ComboFix 08-01-10.2 - Cherry Lynn 2008-01-11 21:00:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.257 [GMT 8:00]
Running from: C:\Documents and Settings\Cherry Lynn\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\dciman3.dll
C:\WINDOWS\system32\drivers\mtuxnmtf.dat
C:\WINDOWS\system32\nhatquanglan22.exe
C:\WINDOWS\system32\scvshosts.exe
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\test3.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CIIHYSIV
-------\ciihysiv
((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.
2008-01-11 20:59 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 20:52 . 2008-01-11 20:52 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-01-11 20:52 . 2008-01-11 20:52 162,176 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-01-11 20:45 . 2007-12-04 20:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-11 20:45 . 2007-12-04 22:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 20:45 . 2007-12-04 22:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-11 20:45 . 2007-12-04 22:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 20:45 . 2007-12-04 22:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 20:45 . 2007-12-04 22:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-11 20:44 . 2007-12-04 21:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-11 20:44 . 2004-01-09 17:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-11 20:40 . 2008-01-11 20:40 <DIR> d-------- C:\Program Files\MSgames
2008-01-11 19:42 . 2008-01-11 19:42 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-11 19:42 . 2008-01-11 19:42 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-01-11 19:42 . 2008-01-11 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-11 19:42 . 2008-01-11 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-11 19:42 . 2008-01-11 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-11 19:41 . 2008-01-11 19:41 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-01-11 19:41 . 2008-01-11 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-11 00:46 . 2008-01-11 20:52 <DIR> d-------- C:\Program Files\WinCustomize
2008-01-10 15:56 . 2003-01-01 00:07 50 --a------ C:\WINDOWS\system32\BRIDF04A.dat
2008-01-10 15:53 . 2008-01-11 20:37 <DIR> d-------- C:\Program Files\ScanSoft(2)
2008-01-10 15:53 . 2008-01-11 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-01-10 15:51 . 2008-01-10 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-01-07 20:34 . 2008-01-11 20:38 <DIR> d-------- C:\Documents and Settings\Cherry Lynn\Application Data\uTorrent
2008-01-03 22:01 . 2008-01-11 20:38 <DIR> d-------- C:\Program Files\Gravity(2)
2007-12-31 00:30 . 2007-12-31 00:30 <DIR> d-------- C:\Program Files\Stardock
2007-12-22 08:39 . 2008-01-11 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 08:10 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-19 09:10 . 2007-12-19 09:10 <DIR> d-------- C:\Program Files\e-Games
2007-12-19 07:41 . 2008-01-11 19:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2007-12-19 07:41 . 2008-01-11 19:42 <DIR> d-------- C:\Documents and Settings\Cherry Lynn\Application Data\Roxio
2007-12-19 07:40 . 2007-12-19 07:40 59 --a------ C:\WINDOWS\WININIT.INI
2007-12-19 07:39 . 2007-12-19 07:39 <DIR> d-------- C:\Program Files\Sonic
2007-12-19 07:38 . 2002-09-21 12:44 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-12-19 07:37 . 2007-12-19 07:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-12-19 07:30 . 2008-01-11 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2007-12-19 07:27 . 2007-12-19 07:39 <DIR> d-------- C:\Program Files\Roxio
2007-12-19 07:27 . 2008-01-11 19:40 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-12-13 18:20 . 2008-01-11 19:41 <DIR> d-------- C:\Program Files\CCleaner
2007-12-13 18:14 . 2007-12-13 18:14 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-12 18:17 . 2007-12-12 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 12:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-11 12:51 --------- d-----w C:\Program Files\LimeWire
2008-01-11 12:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 12:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-16 16:19 --------- d-----w C:\Program Files\Yahoo!
2007-12-12 01:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-12 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-08 08:10 --------- d-----w C:\Program Files\Java
2007-12-08 07:38 --------- d-----w C:\Program Files\NetGames
2007-12-06 04:10 --------- d-----w C:\Documents and Settings\Cherry Lynn\Application Data\Symantec
2007-11-30 12:13 --------- d-----w C:\Program Files\Common Files\L&H
2007-11-26 12:45 --------- d-----w C:\Documents and Settings\Cherry Lynn\Application Data\Orbit
2007-11-26 12:31 --------- d-----w C:\Documents and Settings\Cherry Lynn\Application Data\FMZilla
2007-11-05 14:29 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-11-04 11:23 558,142 ----a-w C:\WINDOWS\java\Packages\EK5J53XZ.ZIP
2007-11-04 11:23 155,995 ----a-w C:\WINDOWS\java\Packages\YS6Y06AR.ZIP
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08 1511453]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 18:41 13312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-29 16:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-10-29 16:50 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 20:39 69632 C:\WINDOWS\SOUNDMAN.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-20 07:53 1687552]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-20 07:29 163840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 21:00 79224]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\W700bus.sys [2007-11-04 19:57]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\W700mdfl.sys [2007-11-04 19:57]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\W700mdm.sys [2007-11-04 19:57]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\W700mgmt.sys [2007-11-04 19:57]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\W700obex.sys [2007-11-04 19:57]
*Newly Created Service* - ALG
*Newly Created Service* - BOOTSCREEN
*Newly Created Service* - IPNAT
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-11 21:04:25
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-11 21:05:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-11 13:05:53