ComboFix 08-02-25.3 - Shari Becklund 2008-02-26 22:21:31.1 - NTFSx86 Running from: C:\Documents and Settings\Shari Becklund\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Shari Becklund\Application Data\macromedia\Flash Player\#SharedObjects\LBA5XYQP\www.broadcaster.com C:\Documents and Settings\Shari Becklund\Application Data\macromedia\Flash Player\#SharedObjects\LBA5XYQP\www.broadcaster.com\played_list.sol C:\Documents and Settings\Shari Becklund\Application Data\macromedia\Flash Player\#SharedObjects\LBA5XYQP\www.broadcaster.com\video_queue.sol C:\Documents and Settings\Shari Becklund\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Shari Becklund\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\WINDOWS\system32\bszip.dll . ((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))) . 2008-02-24 13:41 . 2008-02-24 13:51 d--h----- C:\WINDOWS\Icons 2008-02-23 17:24 . 2008-02-23 17:24 d-------- C:\Program Files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-27 04:20 --------- d-----w C:\Documents and Settings\Shari Becklund\Application Data\AVG7 2008-02-23 23:25 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2008-02-05 03:52 --------- d-----w C:\Program Files\Ciel 2008-01-24 03:49 --------- d-----w C:\Program Files\Dell Support Center 2008-01-24 03:49 --------- d-----w C:\Program Files\Common Files\supportsoft 2008-01-24 03:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft 2008-01-24 03:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell 2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll 2004-11-09 22:53 73,798 ----a-w C:\Documents and Settings\Shari Becklund\keygen.exe 2004-11-09 22:40 1,088,699 ----a-w C:\Documents and Settings\Shari Becklund\ftppc1_0.zip 2005-01-17 00:19 4,608 --sha-r C:\WINDOWS\system\DRIVER\cygcrypt-0.dll 2005-01-17 00:19 1,140,617 --sha-r C:\WINDOWS\system\DRIVER\cygwin1.dll 2005-01-28 18:30 1,478 --sha-r C:\WINDOWS\system\DRIVER\servicelogon.dll 2007-01-27 02:17 1,877 --sha-r C:\WINDOWS\system\DRIVER\servicesmgr.dll 2005-01-28 18:30 1,477 --sh--r C:\WINDOWS\system\DRIVER\svchostlogon.dll 2007-01-27 02:17 1,575 --sha-r C:\WINDOWS\system\DRIVER\winlogon.dll 2006-09-23 19:04 56 --sh--r C:\WINDOWS\system32\D0ED3681F4.sys 2006-09-23 19:04 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-02 23:42 401491] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 14:22 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 06:36 729178] "SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 23:19 393216 C:\WINDOWS\stsystra.exe] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 15:48 479232] "IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 10:59 124520] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 13:37 579072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 13:01 28160 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 18:17 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 20:56:10 40960] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-01-13 14:22:12 438272] Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{638547C2-2ABA-46F4-AE28-85FF6E83CB54}\_18be6784.exe [2006-01-13 11:24:07 25214] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"= "C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"= "C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Common Files\\AOL\\1141264949\\ee\\aolsoftware.exe"= "C:\\Program Files\\Common Files\\AOL\\1141264949\\ee\\aim6.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"= "C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= R1 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2005-07-05 22:52] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service [] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-10 05:00] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . Contents of the 'Scheduled Tasks' folder "2008-01-11 23:30:04 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-26 22:26:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-26 22:27:53 ComboFix-quarantined-files.txt 2008-02-27 04:27:36 . 2008-02-13 05:38:49 --- E O F ---