ComboFix 08-03-20.5 - KC LADY BOSS 2008-03-21 1:26:31.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.182 [GMT -5:00]
Running from: C:\Documents and Settings\KC LADY BOSS\My Documents\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.
2008-03-19 02:30 . 2008-03-19 02:36 <DIR> d-------- C:\Documents and Settings\cassandra\Application Data\Creative
2008-03-19 02:13 . 1999-10-10 20:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-03-19 02:04 . 2008-03-19 02:25 <DIR> d-------- C:\Documents and Settings\KC LADY BOSS\Application Data\Creative
2008-03-19 01:50 . 1999-12-12 20:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-03-19 01:50 . 1999-11-17 20:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-03-19 01:50 . 2003-03-04 23:19 15,840 --------- C:\WINDOWS\system32\PFMODNT.SYS
2008-03-19 01:38 . 2008-03-19 02:16 <DIR> d-------- C:\Program Files\Creative
2008-03-12 15:57 . 2008-03-12 15:57 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Avanquest
2008-03-12 15:55 . 2005-07-14 20:34 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Jasc Software Inc
2008-03-12 15:55 . 2007-08-09 05:05 <DIR> d--h----- C:\Documents and Settings\Guest\Application Data\Gtek
2008-03-12 15:54 . 2005-07-14 20:43 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Symantec
2008-03-11 18:05 . 2008-03-11 18:05 129 --a------ C:\Shortcut to CD Drive.lnk
2008-03-11 15:50 . 2008-03-11 15:50 <DIR> d-------- C:\Documents and Settings\cassandra\Application Data\Avanquest
2008-03-11 02:08 . 2008-03-11 02:08 <DIR> d-------- C:\WINDOWS\system32\Application Data
2008-03-11 02:08 . 2008-03-11 02:08 <DIR> d-------- C:\Documents and Settings\LocalService\Avanquest
2008-03-11 02:08 . 2008-03-11 02:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Fix-It
2008-03-11 02:08 . 2008-03-11 02:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-03-11 02:08 . 2008-03-11 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-11 02:06 . 2008-03-11 02:06 <DIR> dr-hs---- C:\_Backup.RC
2008-03-11 02:06 . 2008-03-14 01:04 <DIR> d--h----- C:\_Backup
2008-03-11 02:04 . 2008-03-11 02:04 <DIR> d-------- C:\Documents and Settings\KC LADY BOSS\Application Data\Avanquest
2008-03-11 02:02 . 2008-03-11 02:02 <DIR> d-------- C:\Program Files\Avanquest
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 06:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-20 08:20 --------- d-----w C:\Program Files\LimeWire
2008-03-20 04:29 --------- d-----w C:\Program Files\Incomplete
2008-03-19 07:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 07:41 13,312 --s-a-w C:\WINDOWS\system32\jdxah.dll
2008-03-11 07:41 --------- d-----w C:\Program Files\Java
2008-03-11 07:27 --------- d-----w C:\Program Files\RXToolBar
2008-03-10 03:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-05 09:03 --------- d-----w C:\Program Files\DivX
2008-02-09 23:20 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-09 23:19 259,336 ----a-w C:\Documents and Settings\Administrator\Application Data\setup_en[1].exe
2008-02-09 11:04 6,686 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-09 11:04 --------- d-----w C:\Documents and Settings\cassandra\Application Data\Corel
2008-01-28 01:36 --------- d-----w C:\Documents and Settings\KC LADY BOSS\Application Data\Corel
2008-01-28 01:35 --------- d-----w C:\Documents and Settings\KC LADY BOSS\Application Data\CVS
2008-01-26 12:27 --------- d-----w C:\Program Files\CVS
2008-01-26 12:27 --------- d-----w C:\Program Files\Common Files\Corel
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-30 12:05 662,753 -csha-w C:\WINDOWS\system32\qtutv.tmp
2007-11-10 02:33 16 -c-ha-w C:\Program Files\mxfilerelatedcache.mxc2
2006-12-03 01:05 2,522 -c--a-w C:\Program Files\func.js
2006-11-25 07:57 482 -c--a-w C:\Program Files\Del.js
2006-10-17 07:10 56 -csh--r C:\WINDOWS\system32\0A293DABF7.sys
2007-03-24 03:15 88 -csh--r C:\WINDOWS\system32\F7AB3D290A.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E6C470B-F5DE-4F45-B1D5-B44F23A27BBA}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CFEA9D4-55D3-4B60-A971-6116D30A1F01}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCA3FB6D-15DA-1829-DE2A-30E6798E5B90}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f79fd28e-36ee-4989-aa61-9dd8e30a82fa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe" [2003-02-20 10:30 126976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe" [2007-09-01 06:58 173312]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [1999-10-10 20:00 41984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 03:48 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-06-15 02:27:05 7168]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-10-03 14:56:10 54512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\snzjrkcm]
snzjrkcm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSControlService"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\system32\\winav.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2005-10-26 01:19]
R2 Fix-It Task Manager;Fix-It Task Manager;C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe [2007-09-01 06:58]
R3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys [2007-09-01 06:58]
S3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2005-10-26 00:12]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 KLSIENET;Driver for USB Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\usb101et.sys [2004-08-03 22:31]
S3 MBX2DFU;MBX2DFU;C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys [2005-10-26 02:21]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\WINDOWS\system32\drivers\mbx2midk.sys [2005-10-26 02:21]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 13:07:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-03-20 10:09:00 C:\WINDOWS\Tasks\Registry Cleaner.job"
- C:\PROGRA~1\REGIST~1\RegClean.exe
"2008-03-20 13:08:00 C:\WINDOWS\Tasks\System Restore.job"
- C:\WINDOWS\system32\Restore\rstrui.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 01:30:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-21 1:31:53
ComboFix-quarantined-files.txt 2008-03-21 06:31:24
ComboFix2.txt 2008-03-21 06:08:57
ComboFix3.txt 2008-03-21 06:00:38
.
2008-03-21 00:27:01 --- E O F ---