ComboFix text (Part 2).
((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.
2008-02-06 23:27 . 2008-02-06 23:27 <DIR> d-------- C:\_OTMoveIt
2008-02-06 22:27 . 2004-08-03 23:56 388,608 --a------ C:\kmd.exe
2008-02-04 18:35 . 2008-02-07 16:56 2,148 --a------ C:\WINDOWS\SYSTEM32\wpa.dbl
2008-02-04 17:57 . 2008-02-05 08:11 <DIR> d-------- C:\VundoFix Backups
2008-02-01 23:53 . 2008-02-01 23:53 2 --a------ C:\WINDOWS\msoffice.ini
2008-02-01 22:57 . 2008-02-01 22:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\5A595B5B6160
2008-01-31 22:23 . 2008-02-07 11:00 <DIR> d-------- C:\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-07 19:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-02 07:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 07:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-02 07:53 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-02 06:28 --------- d-----w C:\Program Files\Microsoft Works
2008-01-28 23:25 --------- d-----w C:\Documents and Settings\Irv\Application Data\Road Runner
2008-01-25 15:53 --------- d-----w C:\Program Files\Apple Software Update
2008-01-05 08:06 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-03 18:09 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-01-03 18:03 --------- d-----w C:\Program Files\Windows Live
2008-01-03 18:02 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-03 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr
2007-11-08 04:45 11,227,616 ----a-w C:\Program Files\setup-ya07mailt.exe
2007-09-14 22:55 7,028,144 ----a-w C:\Documents and Settings\Jay\medic6.exe
2007-08-21 15:18 7,028,144 ----a-w C:\Documents and Settings\Irv\medic6.exe
2006-09-17 18:47 316 ---ha-w C:\Documents and Settings\Irv\hpothb07.dat
2006-07-21 22:20 21,290,704 ----a-w C:\Program Files\AdbeRdr708_en_US.exe
2005-05-20 17:22 158 ---ha-w C:\Documents and Settings\Jay\hpothb07.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Temp ----
2008-02-07 11:41 420 --a------ C:\Temp\debug.txt
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Road Runner PhotoShow Media Manager"="C:\PROGRA~1\ROADRU~1\ROADRU~1\data\Xtras\mssysmgr.exe" [2006-01-06 17:56 245760]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05 143360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-05 11:40 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 23:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 23:44 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-05 22:04 114741]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-12 22:01 155648]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 07:27 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 16:47 204800]
"SBC Yahoo! Connection Manager"="C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe" [2003-07-14 11:55 1028096]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 11:30 98304]
"MEDIC"="C:\Program Files\MEDIC\bin\sprtcmd.exe" [2006-07-06 07:45 192512]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15 271672]
"medicsp2"="C:\Program Files\twc\medicsp2\bin\sprtcmd.exe" [2007-03-07 10:53 198184]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-10 10:07 185632]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 13:45 279912]
"09080A0A100F09"="020103030908.exe" []
C:\Documents and Settings\Jay\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-05-02 08:01:28 225280]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 01:12:18 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2005-10-22 08:34:55 118784]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-04-05 23:37:38 147456]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-28 12:09:10 54512]
R3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;C:\WINDOWS\system32\Drivers\nx6000.sys [2007-04-12 13:46]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-31 15:51:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-07 17:05:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-07 17:06:55
ComboFix-quarantined-files.txt 2008-02-08 01:06:40
ComboFix2.txt 2008-02-07 06:38:49
ComboFix3.txt 2008-02-06 07:30:58
ComboFix4.txt 2008-02-06 05:41:53
ComboFix5.txt 2008-02-05 04:32:07
.
2008-02-02 18:40:21 --- E O F ---