ComboFix 08-06-12.2 - Andrew 2008-06-13 18:14:21.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.172 [GMT -5:00] Running from: C:\Documents and Settings\Andrew\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Fonts\CALIBRIB.TTF C:\WINDOWS\ORUN32.EXE C:\WINDOWS\system32\CMMGR32.EXE C:\WINDOWS\system32\drivers\fad.sys C:\WINDOWS\SYSTEM32\qrqss.bak1 C:\WINDOWS\SYSTEM32\qrqss.bak2 C:\WINDOWS\SYSTEM32\qrqss.ini C:\WINDOWS\SYSTEM32\qrqss.ini2 . ((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 ))))))))))))))))))))))))))))))) . 2008-07-13 12:35 . 2008-07-13 12:35 d-------- C:\_OTMoveIt 2008-07-13 10:54 . 2008-07-13 10:54 d-------- C:\Deckard 2008-07-09 18:41 . 2008-07-09 18:41 d-------- C:\Program Files\Trend Micro 2008-06-06 16:13 . 2008-06-06 16:13 840 --a------ C:\WINDOWS\Active Setup Log.BAK 2008-06-04 15:54 . 2008-06-04 15:55 d-------- C:\Program Files\Panda Security 2008-06-04 14:04 . 2008-06-04 15:38 d-------- C:\Program Files\SUPERAntiSpyware 2008-06-04 14:04 . 2008-06-04 14:04 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-04 14:04 . 2008-06-04 14:04 d-------- C:\Documents and Settings\Andrew\Application Data\SUPERAntiSpyware.com 2008-06-04 14:04 . 2008-06-04 14:04 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-04 13:42 . 2008-07-13 13:06 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-04 13:42 . 2008-06-04 13:42 d-------- C:\Documents and Settings\Andrew\Application Data\Malwarebytes 2008-06-04 13:42 . 2008-06-04 13:42 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-04 13:42 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys 2008-06-04 13:42 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys 2008-06-04 13:41 . 2008-06-04 13:41 d-------- C:\Program Files\Common Files\Download Manager 2008-06-04 11:35 . 2008-06-04 11:35 d-------- C:\Program Files\NetFilter 2008-05-25 14:35 . 2008-05-25 14:35 1,160 --a------ C:\WINDOWS\mozver.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-11 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-07-08 19:15 --------- d-----w C:\Documents and Settings\Ellie\Application Data\Malwarebytes 2008-07-08 18:35 --------- d-----w C:\Documents and Settings\Ellie\Application Data\SUPERAntiSpyware.com 2008-06-04 19:19 --------- d-----w C:\Program Files\McAfee 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-05 01:14 --------- d-----w C:\Program Files\Google 2008-04-14 11:01 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2007-10-14 23:59 95,800 ----a-w C:\Documents and Settings\Andrew\Application Data\GDIPFONTCACHEV1.DAT 2006-02-09 13:11 91,960 -c--a-w C:\Documents and Settings\Ellie\Application Data\GDIPFONTCACHEV1.DAT 2006-12-14 05:06 88 -csh--r C:\WINDOWS\SYSTEM32\F3DD2BABF1.sys 2006-12-14 05:11 3,350 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0690CA5-C80B-4F09-8DAA-31C0924AE1B9}] 2008-06-04 11:35 476160 --a------ C:\PROGRA~1\NETFIL~1\NETFIL~1.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 11:00 200704] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360] "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 18:16 454784] "DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 16:46 135168] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 15:38 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-05-13 16:15 180269] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-04 20:12:38 124400] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-04 15:38 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-06-04 15:38 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= . Contents of the 'Scheduled Tasks' folder "2004-04-17 15:05:12 C:\WINDOWS\Tasks\ISP signup reminder 1.job" - C:\WINDOWS\System32\OOBE\OOBEBALN.EXE "2008-05-15 06:06:25 C:\WINDOWS\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2008-06-01 06:00:16 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-13 18:22:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\SYSTEM32\wdfmgr.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************** . Completion time: 2008-06-13 18:38:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-13 23:37:29 Pre-Run: 65,352,249,344 bytes free Post-Run: 65,269,116,928 bytes free 135 --- E O F --- 2008-07-11 08:05:04