ComboFix 08-08-01.05 - Jesus 2008-08-02 16:30:03.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1691 [GMT -4:00] Running from: C:\Documents and Settings\Jesus\Desktop\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\Documents and Settings\Jesus\Application Data\macromedia\Flash Player\#SharedObjects\ESDERFE5\interclick.com C:\Documents and Settings\Jesus\Application Data\macromedia\Flash Player\#SharedObjects\ESDERFE5\interclick.com\ud.sol C:\Documents and Settings\Jesus\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Jesus\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Program Files\Internet Explorer\IEXPLORE32.jmp C:\Program Files\Internet Explorer\PLUGINS\Unixs32.Jmp C:\WINDOWS\system32\bbeeg.ini C:\WINDOWS\system32\bndfxdh.dll C:\WINDOWS\system32\ddccacef3_d.dll C:\WINDOWS\system32\gdipro.dll C:\WINDOWS\system32\ksuserfy.nls C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\srpcss.dll C:\WINDOWS\system32\sys07002.dll C:\WINDOWS\system32\syschk.exe . ((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 ))))))))))))))))))))))))))))))) . 2008-08-01 20:15 . 2008-08-01 20:15 331 --ah----- C:\IPH.PH 2008-07-31 16:53 . 2008-07-31 16:53 102 --a------ C:\emsf.bat 2008-07-07 13:47 . 2008-07-07 13:47 d-------- C:\Program Files\TuneUp Utilities 2008 2008-07-07 13:47 . 2008-07-07 13:47 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-07-07 13:47 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-07-07 10:50 . 2008-07-07 10:50 d-------- C:\Program Files\StreamingStar 2008-07-07 10:50 . 2008-07-07 10:50 d-------- C:\Program Files\Lavasoft 2008-07-07 10:50 . 2008-07-07 13:46 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-07 10:47 . 2008-07-07 10:47 d-------- C:\WINDOWS\system32\WinFox 2008-07-07 10:47 . 2008-07-07 10:47 d-------- C:\WINDOWS\system32\WinFast 2008-07-07 10:47 . 2008-07-07 10:47 d-------- C:\Program Files\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-01 05:45 --------- d-----w C:\Program Files\Bazooka Scanner 2008-07-31 20:42 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys 2008-07-07 14:50 --------- dc----w C:\Program Files\Common Files\WindowsLiveInstaller 2008-07-07 14:50 --------- d-----w C:\Documents and Settings\Jesus\Application Data\uTorrent 2008-07-07 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Saitek 2008-07-07 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-07-07 14:47 --------- d-----w C:\Program Files\tamasoftware 2008-07-07 14:47 --------- d-----w C:\Documents and Settings\Jesus\Application Data\U3 2008-07-07 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-07 14:46 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-07 14:46 --------- d-----w C:\Program Files\Absolute Poker 2008-07-07 14:33 --------- d-----w C:\Program Files\QuickTime 2008-07-07 14:33 --------- d-----w C:\Program Files\Apple Software Update 2008-06-29 03:32 --------- d-----w C:\Documents and Settings\Jesus\Application Data\dvdcss 2008-06-23 21:23 --------- d-----w C:\Program Files\Widestep Software 2008-06-23 19:30 --------- d-----w C:\Program Files\Windows Live 2008-06-23 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-22 01:44 --------- d-----w C:\Program Files\DC++ 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 18:37 --------- d-----w C:\Program Files\Saitek 2008-06-07 20:06 --------- d-----w C:\Program Files\Common Files\Apple 2004-07-22 14:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB 2004-07-20 02:58 1,156,363 ----a-w C:\Program Files\BDANT.cab 2004-07-20 02:53 976,020 ----a-w C:\Program Files\BDAXP.cab 2004-07-16 18:30 3,858 ----a-w C:\Program Files\directx redist.txt 2004-07-09 18:17 13,265,040 ----a-w C:\Program Files\dxnt.cab 2004-07-09 13:13 703,080 ----a-w C:\Program Files\BDA.cab 2004-07-09 13:13 15,493,481 ----a-w C:\Program Files\DirectX.cab 2004-07-09 08:08 472,576 ----a-w C:\Program Files\dxsetup.exe 2004-07-09 08:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll 2004-07-09 07:03 62,976 ----a-w C:\Program Files\DSETUP.dll 2007-04-16 15:52 6,144 --sha-w C:\WINDOWS\system32\ghjsw.dll 2007-04-16 15:52 6,144 --sha-w C:\WINDOWS\system32\zxdtye.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 10:10 131072] "ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 10:10 233472] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 16:50 86016] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29 40960] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50 4620288] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px] --a------ 2002-08-20 11:29 40960 C:\WINDOWS\system32\ezSP_Px.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2004-10-29 16:50 4620288 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ezShieldProtector for Px"=C:\WINDOWS\system32\ezSP_Px.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Opera 9\\Opera.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\DC++\\DCPlusPlus.exe"= "C:\\Silkroad\\SilkErrSender.exe"= "C:\\Silkroad\\ag\\nuConnector70.exe"= "C:\\Silkroad\\Silkroad.exe"= "C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"= R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56] R2 WUSB54GSSVC;WUSB54GSSVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GS.exe [] S3 SaiH80C1;SaiH80C1;C:\WINDOWS\system32\DRIVERS\SaiH80C1.sys [2007-10-05 10:19] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-07 13:47] S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 23:04] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c594d57-6061-11dc-8e27-a4c471764370}] \Shell\AutoRun\command - LinksysConnectPC.exe *Newly Created Service* - BEEP . Contents of the 'Scheduled Tasks' folder 2008-08-02 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-bndfxdh - C:\WINDOWS\system32\bndfxdh.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Jesus\Application Data\Mozilla\Firefox\Profiles\w8z3ldes.default\ ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . Completion time: 2008-08-02 16:53:08 - machine was rebooted [Jesus] ComboFix-quarantined-files.txt 2008-08-02 20:52:45 ComboFix2.txt 2007-09-12 03:28:35 Pre-Run: 100,727,504,896 bytes free Post-Run: 100,722,868,224 bytes free 149 --- E O F --- 2008-07-09 07:05:17