000.CHK D:\FOUND.013\FILE0001.CHK D:\FOUND.013\FILE0002.CHK D:\FOUND.013\FILE0003.CHK D:\FOUND.013\FILE0004.CHK . ((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 ))))))))))))))))))))))))))))))) . 2008-02-18 18:20 . 2008-02-18 18:20 102 --a------ D:\FoundFix.bat 2008-02-18 14:26 . 2008-02-18 14:26 6,132 --a------ D:\zipfolder_fix.reg 2008-02-18 10:55 . 2008-02-18 10:55 1,597,661 --a------ D:\ComboFix.exe 2008-02-17 22:49 . 2008-02-18 11:05 3,739 --a------ D:\WINDOWS\imsins.BAK 2008-02-17 18:06 . 2008-02-13 13:20 4,224 --a------ D:\WINDOWS\system32\drivers\beep.sys 2008-02-17 18:06 . 2008-02-13 13:20 4,224 --a------ D:\WINDOWS\system32\dllcache\beep.sys 2008-02-17 15:28 . 2008-02-17 15:28 d-------- D:\WINDOWS\system32\LogFiles 2008-02-16 14:45 . 2008-02-16 14:45 d-------- D:\WINDOWS\ERUNT 2008-02-16 14:37 . 2008-02-13 13:22 d-------- D:\SDFix 2008-02-08 17:33 . 2008-02-08 17:33 d-------- D:\Program Files\MSECache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-21 07:41 --------- d-----w D:\Program Files\Apple Software Update 2007-12-21 07:39 --------- d-----w D:\Program Files\Common Files\Apple 2007-12-21 07:39 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple 2007-12-18 09:51 179,584 ------w D:\WINDOWS\system32\dllcache\mrxdav.sys 2007-12-07 14:37 3,059,200 ------w D:\WINDOWS\system32\dllcache\mshtml.dll 2007-12-06 13:07 18,432 ------w D:\WINDOWS\system32\dllcache\iedw.exe 2007-12-04 18:38 550,912 ----a-w D:\WINDOWS\system32\oleaut32.dll 2007-12-04 18:38 550,912 ------w D:\WINDOWS\system32\dllcache\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w D:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w D:\WINDOWS\system32\AVASTSS.scr 2006-12-21 19:59 20 ---h--w D:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [2006-09-18 13:25 7630848] "NvMediaCenter"="D:\WINDOWS\System32\NvMcTray.dll" [2006-09-18 13:25 86016] "SmartDefrag"="G:\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-01-09 10:46 3957760] "avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 06:00 79224] "iTunesHelper"="G:\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - G:\Microsoft Office PRO\Office10\OSA.EXE [2001-02-13 01:01:04 83360] Printkey2000.lnk - G:\Pictures\PrintKey2000\Printkey2000.exe [2008-02-18 01:14:19 869376] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) "NoResolveSearch"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{a5780613-492e-4a2a-a7fd-549610edf6cc}"= D:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL [2003-06-12 13:42 102400] [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=D:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 D:\Program Files\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-09-18 13:25 1519616 D:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCScheduleCheck] --a------ 2003-06-09 16:45 151552 D:\Program Files\VCOM\Recovery Commander\RCSCHED.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag] --a------ 2007-01-09 10:46 3957760 G:\IObit SmartDefrag\IObit SmartDefrag.exe R1 aiptektp;HyperPen;D:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02] R1 fwdrv;Tiny Personal Firewall Driver;D:\WINDOWS\system32\Drivers\fwdrv.sys [2001-10-22 17:54] R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;D:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-10-17 19:50] S3 utblfilt;utblfilt;D:\WINDOWS\system32\drivers\utblfilt.sys [2001-05-23 15:42] . Contents of the 'Scheduled Tasks' folder "2008-02-10 14:05:02 D:\WINDOWS\Tasks\Scheduled Checkpoint.job" - D:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE "2008-02-14 10:20:08 D:\WINDOWS\Tasks\RegCure.job" - G:\RegCure\RegCure.exe "2008-02-19 02:04:30 D:\WINDOWS\Tasks\SmartDefrag.job" - G:\IObit SmartDefrag\schedule.exe- "2008-02-19 02:04:28 D:\WINDOWS\Tasks\RegCure Program Check.job" - G:\RegCure\RegCure.exe "2008-02-15 05:45:24 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-18 19:03:43 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Bonjour\mDNSResponder.exe D:\WINDOWS\System32\nvsvc32.exe D:\Program Files\Tiny Personal Firewall\persfw.exe D:\WINDOWS\System32\HPZipm12.exe D:\WINDOWS\System32\wdfmgr.exe D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe . ************************************************************************** . Completion time: 2008-02-18 19:06:01 - machine was rebooted ComboFix3.txt 2008-02-18 18:29:08 ComboFix-quarantined-files.txt 2008-02-19 02:05:46 ComboFix2.txt 2008-02-18 22:03:06 . 2008-02-14 10:14:54 --- E O F ---