ComboFix 08-06-10.1 - txboots 2008-06-10 23:05:11.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.112 [GMT -5:00]
Running from: C:\Documents and Settings\txboots\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.htm.bak
C:\Program Files\MyWebSearch\SrchAstt\1.bin\UNINSTAL.INF
C:\Program Files\MyWebSearch\SrchAstt\Cache\
00344F71
C:\Program Files\MyWebSearch\SrchAstt\Cache\files.ini
C:\WINDOWS\hosts
C:\WINDOWS\start.exe
C:\WINDOWS\Web\default.htt
.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.
2008-06-10 19:59 . 2008-06-09 14:25 <DIR> d-------- C:\SDFix
2008-06-09 23:30 . 2008-06-09 23:30 <DIR> d-------- C:\Deckard
2008-06-09 04:06 . 2008-06-09 04:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 20:58 . 2008-06-08 20:58 <DIR> d-------- C:\WINDOWS\Profiles\All Users\Application Data\Spybot - Search & Destroy
2008-06-08 20:58 . 2008-06-08 20:58 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-07 19:22 . 2008-06-07 19:22 126 --a------ C:\WINDOWS\SYSTEM32\mmc.exe.config
2008-05-31 20:39 . 2008-05-31 20:39 <DIR> d-------- C:\WINDOWS\Profiles\All Users\Application Data\TEMP
2008-05-31 20:34 . 2007-06-08 13:53 1,753,088 --a------ C:\WINDOWS\SYSTEM32\ExGrid.dll
2008-05-31 20:34 . 2007-04-03 16:51 614,400 --a------ C:\WINDOWS\SYSTEM32\ExButton.dll
2008-05-31 20:34 . 2007-06-05 10:20 602,112 --a------ C:\WINDOWS\SYSTEM32\ExMenu.dll
2008-05-31 20:34 . 2007-06-05 10:19 516,096 --a------ C:\WINDOWS\SYSTEM32\ExTab.dll
2008-05-31 20:34 . 2007-04-03 16:51 307,200 --a------ C:\WINDOWS\SYSTEM32\ExPMenu.dll
2008-05-31 20:33 . 2008-05-31 20:33 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2008-05-31 20:33 . 2008-05-31 20:33 <DIR> d-------- C:\Program Files\AnswersThatWork
2008-05-31 20:33 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\SYSTEM32\vbar332.dll
2008-05-31 20:33 . 2005-10-11 14:40 356,352 --a------ C:\WINDOWS\SYSTEM32\eSellerateEngine.dll
2008-05-31 20:33 . 2005-10-04 08:11 118,784 --a------ C:\WINDOWS\SYSTEM32\eWebControl.dll
2008-05-31 15:18 . 2008-05-31 15:18 335 --a------ C:\WINDOWS\mozregistry.dat
2008-05-29 18:06 . 2008-05-29 18:06 <DIR> d-------- C:\Program Files\Foxit Software
2008-05-28 18:17 . 2008-05-28 18:17 <DIR> d-------- C:\Program Files\WhatsRunning
2008-05-26 17:23 . 2008-05-26 17:23 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-05-23 11:11 . 2008-05-23 11:11 <DIR> d-------- C:\Documents and Settings\txboots\dwhelper
2008-05-23 10:27 . 2008-05-23 10:27 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-19 20:23 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\SYSTEM32\d3dx9_32.dll
2008-05-19 02:14 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\SYSTEM32\ltkrn13n.dll
2008-05-19 02:14 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\SYSTEM32\ltimg13n.dll
2008-05-19 02:14 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\SYSTEM32\lfcmp13n.dll
2008-05-19 02:14 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\SYSTEM32\ltdis13n.dll
2008-05-19 02:14 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\SYSTEM32\ltefx13n.dll
2008-05-19 02:14 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\SYSTEM32\ltfil13n.dll
2008-05-19 02:14 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\SYSTEM32\lfpng13n.dll
2008-05-19 02:14 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\SYSTEM32\lfgif13n.dll
2008-05-19 02:14 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\SYSTEM32\lfbmp13n.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 01:04 --------- d-----w C:\Documents and Settings\txboots\Application Data\W Photo Studio
2008-05-09 01:03 --------- d-----w C:\WINDOWS\Profiles\All Users\Application Data\Walgreens
2008-05-09 01:03 --------- d-----w C:\Program Files\Walgreens
2008-05-09 01:03 --------- d-----w C:\Program Files\Common Files\HP
2008-05-09 01:03 --------- d-----w C:\Documents and Settings\txboots\Application Data\Walgreens
2008-05-09 00:55 --------- d-----w C:\Documents and Settings\txboots\Application Data\W Photo Studio Viewer
2008-05-07 16:43 --------- d-----w C:\Documents and Settings\txboots\Application Data\Uniblue
2008-04-22 16:29 --------- d-----w C:\Documents and Settings\txboots\Application Data\BitDefender
2008-04-22 16:28 --------- d-----w C:\WINDOWS\Profiles\All Users\Application Data\BitDefender
2008-04-22 16:28 --------- d-----w C:\Program Files\BitDefender
2008-04-22 16:26 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-04-22 01:26 --------- d-----w C:\Program Files\Screen-Savers.com
2008-04-22 01:26 --------- d-----w C:\Program Files\Java
2008-04-04 06:19 743,621 ----a-w C:\WINDOWS\SYSTEM32\RPUpdates.zip
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\SYSTEM32\dllcache\msjint40.dll
2008-03-25 01:51 2,400,784 ----a-w C:\WLinstaller.exe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\dllcache\win32k.sys
2003-09-22 20:06 266 --sh--w C:\Program Files\desktop.ini
2003-09-22 20:06 11,079 ---h--w C:\Program Files\folder.htt
2001-05-24 17:59 162,304 ----a-w C:\Program Files\UNWISE.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2007-10-25 21:36 8454656 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [2001-08-23 12:00 3072 C:\WINDOWS\SYSTEM32\systray.exe]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-09 10:13 360448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.uyvy"= lvcod32.dll
"vidc.yuy2"= lvcod32.dll
"vidc.yvu9"= lvcod32.dll
"VIDC.VDOM"= vdowave.drv
"vidc.mxmc"= MimicICM.DLL
"VIDC.TR20"= tr2032.dll
"msacm.voxacm119"= vdk32119.acm
"vidc.vivo"= ivvideo.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXSHOW95.EXE]
--a------ 2001-09-07 17:18 45056 C:\WINDOWS\SYSTEM32\exshow95.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]
wjview /cp:p C:\Program Files\WebSavingsfromEbates\System\Code Main lp: C:\Program Files\WebSavingsfromEbates
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe"
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ScanRegistry"=c:\windows\scanregw.exe /autorun
"CPQEASYACC"=C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
"EACLEAN"=C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
"Service Connection"=c:\cpqs\bwtools\sccenter.exe
"CountrySelection"=pctptt.exe
"CPQInet"=c:\compaq\CPQInet\CpqInet.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"Digital Dashboard"=C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
"LoadQM"=loadqm.exe
"QuickTime Task"=C:\WINDOWS\SYSTEM32\qttask.exe
"ausvc"=C:\WINDOWS\ausvc.exe
"SysScan"=C:\WINDOWS\bvt.exe
"ABsr"=C:\WINDOWS\absr.exe
"MovieNetworks"="C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
"WebInstall2"=C:\WINDOWS\TEMP\INS93B4.TMP /R /A
"Hotbar"=C:\PROGRAM FILES\HOTBAR\BIN\4.2.8.0\HBINST.EXE /Upgrade
"DXM6Patch_981116"=C:\WINDOWS\p_981116.exe /Q:A
"LVComs"=C:\WINDOWS\SYSTEM32\LVComS.exe
"KAZAA"=C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
"Mouse Suite 98 Daemon"=PELMICED.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"PTSNOOP"=ptsnoop.exe
"LexStart"=Lexstart.exe
"LexmarkPrinTray"=PrinTray.exe
"CountrySelection"=pctptt.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"SchedulingAgent"=mstask.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"Hidserv"=Hidserv.exe run
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
S3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys [2001-09-07 18:10]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser]
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exeadvpack.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-10 23:10:48
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-10 23:12:45
ComboFix-quarantined-files.txt 2008-06-11 04:12:34
Pre-Run: 5,029,740,544 bytes free
Post-Run: 5,029,666,816 bytes free
206 --- E O F --- 2008-05-28 03:31:57