after I thought about it,, it only made sense to unzip it..
ComboFix 08-05-09.1 - Sidera 2008-05-12 21:54:36.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1455 [GMT -5:00]
Running from: C:\Documents and Settings\Sidera\Desktop\ComboFix\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sidera\Desktop\ComboFix\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.
2008-05-04 16:53 . 2008-05-04 16:55 <DIR> d-------- C:\sUBs
2008-05-04 11:54 . 2008-05-04 11:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 11:54 . 2008-05-04 11:54 <DIR> d-------- C:\Documents and Settings\Sidera\Application Data\Malwarebytes
2008-05-04 11:54 . 2008-05-04 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-29 21:02 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-29 21:02 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-29 21:02 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-29 21:02 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-29 21:02 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-29 21:02 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-29 21:02 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-29 17:20 . 2008-04-29 17:20 <DIR> d-------- C:\PSFONTS
2008-04-27 13:28 . 2008-04-27 13:28 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-23 21:42 . 2008-04-24 06:56 <DIR> d-------- C:\Documents and Settings\Sidera\Application Data\AVG7
2008-04-23 21:42 . 2008-04-23 21:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-23 21:42 . 2008-04-24 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-22 18:12 . 2008-04-29 17:10 <DIR> d-------- C:\Program Files\Amazon
2008-04-22 07:34 . 2008-04-22 07:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-22 07:31 . 2008-04-22 07:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-21 07:27 . 2008-04-21 07:28 <DIR> d-------- C:\Documents and Settings\Sidera\Application Data\Smart PC Solutions
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-29 03:23 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-22 12:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-07 02:15 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-04 11:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-04 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-03 02:30 --------- d-----w C:\Program Files\Google
2008-04-03 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-03 00:34 --------- d-----w C:\Program Files\Lavasoft
2008-04-03 00:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 17:20 --------- d-----w C:\Documents and Settings\Sidera\Application Data\Apple Computer
2008-04-02 11:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-01 18:10 1,404 ----a-w C:\Documents and Settings\Sidera\Application Data\wklnhst.dat
2008-03-23 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-03-21 19:59 --------- d-----w C:\Documents and Settings\Sidera\Application Data\Yahoo!
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 16:24 61,440 ----a-w C:\WINDOWS\uninstall.exe
2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-11_12.05.26.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 16:40:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 01:37:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-23 11:12 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-23 11:12 86016]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-22 18:26 360448]
"HostManager"="C:\Program Files\Common Files\AOL\1208867628\ee\AOLSoftware.exe" [2007-10-08 16:50 41824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 04:00 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\Sidera\Start Menu\Programs\Startup\
News 7 Live Online.lnk - C:\Program Files\News 7 Live Online\liveonline_3102360.exe [2008-02-16 11:24:56 454656]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-06-22 13:02:55 24576]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 23:56:14 282624]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Sidera^Start Menu^Programs^Startup^IMVU.lnk]
path=C:\Documents and Settings\Sidera\Start Menu\Programs\Startup\IMVU.lnk
backup=C:\WINDOWS\pss\IMVU.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\AdwareAlert.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2004-04-07 11:07 496752 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 20:57 395776 C:\Program Files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 04:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 02:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 15:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 15:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-23 11:12 1617920 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 23:48:04 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-12 21:56:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-12 21:56:47
ComboFix-quarantined-files.txt 2008-05-13 02:56:30
ComboFix2.txt 2008-05-12 13:26:02
ComboFix3.txt 2008-05-12 13:17:59
ComboFix4.txt 2008-05-11 17:05:36
Pre-Run: 231,645,782,016 bytes free
Post-Run: 231,641,374,720 bytes free
159 --- E O F --- 2008-04-09 03:13:24
This topic is locked
Sign In
Create Account
