ComboFix 08-02-22 - Mark 2008-02-21 18:29:06.1 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.748 [GMT -5:00] Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Mark\Application Data\macromedia\Flash Player\#SharedObjects\MZS9Z7KM\www.broadcaster.com C:\Documents and Settings\Mark\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Mark\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Documents and Settings\Robert\Application Data\macromedia\Flash Player\#SharedObjects\8G4YNUFD\www.broadcaster.com C:\Documents and Settings\Robert\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Robert\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol . ((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))) . 2008-02-22 18:41 . 2008-02-22 18:41 4,474 --a------ C:\WINDOWS\GATHER.KM 2008-02-21 18:03 . 2008-02-21 18:03 1,598,422 --a------ C:\ComboFix.exe 2008-02-21 09:50 . 2008-02-21 09:50 32,256 --a------ C:\WINDOWS\wndsk.dll 2008-02-21 09:33 . 2008-02-21 09:33 d-------- C:\Deckard 2008-02-21 09:18 . 2008-02-21 18:02 686,630 --a------ C:\dss.exe 2008-02-20 17:20 . 2008-02-21 17:19 d-------- C:\Program Files\Spyware Doctor 2008-02-20 17:20 . 2008-02-20 17:20 d-------- C:\Documents and Settings\Mark\Application Data\PC Tools 2008-02-20 17:20 . 2008-02-22 18:35 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-20 17:20 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-02-20 17:20 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-02-20 17:20 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-02-20 17:20 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-02-20 15:02 . 2004-08-03 22:59 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys 2008-02-20 15:02 . 2004-08-03 22:59 34,688 --a------ C:\WINDOWS\system32\dllcache\lbrtfdc.sys 2008-02-20 15:02 . 2001-08-17 13:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys 2008-02-20 15:02 . 2001-08-17 13:57 14,080 --a------ C:\WINDOWS\system32\dllcache\battc.sys 2008-02-20 15:02 . 2001-08-17 13:47 13,056 --a------ C:\WINDOWS\system32\drivers\inport.sys 2008-02-20 15:02 . 2001-08-17 13:47 13,056 --a------ C:\WINDOWS\system32\dllcache\inport.sys 2008-02-20 15:02 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys 2008-02-20 15:02 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\dllcache\changer.sys 2008-02-20 12:53 . 2008-02-20 12:53 d-------- C:\Documents and Settings\Mark\Application Data\Grisoft 2008-02-20 12:53 . 2008-02-20 12:53 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-20 12:53 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-14 17:02 . 2008-02-14 17:03 69,120 --a------ C:\WINDOWS\trashicon.exe 2008-02-14 17:02 . 2008-02-20 12:02 2,858 --a------ C:\WINDOWS\rules.dat 2008-02-09 16:03 . 2008-02-09 16:04 d-------- C:\Documents and Settings\Mark\Application Data\Move Networks 2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-27 19:18 . 2008-01-27 19:18 d-------- C:\Program Files\TVUPlayer 2008-01-27 19:18 . 2008-01-27 19:18 d-------- C:\Documents and Settings\Mark\Application Data\TVU networks 2008-01-27 19:18 . 2008-01-27 19:18 d-------- C:\Documents and Settings\All Users\Application Data\TVU networks 2008-01-27 12:40 . 2008-02-15 21:21 d-------- C:\Program Files\UFile 2007 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-20 18:53 --------- d-----w C:\Program Files\DIGStream 2008-02-20 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream 2008-02-20 17:54 --------- d-----w C:\Program Files\Xasjce 2008-02-17 17:23 --------- d-----w C:\Program Files\iTunes 2008-02-17 17:22 --------- d-----w C:\Program Files\iPod 2008-02-17 17:21 --------- d-----w C:\Program Files\QuickTime 2008-02-02 17:26 --------- d-----w C:\Program Files\Lexmark 2200 Series 2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-12-24 23:19 --------- d-----w C:\Program Files\LimeWire 2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-12-06 11:01 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-04-28 03:32 379 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb1942.dat 2007-04-28 03:19 177,152 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb5686.dat 2007-04-28 03:19 151 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb1381.dat 2007-04-28 03:19 13,046 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb2032.dat 2007-04-28 03:19 0 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb5768.dat 2007-04-28 00:07 382 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb1942.dat 2007-04-28 00:04 177,152 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb4827.dat 2007-04-28 00:04 151 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb3434.dat 2007-04-28 00:04 13,046 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb5436.dat 2007-04-28 00:04 0 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb4604.dat 2007-04-20 00:14 379 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb1942.dat 2007-04-20 00:13 177,152 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb3119.dat 2007-04-20 00:13 151 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb6385.dat 2007-04-20 00:13 13,046 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb563.dat 2007-04-20 00:13 0 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb4088.dat 2007-04-14 15:11 379 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb1942.dat 2007-04-14 15:06 177,152 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb1354.dat 2007-04-14 15:06 151 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb9227.dat 2007-04-14 15:06 13,046 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb8086.dat 2007-04-14 15:06 0 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb9707.dat 2006-12-01 00:15 177,152 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb1869.dat 2006-11-29 23:26 0 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb7126.dat 2006-11-29 23:26 0 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb2821.dat 2006-11-29 23:26 0 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb212.dat 2006-11-29 23:26 0 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb2053.dat 2006-11-23 15:41 0 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb2476.dat 2006-11-18 16:38 0 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb8178.dat 2006-11-18 04:55 0 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb2391.dat 2006-11-16 23:41 0 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb3430.dat 2006-11-16 23:41 0 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb2097.dat 2006-11-16 23:41 0 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb1013.dat 2006-11-16 04:54 0 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb153.dat 2006-11-15 22:00 0 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb2902.dat 2006-11-15 22:00 0 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb284.dat 2006-11-15 22:00 0 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb1615.dat 2006-11-13 02:48 0 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb3902.dat 2006-11-13 02:48 0 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb1538.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 17:42 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360] "ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-04-20 05:01 438272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 00:10 339968] "UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [2003-09-30 18:39 36864] "UC_SMB"="" [] "ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [2004-04-20 05:01 438272] "UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 04:01 110592] "IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2004-03-19 15:12 90112] "Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 17:08 57344 C:\WINDOWS\system32\ico.exe] "Hot Key Kbd Daemon"="SKDAEMON.EXE" [2004-03-29 19:02 40960 C:\WINDOWS\system32\SKDAEMON.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 02:21 176128] "HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-03-31 23:34 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 11:38 241664] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-04 17:17 491520] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-30 03:29 180269] "IBM Warranty Notification"="C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe" [2004-03-12 21:24 106496] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10 81990] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251] "Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [2002-12-09 14:35 208896] "DIGStream"="C:\Program Files\DIGStream\digstream.exe" [ ] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 15:21 28672] "hplampc"="C:\WINDOWS\system32\hplampc.exe" [2002-01-17 10:40 40448] "Jpjnk"="C:\Program Files\Xasjce\Wveqte.exe" [ ] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 17:20 866584] "Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 08:08 57344] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 15:33 294912] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2004-09-23 20:39] R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-05-01 22:16] R3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16:55] R3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 16:25] R3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys [2004-04-27 15:11] S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-05-01 22:16] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 15:11] S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 11:52] S3 hp4200c;%usbscan.SvcDesc%;C:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-18 10:09] . Contents of the 'Scheduled Tasks' folder "2007-11-14 03:23:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-22 23:43:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-02-02 03:24:08 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7700#MY4822J35YU1.job" - C:\Program Files\HP\hpcoretech\comp\hpdarc.exe$/#Hewlett-Packard#7700#MY4822J35YU1 "2008-02-21 18:42:01 C:\WINDOWS\Tasks\HP Usg Daily.job" - C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe "2008-02-22 23:37:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2005-01-24 22:11:21 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE "2008-02-22 23:42:38 C:\WINDOWS\Tasks\User_Feed_Synchronization-{763AB149-50BF-4C50-8599-78D3972D2FE1}.job" - C:\WINDOWS\system32\msfeedssync.exe "2008-02-21 16:58:00 C:\WINDOWS\Tasks\WebReg 20050128115829.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exeb/TaskName 20050128115829 /N . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-22 18:41:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\FSRremoS.EXE C:\WINDOWS\system32\Pelmiced.exe C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-02-22 18:46:16 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-22 23:45:56 . 2008-02-19 20:08:56 --- E O F ---