ComboFix 08-04-01.2 - Crisp Beatz 2008-04-02 5:05:16.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1115 [GMT -8:00] Running from: E:\Documents and Settings\Crisp Beatz\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\WINDOWS\system32\gebyx.dll E:\WINDOWS\system32\mcrh.tmp E:\WINDOWS\system32\msvcsv60.dll E:\WINDOWS\system32\opnmnlk.dll E:\WINDOWS\system32\xybeg.ini E:\WINDOWS\system32\xybeg.ini2 . ((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))) . 2008-04-01 20:13 . 2008-04-01 20:15 d-------- E:\Program Files\Common Files\Ahead 2008-04-01 19:04 . 2008-04-01 19:04 d-------- E:\Program Files\M-Audio 2008-04-01 19:04 . 2006-08-16 09:23 86,016 --a------ E:\WINDOWS\system32\MA_CMIDN.DLL 2008-04-01 15:05 . 2008-04-01 15:05 d-------- E:\Documents and Settings\Crisp Beatz\Application Data\Ahead 2008-04-01 15:02 . 2008-04-01 15:02 d-------- E:\Program Files\Nero 2008-03-31 18:51 . 2008-02-22 02:33 69,632 --a------ E:\WINDOWS\system32\javacpl.cpl 2008-03-31 18:50 . 2008-03-31 18:51 d-------- E:\Program Files\Java 2008-03-31 18:50 . 2008-03-31 18:50 d-------- E:\Program Files\Common Files\Java 2008-03-31 05:51 . 2008-03-31 05:51 d--hs---- E:\WINDOWS\ftpcache 2008-03-31 05:50 . 2008-03-31 05:51 d-------- E:\Program Files\Diego`s Wolf Pup Rescue 2008-03-30 06:09 . 2008-03-30 06:09 d-------- E:\Program Files\Trend Micro 2008-03-29 20:34 . 2008-03-29 20:34 69 --a------ E:\WINDOWS\NeroDigital.ini 2008-03-27 07:43 . 2008-03-27 07:43 291,328 --a------ E:\WINDOWS\system32\gebyx.Vdll 2008-03-27 07:30 . 2008-03-27 07:30 1,181,022 --a------ E:\WINDOWS\system32\TmpA11162781 2008-03-27 05:27 . 2008-03-27 05:27 d---s---- E:\Documents and Settings\Crisp Beatz\UserData 2008-03-25 12:59 . 2008-03-25 12:59 d-------- E:\Program Files\WildGames 2008-03-25 12:59 . 2008-03-25 12:59 d-------- E:\Documents and Settings\All Users\Application Data\WildTangent 2008-03-25 12:18 . 2008-03-25 12:18 d-------- E:\Program Files\Coupons 2008-03-24 03:26 . 2008-03-24 03:26 d-------- E:\VundoFix Backups 2008-03-21 13:02 . 2008-03-21 13:02 53 --a------ E:\WINDOWS\WININIT.INI 2008-03-21 13:02 . 2008-03-21 13:02 0 --a------ E:\WINDOWS\SETUP32.INI 2008-03-17 17:34 . 2008-03-17 17:34 d-------- E:\Program Files\WinAVIVideoConverter 2008-03-17 07:18 . 2008-03-17 07:18 d-------- E:\WINDOWS\Cache 2008-03-17 07:18 . 2008-03-17 07:18 193,880 -rah----- E:\WINDOWS\system32\cpnprt2.cid 2008-03-15 15:03 . 2008-03-15 15:03 d-------- E:\Program Files\Flux 2008-03-15 14:45 . 2008-03-15 14:45 d-------- E:\Documents and Settings\All Users\Application Data\Yahoo! 2008-03-15 14:44 . 2008-03-15 14:44 d-------- E:\Program Files\Yahoo! 2008-03-14 18:00 . 2002-07-07 14:14 1,294,336 --a------ E:\WINDOWS\system32\vorbis.acm 2008-03-14 17:58 . 2008-03-17 17:40 d-------- E:\Program Files\Image-Line 2008-03-13 06:35 . 2008-03-13 06:35 d-------- E:\Documents and Settings\All Users\Application Data\LightScribe 2008-03-13 06:29 . 2008-03-17 21:31 d-------- E:\Program Files\Common Files\LightScribe 2008-03-13 06:24 . 2008-03-13 06:24 d-------- E:\Documents and Settings\All Users\Application Data\Ahead 2008-03-10 17:43 . 1999-11-10 11:05 86,016 --a------ E:\WINDOWS\unvise32qt.exe 2008-03-10 17:42 . 2008-03-10 17:42 d-------- E:\Program Files\The Rosetta Stone 2008-03-10 17:41 . 2008-03-10 17:41 d--h----- E:\WINDOWS\PIF 2008-03-10 13:28 . 2008-03-10 13:28 1,409 --a------ E:\WINDOWS\system32\tmp610F4.FOT 2008-03-10 13:28 . 2008-03-10 13:28 1,409 --a------ E:\WINDOWS\system32\tmp530F4.FOT 2008-03-10 06:53 . 2008-03-12 13:21 54,156 --ah----- E:\WINDOWS\QTFont.qfn 2008-03-10 06:53 . 2008-03-12 13:21 1,409 --a------ E:\WINDOWS\QTFont.for 2008-03-10 06:01 . 2008-03-10 14:14 d-------- E:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-09 21:43 . 2008-03-09 21:43 427 --a------ E:\WINDOWS\system32\QuickTimeFavorites.qtr 2008-03-09 21:42 . 2008-03-10 17:44 9,792 --a------ E:\WINDOWS\system32\QuickTime.qtp 2008-03-09 20:05 . 2008-03-09 20:05 1,409 --a------ E:\WINDOWS\system32\tmpBCCB4.FOT 2008-03-09 20:05 . 2008-03-09 20:05 1,409 --a------ E:\WINDOWS\system32\tmpAECB4.FOT 2008-03-09 19:26 . 2008-03-14 14:39 1,256 --a------ E:\WINDOWS\teachpno.ini 2008-03-09 19:26 . 2008-03-09 19:26 839 --a------ E:\WINDOWS\jamkeys.ini 2008-03-09 19:26 . 2008-03-09 19:26 310 --a------ E:\WINDOWS\ARCADE.INI 2008-03-09 19:26 . 2008-03-09 19:26 297 --a------ E:\WINDOWS\recorsta.ini 2008-03-09 19:26 . 2008-03-09 19:26 24 --a------ E:\WINDOWS\jam.ini 2008-03-09 19:25 . 2008-03-09 19:25 d-------- E:\Program Files\Voyetra 2008-03-09 12:09 . 2008-03-09 12:24 d-------- E:\Documents and Settings\Crisp Beatz\Application Data\Apple Computer 2008-03-09 12:03 . 2008-03-09 12:54 d----c--- E:\WINDOWS\system32\DRVSTORE 2008-03-09 11:42 . 2008-03-09 11:42 1,409 --a------ E:\WINDOWS\system32\tmpA71C5.FOT 2008-03-09 11:42 . 2008-03-09 11:42 1,409 --a------ E:\WINDOWS\system32\tmp991C5.FOT 2008-03-09 11:38 . 2008-03-09 11:38 d-------- E:\Documents and Settings\All Users\Application Data\QuickTime 2008-03-09 11:16 . 2008-03-09 11:16 d-------- E:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-03-05 22:22 . 2008-03-05 22:22 d-------- E:\Program Files\Recycle 2008-03-05 22:22 . 2004-02-07 01:48 331,263 --a------ E:\WINDOWS\LOOP.exe 2008-03-04 15:37 . 2008-03-04 15:37 d-------- E:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-03-03 05:32 . 2008-03-03 05:32 d-------- E:\Documents and Settings\Crisp Beatz\Application Data\Media Player Classic 2008-03-03 05:30 . 2008-03-03 05:30 d-------- E:\Program Files\K-Lite Codec Pack 2008-03-02 13:12 . 2008-03-02 13:12 d-------- E:\Documents and Settings\Crisp Beatz\Application Data\Hewlett-Packard 2008-03-02 13:10 . 2004-08-03 22:58 15,104 --a------ E:\WINDOWS\system32\drivers\usbscan.sys 2008-03-02 13:10 . 2004-08-03 22:58 15,104 --a--c--- E:\WINDOWS\system32\dllcache\usbscan.sys 2008-03-02 12:46 . 2008-03-02 12:46 d-------- E:\Program Files\Common Files\Hewlett-Packard 2008-03-02 12:44 . 2008-03-02 12:45 d-------- E:\Program Files\Hewlett-Packard 2008-03-02 12:42 . 2008-03-02 13:11 19,558 --a------ E:\WINDOWS\hpoins01.dat 2008-03-02 12:42 . 2003-04-22 10:24 16,606 --------- E:\WINDOWS\hpomdl01.dat 2008-03-02 12:41 . 2008-03-02 12:42 d-------- E:\temp\HP All-in-One Series Web Release 2008-03-02 12:41 . 2008-03-02 12:41 d-------- E:\temp 2008-03-02 12:05 . 2008-03-02 12:05 d-------- E:\Documents and Settings\All Users\Application Data\Trymedia 2008-03-02 10:37 . 2008-03-09 21:55 d-------- E:\Program Files\BFG 2008-03-02 06:43 . 2008-03-02 06:43 d-------- E:\Documents and Settings\Crisp Beatz\Application Data\Comodo 2008-03-02 06:43 . 2008-03-02 06:43 d-------- E:\Documents and Settings\All Users\Application Data\Comodo 2008-03-02 06:40 . 2008-03-05 21:40 d-------- E:\Program Files\Comodo 2008-03-02 06:39 . 2004-08-03 23:01 25,856 --a------ E:\WINDOWS\system32\drivers\usbprint.sys 2008-03-02 06:39 . 2004-08-03 23:01 25,856 --a--c--- E:\WINDOWS\system32\dllcache\usbprint.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-02 12:59 --------- d-----w E:\Documents and Settings\Crisp Beatz\Application Data\BitTorrent 2008-04-02 04:13 --------- d-----w E:\Documents and Settings\All Users\Application Data\Nero 2008-04-02 03:07 --------- d--h--w E:\Program Files\InstallShield Installation Information 2008-04-02 03:01 --------- d-----w E:\Program Files\M-Audio MA_CMIDI 2008-03-14 20:18 --------- d-----w E:\Program Files\Steinberg 2008-03-13 14:03 --------- d-----w E:\Program Files\Common Files\Adobe 2008-03-06 06:23 --------- d-----w E:\Documents and Settings\Crisp Beatz\Application Data\Propellerhead Software 2008-03-06 06:23 --------- d-----w E:\Documents and Settings\All Users\Application Data\Propellerhead Software 2008-03-02 15:10 --------- d-----w E:\Program Files\ESET 2008-03-02 04:57 --------- d-----w E:\Program Files\Kjaerhus Audio 2008-03-02 04:56 --------- d-----w E:\Program Files\VAZ Modular 2008-03-02 04:51 --------- d-----w E:\Program Files\URS Plugins 2008-03-02 04:06 36,864 ----a-w E:\WINDOWS\system32\awttrst.dll.vir 2008-03-02 04:05 --------- d-----w E:\Program Files\DNA 2008-03-02 04:01 --------- d-----w E:\Documents and Settings\Crisp Beatz\Application Data\DNA 2008-03-02 03:58 512,096 ----a-w E:\WINDOWS\system32\drivers\amon.sys 2008-03-02 03:58 298,104 ----a-w E:\WINDOWS\system32\imon.dll 2008-03-02 03:58 15,424 ----a-w E:\WINDOWS\system32\drivers\nod32drv.sys 2008-03-02 02:48 --------- d-----w E:\Documents and Settings\Crisp Beatz\Application Data\Steinberg 2008-03-01 22:47 --------- d-----w E:\Documents and Settings\Crisp Beatz\Application Data\Nero 2008-03-01 22:28 --------- d-----w E:\Program Files\KLC 2008-03-01 22:11 --------- d-----w E:\Program Files\Common Files\Nero 2008-03-01 21:42 --------- d-----w E:\Documents and Settings\Crisp Beatz\Application Data\Ableton 2008-03-01 21:37 --------- d-----w E:\Program Files\Syncrosoft 2008-03-01 21:28 --------- d-----w E:\Program Files\Native Instruments 2008-03-01 21:11 --------- d-----w E:\Program Files\Propellerhead 2008-03-01 21:08 --------- d-----w E:\Program Files\Creative 2008-03-01 20:59 --------- d-----w E:\Program Files\Common Files\InstallShield 2008-03-01 20:24 --------- d-----w E:\Program Files\MagicISO 2008-03-01 20:21 --------- d-----w E:\Program Files\microsoft frontpage 2008-03-01 20:14 --------- d-----w E:\Program Files\MagicDisc 2008-03-01 20:03 --------- d-----w E:\Program Files\Ableton 2008-03-01 19:29 --------- d-----w E:\Program Files\AAS 2008-03-01 19:29 --------- d-----w E:\Documents and Settings\Crisp Beatz\Application Data\Applied Acoustics Systems 2008-03-01 19:28 --------- d-----w E:\Program Files\MU Technologies 2008-03-01 19:08 --------- d-----w E:\Program Files\IK Multimedia 2008-03-01 19:08 --------- d-----w E:\Program Files\Common Files\DigiDesign 2008-03-01 19:08 --------- d-----w E:\Documents and Settings\Crisp Beatz\Application Data\InstallShield 2008-03-01 19:08 --------- d-----w E:\Documents and Settings\All Users\Application Data\IK Multimedia 2008-03-01 18:54 --------- d-----w E:\Program Files\Common Files\Adobe Systems Shared 2008-03-01 18:47 368,640 ------w E:\WINDOWS\system32\ReWire.dll 2008-03-01 18:47 233,472 ------w E:\WINDOWS\system32\REX Shared Library.dll 2008-03-01 18:39 --------- d-----w E:\Program Files\BitTorrent 2008-01-10 21:16 159,839 ----a-w E:\WINDOWS\system32\xvidvfw.dll 2008-01-10 21:15 755,027 ----a-w E:\WINDOWS\system32\xvidcore.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SB Audigy 2 Startup Menu"="E:\Program Files\Creative\SBAudigy2\Program\Startup Menu\Audigy.exe" [2002-09-23 01:08 2752822] "BitTorrent DNA"="E:\Program Files\DNA\btdna.exe" [ ] "LightScribe Control Panel"="E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [ ] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872] "Yahoo! Pager"="E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 03:00 33280 E:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2007-12-04 22:41 1626112 E:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 03:00 33280 E:\WINDOWS\system32\rundll32.exe] "CTSysVol"="E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 11:04 53248] "CTDVDDet"="E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-08-13 01:00 40960] "CTHelper"="CTHELPER.EXE" [2002-09-02 18:55 24576 E:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="E:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "CTStartup"="E:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2002-09-13 01:04 49152] "H2O"="E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 14:18 307200] "nod32kui"="E:\Program Files\Eset\nod32kui.exe" [2008-03-01 19:58 949376] "COMODO Firewall Pro"="E:\Program Files\Comodo\Firewall\CPF.exe" [2008-03-05 21:40 1115728] "Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] E:\Documents and Settings\Crisp Beatz\Start Menu\Programs\Startup\ Adobe Gamma.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664] MagicDisc.lnk - E:\Program Files\MagicDisc\MagicDisc.exe [2008-03-01 12:13:53 557568] E:\Documents and Settings\All Users\Start Menu\Programs\Startup\ hp psc 2000 Series.lnk - E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38 323646] hpoddt01.exe.lnk - E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "E:\\Program Files\\BitTorrent\\bittorrent.exe"= "E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "E:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= R3 CLEDX;Team H2O CLEDX service;E:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08] R3 ctgame;Game Port;E:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-08-04 23:51] S3 MA_CMIDI;%EVOL_USB.SvcDesc%;E:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 09:23] S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bb1007a-e77d-11dc-a4d6-806d6172696f}] \Shell\AutoRun\command - D:\setup.exe . Contents of the 'Scheduled Tasks' folder "2008-03-02 21:12:37 E:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1204492288.job" - E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-03-02 21:12:42 E:\WINDOWS\Tasks\WebReg 20080302131240.job" - E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exeS/TaskName 20080302131240 /N . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-02 05:09:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = "E:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run?2??wd??????w????????????????h?@?x??????wD??????sx??sEI??????y??w????@@@????|D@@?????>??w?????82?H??????|???|???????|L(?s?82??????/?s????????D???????????????????,????????????+?s@@@?D???`|?w??????@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . E:\WINDOWS\system32\CTsvcCDA.exe E:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe E:\Program Files\Eset\nod32krn.exe E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\wdfmgr.exe E:\WINDOWS\system32\MsPMSPSv.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe E:\WINDOWS\system32\wscntfy.exe E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe . ************************************************************************** . Completion time: 2008-04-02 5:11:19 - machine was rebooted [Crisp Beatz] ComboFix-quarantined-files.txt 2008-04-02 13:11:16 Pre-Run: 86,086,742,016 bytes free Post-Run: 93,555,937,280 bytes free