ComboFix 08-08-26.03 - Administrator 2008-08-27 2:35:50.13 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.759 [GMT -10:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\XD8EGDQE\bin.clearspring.com
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\XD8EGDQE\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\XD8EGDQE\interclick.com
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\XD8EGDQE\interclick.com\ud.sol
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\XD8EGDQE\static.youku.com
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\XD8EGDQE\static.youku.com\v1.0.0236\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\XD8EGDQE\static.youku.com\v1.0.0242\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\XD8EGDQE\www.broadcaster.com
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\Compaq_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
.
---- Previous Run -------
.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\WINDOWS\SW_Win2146X32.DLL
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.
2008-08-27 02:34 . 2008-08-27 02:35
d-------- C:\327882R2FWJFW
2008-08-27 02:10 . 2008-08-27 02:10 4,486 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-27 02:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-27 02:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-27 02:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-27 02:00 . 2008-08-26 20:19 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-27 02:00 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-27 02:00 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-27 02:00 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-27 02:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-27 02:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-27 02:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-27 00:15 . 2008-08-27 00:45 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-23 03:12 . 2008-08-24 00:53 d--h----- C:\$AVG8.VAULT$
2008-08-23 03:01 . 2008-08-23 03:01 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-23 03:01 . 2008-08-23 03:01 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-23 03:01 . 2008-08-23 03:01 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-23 03:00 . 2008-08-26 15:42 d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-23 03:00 . 2008-08-23 03:00 d-------- C:\Program Files\AVG
2008-08-23 03:00 . 2008-08-23 03:00 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-23 02:57 . 2008-08-23 02:57 d-------- C:\Program Files\COMODO
2008-08-23 02:57 . 2008-08-23 02:57 d-------- C:\Program Files\AskSBar
2008-08-23 02:57 . 2008-08-23 02:57 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Comodo
2008-08-23 02:57 . 2008-08-23 20:41 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-23 02:57 . 2008-08-23 02:57 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-08-23 02:57 . 2008-08-23 02:57 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-23 02:57 . 2008-08-23 02:57 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-23 02:57 . 2008-08-23 02:57 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-20 16:51 . 2008-08-20 16:51 d-------- C:\WINDOWS\ERUNT
2008-08-20 16:32 . 2008-08-18 22:49 d-------- C:\SDFix
2008-08-20 14:00 . 2008-08-20 14:00 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-20 14:00 . 2008-08-20 14:00 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2008-08-20 14:00 . 2008-08-20 14:00 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-20 14:00 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-20 14:00 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-20 13:09 . 2008-08-20 13:09 d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-20 13:09 . 2008-08-20 13:09 d-------- C:\Program Files\Adobe Media Player
2008-08-20 00:09 . 2008-08-20 00:09 d-------- C:\Program Files\Trend Micro
2008-08-15 16:51 . 2008-08-21 23:42 d-------- C:\Fraps
2008-08-07 10:54 . 2008-08-07 10:54 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-07 09:02 . 2008-08-07 09:02 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 12:41 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-08-24 08:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-23 12:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-20 22:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-16 06:28 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\LimeWire
2008-08-10 17:58 --------- d-----w C:\Program Files\PokerStars
2008-08-09 20:26 --------- d-----w C:\Program Files\UltimateBet
2008-08-07 20:54 --------- d--h--r C:\Documents and Settings\Compaq_Administrator\Application Data\yahoo!
2008-08-07 19:02 --------- d-----w C:\Program Files\Yahoo!
2008-08-07 18:34 --------- d-----w C:\Program Files\Java
2008-08-02 02:32 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Move Networks
2008-07-17 00:10 --------- d-----w C:\Program Files\World of Warcraft
2008-07-16 23:04 --------- d-----w C:\Program Files\mypoints
2008-07-16 07:52 --------- d-----w C:\Program Files\Softinterface, Inc
2008-07-07 07:22 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Xfire
2008-07-07 07:21 --------- d-s---w C:\Program Files\Xfire
2008-07-07 07:13 --------- d--h--w C:\Documents and Settings\Compaq_Administrator\Application Data\ijjigame
2008-07-05 09:51 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-07-05 09:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-05 09:44 --------- d-----w C:\Program Files\NHN USA
2008-07-05 09:19 --------- d-----w C:\Program Files\softnyx
2008-07-01 07:28 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\SecondLife
2008-06-07 09:24 691,545 ----a-w C:\WINDOWS\unins001.exe
2007-12-29 05:59 81,264 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-10-29 23:10 0 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 11:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 15:23 443968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
"I.R.I.S. Desktop Search"="C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.exe" [2006-01-11 03:37 5193512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-02-02 08:12 45056]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-08-23 02:57 278264]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-23 03:00 1232152]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-23 02:57 1655552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-09 11:00 53760 C:\WINDOWS\system32\narrator.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-09 11:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\sthirteenturbo\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Ubisoft\\Chessmaster 10th Edition\\game.exe"=
"C:\\Program Files\\Valve\\Steam\\steam.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader
"6882:TCP"= 6882:TCP:Blizzard Downloader
"6883:TCP"= 6883:TCP:Blizzard Downloader