Tech Support Forum - View Single Post

simzlol · 10-09-2008, 05:29 PM

ComboFix 08-10-08.05 - Sims 2008-10-09 15:38:57.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.203 [GMT -7:00]Running from: C:\Documents and Settings\Sims\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sims\Desktop\CFScript.txt

FILE ::
C:\Documents and Settings\Sims\Microsoft_Office_2003_Generic_Crack.zip
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\dmpizwla
C:\Documents and Settings\Sims\Microsoft_Office_2003_Generic_Crack.zip
C:\Program Files\uqbjlwd
C:\WINDOWS\SYSTEM32\jilapmhc.exe
C:\WINDOWS\SYSTEM32\twlijozq.exe
C:\WINDOWS\SYSTEM32\wini104552502.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
.

2008-10-08 14:46 . 2008-10-08 14:46 <DIR> d-------- C:\rsit
2008-10-07 14:28 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\drivers\mbamswissarmy.sys
2008-10-07 14:28 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\drivers\mbam.sys
2008-10-05 18:10 . 2008-10-05 18:10 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-10-05 17:42 . 2008-10-05 17:45 160 --a------ C:\WINDOWS\FL20081005.box
2008-10-05 13:43 . 2008-04-13 11:45 26,112 --a------ C:\WINDOWS\SYSTEM32\drivers\usbser.sys
2008-10-05 13:43 . 2008-04-13 11:45 26,112 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\usbser.sys
2008-10-04 08:23 . 2008-10-04 09:28 320 --a------ C:\WINDOWS\FL20081004.box
2008-09-16 16:30 . 2008-09-16 16:30 0 --ah----- C:\WINDOWS\SYSTEM32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-09-16 16:30 . 2008-09-16 16:30 0 --ah----- C:\WINDOWS\SYSTEM32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-09-16 16:26 . 2008-09-16 16:26 0 --ah----- C:\WINDOWS\SYSTEM32\drivers\MsftWdf_user_01_07_00.Wdf
2008-09-16 16:11 . 2008-05-02 06:25 465,920 --------- C:\WINDOWS\SYSTEM32\imapi2fs.dll
2008-09-16 16:11 . 2008-05-02 06:25 465,920 -----c--- C:\WINDOWS\SYSTEM32\dllcache\imapi2fs.dll
2008-09-16 16:11 . 2008-05-02 06:25 317,952 --------- C:\WINDOWS\SYSTEM32\imapi2.dll
2008-09-16 16:11 . 2008-05-02 06:25 317,952 -----c--- C:\WINDOWS\SYSTEM32\dllcache\imapi2.dll
2008-09-16 16:11 . 2008-05-02 03:49 62,976 -----c--- C:\WINDOWS\SYSTEM32\dllcache\cdrom.sys
2008-09-14 17:24 . 2008-09-14 20:52 160 --a------ C:\WINDOWS\FL20080914.box
2008-09-13 20:23 . 2008-09-13 20:25 320 --a------ C:\WINDOWS\FL20080913.box
2008-09-12 18:48 . 2008-09-12 18:48 245,664 --a------ C:\WINDOWS\SYSTEM32\ZuneWlanCfgSvc.exe
2008-09-12 18:46 . 2008-09-12 18:46 61,856 --a------ C:\WINDOWS\SYSTEM32\ZuneBusEnum.exe
2008-09-12 18:32 . 2008-09-12 18:32 310,272 --a------ C:\WINDOWS\SYSTEM32\ZuneNetProxy.dll
2008-09-12 18:32 . 2008-09-12 18:32 57,344 --a------ C:\WINDOWS\SYSTEM32\ZuneRegUtil.dll
2008-09-12 18:32 . 2008-09-12 18:32 18,944 --a------ C:\WINDOWS\SYSTEM32\ZuneTcp2Udp.dll
2008-09-12 18:32 . 2008-09-12 18:32 12,800 --a------ C:\WINDOWS\SYSTEM32\ZunePTDNS.dll
2008-09-10 08:03 . 2008-09-10 12:09 800 --a------ C:\WINDOWS\FL20080910.box

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 21:55 --------- d-----w C:\Program Files\Steam
2008-10-07 21:28 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 09:34 --------- d-----w C:\Documents and Settings\Sims\Application Data\AVG7
2008-10-05 20:47 --------- d-----w C:\Program Files\Opera
2008-10-05 20:46 --------- d--h--w C:\Documents and Settings\Sims\Application Data\Move Networks
2008-10-05 20:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-05 20:41 --------- d-----w C:\Program Files\Java
2008-10-05 20:40 --------- d-----w C:\Program Files\Free WMA to MP3 Converter
2008-10-05 20:40 --------- d-----w C:\Program Files\Any Video Converter
2008-10-05 20:39 --------- d-----w C:\Documents and Settings\Sims\Application Data\Any Video Converter
2008-09-16 23:19 --------- d-----w C:\Program Files\Zune
2008-09-13 01:32 73,216 ----a-w C:\WINDOWS\SYSTEM32\ZuneUsbTransport.dll
2008-09-13 01:32 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2008-09-13 01:32 145,920 ----a-w C:\WINDOWS\SYSTEM32\ZuneMTPZ.dll
2008-09-06 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-09-06 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-27 23:19 581,192 ----a-w C:\WINDOWS\SYSTEM32\WinUSBCoInstaller.dll
2008-08-27 23:19 1,302,600 ----a-w C:\WINDOWS\SYSTEM32\WUDFUpdate_01007.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-16 19:16 43 -c--a-w C:\Documents and Settings\Sims\RUNME.bat
2006-12-23 22:30 25,600 -c--a-w C:\Documents and Settings\Sims\usbsermptxp.sys
2006-12-23 22:30 22,768 -c--a-w C:\Documents and Settings\Sims\usbsermpt.sys
2004-10-15 04:56 35 -c--a-w C:\Documents and Settings\Joseph\Application Data\tvmcwrd.dll
2003-08-12 22:02 19,456 -csha-w C:\Program Files\Thumbs.db
2004-11-16 02:59 56 --sh--r C:\WINDOWS\SYSTEM32\2288F381F7.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sims\RUNME.bat -- Not a PE file.
MD5: 50e50b21c2ca8b57ac81ee35b8175050

((((((((((((((((((((((((((((( snapshot_2008-10-08_21.08.51.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-06-11 20:34:34 2,115,816 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
- 2007-06-11 20:34:40 190,696 -c--a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2007-09-05 04:50:14 45,218 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2008-10-09 05:47:07 70,264 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="C:\Documents and Settings\Sims\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-11 133104]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-09-12 160160]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 C:\WINDOWS\SYSTEM32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-08 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe [2004-10-01 565309]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hanvon Shell.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hanvon Shell.lnk
backup=C:\WINDOWS\pss\Hanvon Shell.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=C:\WINDOWS\pss\Personal Coach.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sims^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Sims\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2001-12-17 11:18 483394 C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checktime]
-ra--c--- 2001-08-13 20:23 45056 c:\Program Files\HPSelect\frontend\ct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2001-08-08 00:36 90112 C:\WINDOWS\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp Silent Service]
--a------ 2001-11-29 20:49 32768 C:\WINDOWS\SYSTEM32\HpSrvUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--------- 1998-05-07 17:04 52736 c:\WINDOWS\SYSTEM\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2001-08-08 01:25 143360 C:\WINDOWS\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
--a------ 2002-08-19 09:12 98304 C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\ipmon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--------- 2001-07-06 21:56 61440 C:\hp\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--------- 2001-10-12 00:20 143360 C:\Program Files\mcafee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--------- 2001-10-12 00:20 122880 C:\Program Files\mcafee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 13:22 7700480 C:\WINDOWS\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 13:22 86016 C:\WINDOWS\SYSTEM32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2001-07-03 21:13 81920 C:\WINDOWS\SYSTEM32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--------- 2001-06-15 23:34 212992 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-08 14:55 1410296 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
--a------ 2004-01-12 20:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--------- 2001-10-12 18:41 135168 C:\Program Files\mcafee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 13:22 1622016 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PackethSvc"=2 (0x2)
"MCVSRte"=2 (0x2)
"McShield"=3 (0x3)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Freeview Pro\\FreeviewPro.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\steamapps\\rinil\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\rinil\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\rinil\\counter-strike source\\hl2.exe"=
"C:\\WINDOWS\\SYSTEM32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Documents and Settings\\Sims\\Desktop\\utorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4171:UDP"= 4171:UDP:Windows Media Format SDK (firefox.exe)
"4170:UDP"= 4170:UDP:Windows Media Format SDK (firefox.exe)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 hypen;Hy Pen;C:\WINDOWS\system32\Drivers\hypen.sys [2002-04-26 10548]
R2 HWSuperPowerTablet;HWSuperPowerTablet;C:\WINDOWS\system32\JWPEN.exe [2006-07-27 221184]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-09-12 61856]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944]
S3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-12-27 149244]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-09-12 245664]
S4 PackethSvc;Virtual NIC Service;C:\WINDOWS\System32\PackethSvc.exe [2001-08-09 64512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71cdf1b5-fea3-11dc-8528-001060b01ada}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-09 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Sims\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-11 19:39]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-googletalk - C:\Program Files\Google\Google Talk\googletalk.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 15:45:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-09 15:49:21
ComboFix-quarantined-files.txt 2008-10-09 22:48:42
ComboFix2.txt 2008-10-09 04:10:09
ComboFix3.txt 2008-05-02 22:22:14
ComboFix4.txt 2008-04-25 09:25:49

Pre-Run: 13,595,574,272 bytes free
Post-Run: 13,577,457,664 bytes free

244 --- E O F --- 2008-09-10 06:30:16

10-09-2008, 05:29 PM	#24 (permalink)
simzlol Registered User Join Date: Apr 2008 Posts: 30 OS: windows xp	Re: "windows secuirty alret" popup ComboFix 08-10-08.05 - Sims 2008-10-09 15:38:57.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.203 [GMT -7:00]Running from: C:\Documents and Settings\Sims\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Sims\Desktop\CFScript.txt FILE :: C:\Documents and Settings\Sims\Microsoft_Office_2003_Generic_Crack.zip . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\dmpizwla C:\Documents and Settings\Sims\Microsoft_Office_2003_Generic_Crack.zip C:\Program Files\uqbjlwd C:\WINDOWS\SYSTEM32\jilapmhc.exe C:\WINDOWS\SYSTEM32\twlijozq.exe C:\WINDOWS\SYSTEM32\wini104552502.exe . ((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 ))))))))))))))))))))))))))))))) . 2008-10-08 14:46 . 2008-10-08 14:46 <DIR> d-------- C:\rsit 2008-10-07 14:28 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\drivers\mbamswissarmy.sys 2008-10-07 14:28 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\drivers\mbam.sys 2008-10-05 18:10 . 2008-10-05 18:10 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-10-05 17:42 . 2008-10-05 17:45 160 --a------ C:\WINDOWS\FL20081005.box 2008-10-05 13:43 . 2008-04-13 11:45 26,112 --a------ C:\WINDOWS\SYSTEM32\drivers\usbser.sys 2008-10-05 13:43 . 2008-04-13 11:45 26,112 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\usbser.sys 2008-10-04 08:23 . 2008-10-04 09:28 320 --a------ C:\WINDOWS\FL20081004.box 2008-09-16 16:30 . 2008-09-16 16:30 0 --ah----- C:\WINDOWS\SYSTEM32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf 2008-09-16 16:30 . 2008-09-16 16:30 0 --ah----- C:\WINDOWS\SYSTEM32\drivers\Msft_Kernel_WinUSB_01007.Wdf 2008-09-16 16:26 . 2008-09-16 16:26 0 --ah----- C:\WINDOWS\SYSTEM32\drivers\MsftWdf_user_01_07_00.Wdf 2008-09-16 16:11 . 2008-05-02 06:25 465,920 --------- C:\WINDOWS\SYSTEM32\imapi2fs.dll 2008-09-16 16:11 . 2008-05-02 06:25 465,920 -----c--- C:\WINDOWS\SYSTEM32\dllcache\imapi2fs.dll 2008-09-16 16:11 . 2008-05-02 06:25 317,952 --------- C:\WINDOWS\SYSTEM32\imapi2.dll 2008-09-16 16:11 . 2008-05-02 06:25 317,952 -----c--- C:\WINDOWS\SYSTEM32\dllcache\imapi2.dll 2008-09-16 16:11 . 2008-05-02 03:49 62,976 -----c--- C:\WINDOWS\SYSTEM32\dllcache\cdrom.sys 2008-09-14 17:24 . 2008-09-14 20:52 160 --a------ C:\WINDOWS\FL20080914.box 2008-09-13 20:23 . 2008-09-13 20:25 320 --a------ C:\WINDOWS\FL20080913.box 2008-09-12 18:48 . 2008-09-12 18:48 245,664 --a------ C:\WINDOWS\SYSTEM32\ZuneWlanCfgSvc.exe 2008-09-12 18:46 . 2008-09-12 18:46 61,856 --a------ C:\WINDOWS\SYSTEM32\ZuneBusEnum.exe 2008-09-12 18:32 . 2008-09-12 18:32 310,272 --a------ C:\WINDOWS\SYSTEM32\ZuneNetProxy.dll 2008-09-12 18:32 . 2008-09-12 18:32 57,344 --a------ C:\WINDOWS\SYSTEM32\ZuneRegUtil.dll 2008-09-12 18:32 . 2008-09-12 18:32 18,944 --a------ C:\WINDOWS\SYSTEM32\ZuneTcp2Udp.dll 2008-09-12 18:32 . 2008-09-12 18:32 12,800 --a------ C:\WINDOWS\SYSTEM32\ZunePTDNS.dll 2008-09-10 08:03 . 2008-09-10 12:09 800 --a------ C:\WINDOWS\FL20080910.box . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-09 21:55 --------- d-----w C:\Program Files\Steam 2008-10-07 21:28 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-10-06 09:34 --------- d-----w C:\Documents and Settings\Sims\Application Data\AVG7 2008-10-05 20:47 --------- d-----w C:\Program Files\Opera 2008-10-05 20:46 --------- d--h--w C:\Documents and Settings\Sims\Application Data\Move Networks 2008-10-05 20:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-05 20:41 --------- d-----w C:\Program Files\Java 2008-10-05 20:40 --------- d-----w C:\Program Files\Free WMA to MP3 Converter 2008-10-05 20:40 --------- d-----w C:\Program Files\Any Video Converter 2008-10-05 20:39 --------- d-----w C:\Documents and Settings\Sims\Application Data\Any Video Converter 2008-09-16 23:19 --------- d-----w C:\Program Files\Zune 2008-09-13 01:32 73,216 ----a-w C:\WINDOWS\SYSTEM32\ZuneUsbTransport.dll 2008-09-13 01:32 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys 2008-09-13 01:32 145,920 ----a-w C:\WINDOWS\SYSTEM32\ZuneMTPZ.dll 2008-09-06 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar 2008-09-06 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-08-27 23:19 581,192 ----a-w C:\WINDOWS\SYSTEM32\WinUSBCoInstaller.dll 2008-08-27 23:19 1,302,600 ----a-w C:\WINDOWS\SYSTEM32\WUDFUpdate_01007.dll 2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll 2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll 2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll 2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll 2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll 2007-07-16 19:16 43 -c--a-w C:\Documents and Settings\Sims\RUNME.bat 2006-12-23 22:30 25,600 -c--a-w C:\Documents and Settings\Sims\usbsermptxp.sys 2006-12-23 22:30 22,768 -c--a-w C:\Documents and Settings\Sims\usbsermpt.sys 2004-10-15 04:56 35 -c--a-w C:\Documents and Settings\Joseph\Application Data\tvmcwrd.dll 2003-08-12 22:02 19,456 -csha-w C:\Program Files\Thumbs.db 2004-11-16 02:59 56 --sh--r C:\WINDOWS\SYSTEM32\2288F381F7.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Sims\RUNME.bat -- Not a PE file. MD5: 50e50b21c2ca8b57ac81ee35b8175050 ((((((((((((((((((((((((((((( snapshot_2008-10-08_21.08.51.34 ))))))))))))))))))))))))))))))))))))))))) . - 2007-06-11 20:34:34 2,115,816 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll + 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll - 2007-06-11 20:34:40 190,696 -c--a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe - 2007-09-05 04:50:14 45,218 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\uninstall_plugin.exe + 2008-10-09 05:47:07 70,264 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\uninstall_plugin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "Google Update"="C:\Documents and Settings\Sims\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-11 133104] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480] "Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-09-12 160160] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 C:\WINDOWS\SYSTEM32\nvmctray.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-08 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe [2004-10-01 565309] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.mpegacm"= mpegacm.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hanvon Shell.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hanvon Shell.lnk backup=C:\WINDOWS\pss\Hanvon Shell.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk backup=C:\WINDOWS\pss\Personal Coach.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Sims^Start Menu^Programs^Startup^Xfire.lnk] path=C:\Documents and Settings\Sims\Start Menu\Programs\Startup\Xfire.lnk backup=C:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD] --a------ 2001-12-17 11:18 483394 C:\Program Files\BroadJump\Client Foundation\CFD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checktime] -ra--c--- 2001-08-13 20:23 45056 c:\Program Files\HPSelect\frontend\ct.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 17:12 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2001-08-08 00:36 90112 C:\WINDOWS\SYSTEM32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp Silent Service] --a------ 2001-11-29 20:49 32768 C:\WINDOWS\SYSTEM32\HpSrvUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] --------- 1998-05-07 17:04 52736 c:\WINDOWS\SYSTEM\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2001-08-08 01:25 143360 C:\WINDOWS\SYSTEM32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01] --a------ 2002-08-19 09:12 98304 C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\ipmon32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --------- 2001-07-06 21:56 61440 C:\hp\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] --------- 2001-10-12 00:20 143360 C:\Program Files\mcafee.com\Agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] --------- 2001-10-12 00:20 122880 C:\Program Files\mcafee.com\Agent\mcupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-10-22 13:22 7700480 C:\WINDOWS\SYSTEM32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-10-22 13:22 86016 C:\WINDOWS\SYSTEM32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] --a------ 2001-07-03 21:13 81920 C:\WINDOWS\SYSTEM32\ps2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --------- 2001-06-15 23:34 212992 C:\WINDOWS\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-08 14:55 1410296 C:\Program Files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker] --a------ 2004-01-12 20:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] --------- 2001-10-12 18:41 135168 C:\Program Files\mcafee.com\VSO\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-10-22 13:22 1622016 C:\WINDOWS\SYSTEM32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PackethSvc"=2 (0x2) "MCVSRte"=2 (0x2) "McShield"=3 (0x3) "iPod Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Freeview Pro\\FreeviewPro.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Steam\\steamapps\\rinil\\counter-strike\\hl.exe"= "C:\\Program Files\\Steam\\steamapps\\rinil\\condition zero\\hl.exe"= "C:\\Program Files\\Steam\\steamapps\\rinil\\counter-strike source\\hl2.exe"= "C:\\WINDOWS\\SYSTEM32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "C:\\Documents and Settings\\Sims\\Desktop\\utorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Steam\\Steam.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4171:UDP"= 4171:UDP:Windows Media Format SDK (firefox.exe) "4170:UDP"= 4170:UDP:Windows Media Format SDK (firefox.exe) "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 hypen;Hy Pen;C:\WINDOWS\system32\Drivers\hypen.sys [2002-04-26 10548] R2 HWSuperPowerTablet;HWSuperPowerTablet;C:\WINDOWS\system32\JWPEN.exe [2006-07-27 221184] R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832] R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-09-12 61856] S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944] S3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-12-27 149244] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-09-12 245664] S4 PackethSvc;Virtual NIC Service;C:\WINDOWS\System32\PackethSvc.exe [2001-08-09 64512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71cdf1b5-fea3-11dc-8528-001060b01ada}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2008-10-09 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Sims\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-11 19:39] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe MSConfigStartUp-googletalk - C:\Program Files\Google\Google Talk\googletalk.exe ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-09 15:45:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-10-09 15:49:21 ComboFix-quarantined-files.txt 2008-10-09 22:48:42 ComboFix2.txt 2008-10-09 04:10:09 ComboFix3.txt 2008-05-02 22:22:14 ComboFix4.txt 2008-04-25 09:25:49 Pre-Run: 13,595,574,272 bytes free Post-Run: 13,577,457,664 bytes free 244 --- E O F --- 2008-09-10 06:30:16