ComboFix 08-07-11.1 - Julian 2008-07-12 13:55:48.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.355 [GMT -5:00] Running from: C:\Downloads\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMeb586c94.txt C:\WINDOWS\pskt.ini C:\WINDOWS\system32\gbftnbqv.dll C:\WINDOWS\system32\uwjhhbmd.dll . ((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))) . 2008-07-11 23:58 . 2008-07-11 23:58 d-------- C:\Program Files\SpywareBlaster 2008-07-10 18:29 . 2008-07-10 18:30 15,612 --a------ C:\WINDOWS\valhal99.fnt 2008-07-10 18:29 . 2008-07-10 18:30 28 --a------ C:\WINDOWS\system32\vfw_32.reg 2008-07-10 17:21 . 2008-07-10 17:21 d-------- C:\Program Files\Xingtone 2008-07-08 23:49 . 2008-07-12 14:08 45 --a------ C:\TEST.XML 2008-07-08 23:09 . 2008-07-08 23:09 d-------- C:\Program Files\Trend Micro 2008-07-06 18:54 . 2008-07-06 18:54 d-------- C:\Documents and Settings\Julian\Application Data\FileSubmit 2008-07-06 18:42 . 2008-03-31 19:28 267 --ahs---- C:\BOOT.BKK 2008-07-06 18:40 . 2008-07-06 17:31 177,924 --a------ C:\WINDOWS\dallas.jpg 2008-07-06 18:28 . 2008-07-06 19:41 d-------- C:\Program Files\FileSubmit 2008-07-06 18:28 . 2008-07-12 10:19 d-------- C:\Program Files\AdVantage 2008-07-06 18:27 . 2008-07-06 18:27 d-------- C:\WINDOWS\icons 2008-07-06 18:22 . 2008-07-06 19:40 d-------- C:\Program Files\ChameleonXP 2008-07-06 18:19 . 2008-07-06 18:19 d-------- C:\Program Files\TGTSoft 2008-07-06 13:45 . 2008-07-06 13:45 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-07-06 13:44 . 2008-07-10 19:17 d-------- C:\Program Files\SUPERAntiSpyware 2008-07-05 21:29 . 2008-07-06 00:48 d-------- C:\Program Files\Common Files\Download Manager 2008-07-05 21:29 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-07-04 13:15 . 2008-07-04 13:15 1,017 --a------ C:\WINDOWS\system32\apexconverter.exe.stackdump 2008-07-04 12:44 . 2008-07-04 12:44 d-------- C:\Program Files\XviD 2008-07-04 12:42 . 2008-07-04 12:42 d-------- C:\WINDOWS\system32\RMBin 2008-07-04 12:42 . 2008-07-04 12:42 d-------- C:\Program Files\Apex 2008-07-02 22:13 . 54,156 C:\WINDOWS\QTFont.qfn 2008-07-02 22:13 . 1,409 C:\WINDOWS\QTFont.for 2008-06-29 20:54 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-06-29 20:53 . 2008-06-29 20:53 d-------- C:\NVIDIA 2008-06-29 20:50 . 2008-06-29 20:50 d-------- C:\Program Files\SystemRequirementsLab 2008-06-28 20:07 . 2006-11-15 11:29 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL 2008-06-28 20:07 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll 2008-06-28 19:58 . 2007-01-26 02:04 196,096 --a------ C:\WINDOWS\system32\macd32.dll 2008-06-28 19:58 . 2007-01-26 02:04 138,752 --a------ C:\WINDOWS\system32\mase32.dll 2008-06-28 19:58 . 2007-01-26 02:04 136,192 --a------ C:\WINDOWS\system32\mamc32.dll 2008-06-28 19:58 . 2004-07-02 17:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL 2008-06-28 19:58 . 2007-01-26 02:04 57,856 --a------ C:\WINDOWS\system32\masd32.dll 2008-06-28 19:58 . 2007-01-26 02:04 27,648 --a------ C:\WINDOWS\system32\ma32.dll 2008-06-28 19:53 . 2007-01-04 10:07 171,520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys 2008-06-28 19:51 . 2002-01-05 04:48 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL 2008-06-28 19:51 . 2002-01-05 04:36 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL 2008-06-28 19:51 . 2006-04-21 10:00 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll 2008-06-28 19:48 . 2008-06-28 19:48 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio 2008-06-25 23:05 . 2008-06-25 23:05 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee 2008-06-25 18:23 . 2008-06-25 18:23 d-------- C:\Documents and Settings\Julian\Application Data\McAfee 2008-06-25 18:15 . 2008-07-12 14:13 14,691 --a------ C:\WINDOWS\system32\Config.MPF 2008-06-25 18:14 . 2008-06-25 18:14 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor 2008-06-25 18:13 . 2008-06-28 20:22 d-------- C:\Program Files\SiteAdvisor 2008-06-25 18:13 . 2008-07-08 20:56 d-------- C:\Documents and Settings\Julian\Application Data\SiteAdvisor 2008-06-25 18:13 . 2008-06-25 18:14 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-06-25 18:12 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll 2008-06-25 18:09 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2008-06-25 18:09 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2008-06-25 18:08 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2008-06-25 18:08 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2008-06-25 18:08 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2008-06-25 18:08 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2008-06-25 18:07 . 2008-06-25 18:08 d-------- C:\Program Files\McAfee.com 2008-06-25 18:07 . 2008-07-12 12:23 d-------- C:\Program Files\McAfee 2008-06-25 18:07 . 2008-06-25 18:08 d-------- C:\Program Files\Common Files\McAfee 2008-06-25 16:16 . 2008-06-25 16:16 d-------- C:\Documents and Settings\Julian\Application Data\Malwarebytes 2008-06-25 16:15 . 2004-02-23 01:00 1,386,496 --a------ C:\WINDOWS\system32\MSVBVM60.DLL 2008-06-25 16:07 . 2008-06-25 16:07 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-25 16:07 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-25 16:07 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-25 15:41 . 2008-07-11 22:51 110,339 --a------ C:\WINDOWS\BMeb586c94.xml 2008-06-24 23:55 . 2008-06-24 23:55 d-------- C:\Program Files\Microsoft Silverlight 2008-06-24 22:51 . 2008-06-24 22:51 d-------- C:\Program Files\AVG 2008-06-24 22:51 . 2008-06-25 00:41 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-24 21:34 . 2008-03-27 18:26 15,024 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys 2008-06-24 21:28 . 2008-06-24 22:44 d-------- C:\Program Files\Panda Security 2008-06-24 18:52 . 2008-06-24 18:52 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-06-24 17:43 . 2008-06-24 20:16 d-------- C:\Documents and Settings\Julian\Application Data\U3 2008-06-18 21:23 . 2008-06-18 21:23 d-------- C:\Program Files\FlashFXP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-12 05:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-11 00:09 --------- d-----w C:\Program Files\NCH Swift Sound 2008-07-10 22:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-07 01:19 --------- d-----w C:\Documents and Settings\Julian\Application Data\MSN6 2008-07-07 00:39 --------- d-----w C:\Program Files\TrojanHunter 4.6 2008-07-06 22:05 --------- d-----w C:\Program Files\Enigma Software Group 2008-07-06 22:04 --------- d-----w C:\Program Files\Trojan Remover 2008-07-04 19:05 3,532 ----a-w C:\drmHeader.bin 2008-06-29 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-06-25 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-06-25 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-06-25 03:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-06-25 02:19 --------- d-----w C:\Program Files\FreeCDRipper 2008-06-25 02:18 --------- d-----w C:\Program Files\Magic Video Converter 2008-06-24 23:37 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-15 17:57 --------- d-----w C:\Program Files\BitComet 2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-08 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6 2008-05-12 20:48 --------- d-----w C:\Documents and Settings\Julian\Application Data\iPod Copy Expert 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2007-07-13 22:28 87,608 ----a-w C:\Documents and Settings\Julian\Application Data\inst.exe 2007-07-13 22:28 47,360 ----a-w C:\Documents and Settings\Julian\Application Data\pcouffin.sys 2007-06-13 03:08 5,200,627 ----a-w C:\Documents and Settings\Julian\Document1.zip 2007-06-13 03:06 5,203,957 ----a-w C:\Documents and Settings\Julian\Document.zip 2007-06-01 02:19 92,064 ----a-w C:\Documents and Settings\Julian\mqdmmdm.sys 2007-06-01 02:19 9,232 ----a-w C:\Documents and Settings\Julian\mqdmmdfl.sys 2007-06-01 02:19 79,328 ----a-w C:\Documents and Settings\Julian\mqdmserd.sys 2007-06-01 02:19 66,656 ----a-w C:\Documents and Settings\Julian\mqdmbus.sys 2007-06-01 02:19 6,208 ----a-w C:\Documents and Settings\Julian\mqdmcmnt.sys 2007-06-01 02:19 5,936 ----a-w C:\Documents and Settings\Julian\mqdmwhnt.sys 2007-06-01 02:19 4,048 ----a-w C:\Documents and Settings\Julian\mqdmcr.sys 2007-06-01 02:19 25,600 ----a-w C:\Documents and Settings\Julian\usbsermptxp.sys 2007-06-01 02:19 22,768 ----a-w C:\Documents and Settings\Julian\usbsermpt.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 18:47 557056] "iolo Task Agent"="C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe" [2001-10-25 14:20 41984] "System Mechanic Popup Blocker"="C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe" [2006-12-20 18:47 752640] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] "LaunchList"="F:\software\Pinnacle.studio.v11-MAGNiTUDE\LaunchList2.exe" [2007-03-21 15:41 145496] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31 1372160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-06 10:49 196608] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-26 22:18 180269] "AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 12:35 1732608] "WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [2004-08-14 04:42 36864] "medicsp2"="C:\Program Files\twc\medicsp2\bin\sprtcmd.exe" [2007-03-07 12:53 198184] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576] "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952] "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024] "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-05 14:18:07 110592] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.dvsd"= dvc.dll "vidc.I420"= vdrcodec.dll "VIDC.XVID"= xvid.dll "VIDC.MJPG"= Pvmjpg30.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\FlashFXP\\flashfxp.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "F:\\software\\Pinnacle.studio.v11-MAGNiTUDE\\programs\\RM.exe"= "F:\\software\\Pinnacle.studio.v11-MAGNiTUDE\\programs\\Studio.exe"= "F:\\software\\Pinnacle.studio.v11-MAGNiTUDE\\programs\\PMSRegisterFile.exe"= "F:\\software\\Pinnacle.studio.v11-MAGNiTUDE\\programs\\umi.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "60004:TCP"= 60004:TCP:BitComet 60004 TCP "60004:UDP"= 60004:UDP:BitComet 60004 UDP R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 12:54] R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2004-05-24 12:51] S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [] S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31] S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03] S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 10:27] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22446830-3ec2-11dd-ba4c-0011675e65a6}] \Shell\AutoRun\command - I:\JDSecure\Windows\JDSecure31.exe . Contents of the 'Scheduled Tasks' folder "2008-07-06 03:53:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-25 23:08:16 C:\WINDOWS\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2008-07-01 06:00:18 C:\WINDOWS\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe . - - - - ORPHANS REMOVED - - - - BHO-{7d39ab9c-3ce6-43f5-b36f-b101c69612b0} - C:\WINDOWS\system32\leromp.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-12 14:08:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\nview.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe C:\WINDOWS\system32\cmd.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fxssvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\iolo\SYSTEM~1\SysMech6.exe . ************************************************************************** . Completion time: 2008-07-12 14:26:35 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-12 19:26:10 Pre-Run: 18,028,716,032 bytes free Post-Run: 17,913,810,944 bytes free 262 --- E O F --- 2008-07-12 08:01:39