ComboFix 08-09-24.11 - Ange 2008-09-26 20:09:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.125 [GMT -4:00]
Running from: C:\Documents and Settings\Ange\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ange\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\drivers\Cyber02Hide.Sys
C:\WINDOWS\system32\drivers\Cyber02Hide.sys
C:\WINDOWS\system32\drivers\klfga.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\Cyber02Hide.Sys
C:\WINDOWS\system32\drivers\klfga.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CYBER02HIDE
-------\Legacy_KLFGA
-------\Service_Cyber02Hide
-------\Service_klfga
((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 )))))))))))))))))))))))))))))))
.
2008-09-26 15:35 . 2008-09-26 15:43
d-------- C:\HaxFix
2008-09-26 15:35 . 2008-09-26 15:35 484,942 --a------ C:\HaxFix.exe
2008-09-21 20:40 . 2008-09-21 20:40 d-------- C:\WINDOWS\system32\Service
2008-09-20 14:29 . 2008-09-20 14:29 d-------- C:\Documents and Settings\Stevo\Application Data\Malwarebytes
2008-09-18 16:04 . 2008-09-18 16:04 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 16:04 . 2008-09-18 16:04 d-------- C:\Documents and Settings\Ange\Application Data\Malwarebytes
2008-09-18 16:04 . 2008-09-18 16:04 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-18 16:04 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-18 16:04 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-18 16:03 . 2008-09-18 16:03 d-------- C:\Program Files\Common Files\Download Manager
2008-09-18 14:23 . 2008-09-18 14:23 d-------- C:\Program Files\Lavasoft
2008-09-18 14:23 . 2008-09-18 14:27 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-11 20:22 . 2008-09-11 20:09 144,912 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-11 20:22 . 2008-09-11 20:09 50,192 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-09-11 20:22 . 2008-09-11 20:09 49,680 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-09-11 20:13 . 2007-08-22 10:16 46,456 -ra------ C:\WINDOWS\system32\exitwx.exe
2008-09-11 20:13 . 2008-09-11 20:13 619 --a------ C:\moffice.lnk
2008-09-11 20:09 . 2008-09-11 20:09 1,195,448 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2008-09-11 20:09 . 2008-09-11 20:09 661,808 --a------ C:\WINDOWS\system32\UfWSC.cpl
2008-09-11 20:09 . 2008-09-11 20:09 334,352 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2008-09-11 20:09 . 2008-09-11 20:09 205,328 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-09-11 20:09 . 2008-09-11 20:09 80,400 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2008-09-11 20:09 . 2008-09-11 20:09 36,368 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-09-11 20:07 . 2008-09-11 20:19 d-------- C:\WINDOWS\SxsCaPendDel
2008-09-11 17:43 . 2008-09-11 19:52 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-11 17:40 . 2008-09-11 17:40 d-------- C:\Program Files\Common Files\iS3
2008-09-11 17:40 . 2008-09-11 20:06 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-11 12:35 . 2008-09-11 12:53 16,384 --a------ C:\WINDOWS\DCEBoot.exe
2008-09-11 09:55 . 2008-09-11 11:49 d-------- C:\Documents and Settings\Ange\.housecall6.6
2008-09-10 21:50 . 2008-09-25 08:34 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-09-10 21:26 . 2008-09-10 21:26 d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-09-10 20:11 . 2008-09-18 16:49 d-------- C:\WINDOWS\system32\inf
2008-09-07 21:23 . 2008-09-07 21:23 d-------- C:\Program Files\My Company Name
2008-08-30 15:51 . 2008-09-26 20:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-30 15:51 . 2008-08-30 15:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-29 21:33 . 2008-08-29 22:12 d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 00:21 --------- d-----w C:\Program Files\lg_fwupdate
2008-09-18 21:02 --------- d-----w C:\Program Files\Trend Micro
2008-09-06 01:49 --------- d-----w C:\Program Files\Sonic
2008-08-03 02:34 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-31 01:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 01:03 --------- d-----w C:\Program Files\Shoppers Hotline
2008-05-31 03:46 64,640 ----a-w C:\Documents and Settings\Ange\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-09-25_ 9.24.11.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 11:00:00 50,688 ----a-w C:\WINDOWS\system32\smss.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-08-01 610304]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-12-12 26112]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-06-07 249856]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-11 970808]
"SigmatelSysTrayApp"="stsystra.exe" [2005-08-24 C:\WINDOWS\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-09-11 497008]
C:\Documents and Settings\Ange\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-25 344064]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-12 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-10-22 806912]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 20:21:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-09-26 20:28:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-27 00:27:49
ComboFix2.txt 2008-09-25 13:25:06
Pre-Run: 9,813,372,928 bytes free
Post-Run: 10,027,962,368 bytes free
174 --- E O F --- 2008-09-10 19:43:03