This topic is locked
ComboFix 08-04-22.1 - RY 2008-04-23 17:37:33.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.253 [GMT -4:00]
Running from: C:\Documents and Settings\RY\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\RY\Desktop\CFScript.txt.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.
2008-04-22 18:41 . 2008-04-22 18:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 18:41 . 2008-04-22 18:41 <DIR> d-------- C:\Documents and Settings\RY\Application Data\Malwarebytes
2008-04-22 18:41 . 2008-04-22 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-15 18:26 . 2008-04-15 21:53 <DIR> d-------- C:\fixwareout
2008-04-14 22:25 . 2008-04-14 22:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-14 22:25 . 2008-04-14 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 02:11 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-16 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-15 03:22 --------- d-----w C:\Program Files\Easy Internet signup
2008-03-10 22:48 --------- d-----w C:\Documents and Settings\RY\Application Data\Move Networks
2007-06-29 22:37 92,064 ----a-w C:\Documents and Settings\RY\mqdmmdm.sys
2007-06-29 22:37 9,232 ----a-w C:\Documents and Settings\RY\mqdmmdfl.sys
2007-06-29 22:37 79,328 ----a-w C:\Documents and Settings\RY\mqdmserd.sys
2007-06-29 22:37 66,656 ----a-w C:\Documents and Settings\RY\mqdmbus.sys
2007-06-29 22:37 6,208 ----a-w C:\Documents and Settings\RY\mqdmcmnt.sys
2007-06-29 22:37 5,936 ----a-w C:\Documents and Settings\RY\mqdmwhnt.sys
2007-06-29 22:37 4,048 ----a-w C:\Documents and Settings\RY\mqdmcr.sys
2007-06-29 22:37 25,600 ----a-w C:\Documents and Settings\RY\usbsermptxp.sys
2007-06-29 22:37 22,768 ----a-w C:\Documents and Settings\RY\usbsermpt.sys
2006-10-09 17:03 0 ----a-w C:\Documents and Settings\RY\Application Data\wklnhst.dat
2006-03-22 05:10 15,487,432 ----a-w C:\Program Files\DivXPlay.exe
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-04-22_21.40.29.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-23 01:36:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 21:40:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 21:04 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 06:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 06:32 126976]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 12:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 11:27 860160]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 06:12 88209 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 12:38 159744]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 13:59 794624]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 19:04 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-02 03:01 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 16:54 253952]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 16:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-03-29 17:45 233534]
"ChangeResolution"="C:\hp\bin\ChangeResolution.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Motorola\\UID Extraction Tool\\UIDExtraction.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunesHelper.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S2 OracleXETNSListener;OracleXETNSListener;C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-02 00:49]
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 17:50]
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-04-14 00:07]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4632a7e-d34a-11db-9b23-001500369210}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-04-23 21:44:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 17:41:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?8?4?9??????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-04-23 17:44:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-23 21:44:31
ComboFix2.txt 2008-04-23 02:32:12
ComboFix3.txt 2008-04-23 01:41:01
Pre-Run: 32,212,074,496 bytes free
Post-Run: 32,242,454,528 bytes free
132 --- E O F --- 2008-04-16 10:27:32
Sign In
Create Account
