ComboFix 08-07-13.6 - Administrator 2008-07-14 10:22:15.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.540 [GMT 5.5:30] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\g2mdlhlpx.exe C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\Cache C:\WINDOWS\system32\mcrh.tmp . ((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))) . 2008-07-09 15:28 . 2008-07-09 15:28 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-09 15:28 . 2008-07-09 15:28 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-09 15:28 . 2008-07-09 15:28 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-07-09 15:28 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-09 15:28 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-09 14:50 . 2008-07-09 14:50 d-------- C:\_OTMoveIt 2008-07-09 14:45 . 2008-07-09 14:45 d-------- C:\Program Files\ERUNT 2008-07-09 10:19 . 2008-07-09 10:19 d-------- C:\Deckard 2008-07-08 15:36 . 2008-07-08 15:36 d-------- C:\Documents and Settings\Administrator\Application Data\TrojanHunter 2008-07-08 15:35 . 2008-07-08 15:35 d-------- C:\Program Files\TrojanHunter 5.0 2008-07-08 12:13 . 2008-07-14 09:35 d-------- C:\Program Files\Spyware Doctor 2008-07-08 12:13 . 2008-07-14 10:12 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-08 12:13 . 2008-07-08 12:13 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools 2008-07-08 12:13 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-07-08 12:13 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-07-08 12:13 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-07-08 12:13 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-07-08 10:52 . 2008-07-08 10:52 d-------- C:\Program Files\Trend Micro 2008-07-01 19:46 . 2008-07-02 18:42 d-------- C:\CLRProfiler 2008-06-26 13:08 . 2008-06-26 13:08 d-------- C:\Program Files\Real 2008-06-26 13:08 . 2008-06-26 13:08 d-------- C:\Program Files\Common Files\xing shared 2008-06-26 13:08 . 2008-06-26 13:08 d-------- C:\Program Files\Common Files\Real 2008-06-25 17:59 . 2008-06-25 17:59 d-------- C:\Program Files\Offline Course Player 2008-06-25 17:59 . 2003-07-24 14:03 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-06-25 17:35 . 2008-06-25 17:35 d-------- C:\Program Files\Microsoft Silverlight 2008-06-25 13:07 . 2008-06-25 13:07 d-------- C:\spoolerlogs 2008-06-24 15:38 . 2008-06-24 15:38 268 --ah----- C:\sqmdata04.sqm 2008-06-24 15:38 . 2008-06-24 15:38 244 --ah----- C:\sqmnoopt04.sqm 2008-06-24 11:19 . 2008-06-24 11:19 268 --ah----- C:\sqmdata03.sqm 2008-06-24 11:19 . 2008-06-24 11:19 244 --ah----- C:\sqmnoopt03.sqm 2008-06-24 08:39 . 2008-06-24 08:39 6,619 --a------ C:\Web.config_BACKUP 2008-06-23 15:44 . 2008-06-23 15:44 d-------- C:\Documents and Settings\Administrator\Application Data\IsolatedStorage 2008-06-20 10:31 . 2008-06-20 10:31 d-------- C:\Program Files\MultipleIEs 2008-06-18 13:42 . 2008-06-18 13:42 d-------- C:\Program Files\Business Objects 2008-06-18 13:41 . 2008-06-18 13:41 d-------- C:\Program Files\Microsoft Device Emulator 2008-06-18 13:40 . 2008-06-18 13:41 d-------- C:\Program Files\Windows Mobile 5.0 SDK R2 2008-06-18 13:39 . 2008-06-18 13:39 d-------- C:\Program Files\Microsoft Synchronization Services 2008-06-18 13:39 . 2008-06-18 13:39 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-06-18 13:27 . 2008-06-18 13:42 d-------- C:\Program Files\Microsoft Visual Studio 9.0 2008-06-18 13:27 . 2008-06-18 13:27 d-------- C:\Program Files\Microsoft SDKs 2008-06-18 13:26 . 2008-06-18 13:26 d-------- C:\Program Files\Microsoft Web Designer Tools 2008-06-18 13:23 . 2008-06-18 13:23 d-------- C:\WINDOWS\system32\XPSViewer 2008-06-18 13:23 . 2008-06-18 13:23 d-------- C:\Program Files\Reference Assemblies 2008-06-18 13:22 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll 2008-06-18 10:31 . 2008-06-18 10:31 d-------- C:\Program Files\WinAVIVideoConverter 2008-06-18 10:31 . 2008-06-18 10:31 3,082 --a------ C:\WINDOWS\system32\affv208325p1now.sys 2008-06-17 15:36 . 2008-06-17 15:36 d-------- C:\Program Files\Cucusoft 2008-06-17 15:36 . 2008-06-17 15:36 d-------- C:\Program Files\Common Files\Download Manager 2008-06-17 15:36 . 2007-03-25 00:51 3,049,984 --a------ C:\WINDOWS\system32\libavcodec.dll 2008-06-17 15:36 . 2007-03-25 21:40 2,174,976 --a------ C:\WINDOWS\system32\ffdshow.ax 2008-06-17 15:36 . 2007-03-25 00:51 404,480 --a------ C:\WINDOWS\system32\libmplayer.dll 2008-06-17 15:36 . 2003-03-30 20:08 372,736 --a------ C:\WINDOWS\system32\xvid.ax 2008-06-17 15:36 . 2007-01-01 05:30 200,704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll 2008-06-17 15:36 . 2006-07-08 04:07 114,688 --a------ C:\WINDOWS\system32\PropListCtrl.ocx 2008-06-17 15:36 . 2007-03-25 00:51 114,688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll 2008-06-17 15:36 . 2004-09-10 13:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg 2008-06-17 15:36 . 2006-07-17 21:42 14,909 --a------ C:\WINDOWS\system32\A_reg.reg 2008-06-16 12:46 . 2008-06-16 12:50 d-------- C:\Program Files\123 GIF&JPG Optimizer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-14 04:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Free Download Manager 2008-07-08 06:43 --------- d-----w C:\Program Files\Google 2008-06-26 09:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2008-06-25 12:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-18 09:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-18 09:18 --------- d-----w C:\Program Files\MSDN 2008-06-18 08:08 --------- d-----w C:\Program Files\Microsoft.NET 2008-06-18 08:03 --------- d-----w C:\Program Files\Common Files\Merge Modules 2008-06-18 08:00 --------- d-----w C:\Program Files\MSBuild 2008-06-10 11:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Microsoft FxCop 2008-06-10 11:18 --------- d-----w C:\Program Files\Microsoft FxCop 1.36 2008-06-09 14:33 --------- d-----w C:\Program Files\Core Services 2008-06-09 12:54 --------- d-----w C:\Program Files\Microsoft ACT 2008-06-09 04:11 --------- d-----w C:\Program Files\McAfee 2008-06-06 11:15 --------- d-----w C:\Program Files\Common Files\McAfee 2008-06-05 12:00 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-05 11:36 --------- d-----w C:\Program Files\Photomatix 2008-06-05 11:36 --------- d-----w C:\Program Files\AdventNet 2008-06-05 11:35 --------- d-----w C:\Program Files\Microsoft Web Application Stress Tool 2008-06-05 05:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\QEngine 2008-06-02 09:44 --------- d-----w C:\Program Files\Ultrapico 2008-05-22 12:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-05-22 12:45 --------- d-----w C:\Program Files\Safari . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN] @="{30351346-7B7D-4FCC-81B4-1E394CA267EB}" [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}] 2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN] @="{30351347-7B7D-4FCC-81B4-1E394CA267EB}" [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}] 2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN] @="{30351348-7B7D-4FCC-81B4-1E394CA267EB}" [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}] 2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN] @="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}" [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}] 2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN] @="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}" [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}] 2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN] @="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}" [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}] 2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN] @="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}" [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}] 2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 17:30 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-08 12:13 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992] "OLPSYNCH"="C:\Program Files\Offline Course Player\OlpSynch.exe" [2008-02-19 04:00 42288] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-26 13:08 185896] "THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-03-25 19:08 1047712] "RTHDCPL"="RTHDCPL.EXE" [2008-02-19 15:34 16858112 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-02-28 17:30 53760 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] --a------ 2005-12-27 11:32 118784 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] --a------ 2007-11-17 04:20 91432 C:\Program Files\CyberLink\Shared files\brs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] -ra------ 2007-06-15 09:38 162584 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] -ra------ 2007-06-15 09:38 142104 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --------- 2007-10-11 12:06 62760 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 21:54 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] -ra------ 2007-06-15 09:38 138008 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2008-01-22 14:23 81920 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] --a------ 2005-12-27 11:32 988736 C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "Themes"=2 (0x2) "TapiSrv"=3 (0x3) "SQLWriter"=3 (0x3) "SQLSERVERAGENT"=3 (0x3) "SQLAgent$SQL2005"=3 (0x3) "Spooler"=2 (0x2) "RichVideo"=2 (0x2) "ReportServer$SQL2005"=3 (0x3) "MSSQLSERVER"=2 (0x2) "MSOLAP$SQL2005"=3 (0x3) "msftesql$SQL2005"=3 (0x3) "MsDtsServer"=3 (0x3) "ImapiService"=3 (0x3) "helpsvc"=2 (0x2) "gusvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "ERSvc"=2 (0x2) "Bonjour Service"=2 (0x2) "BITS"=2 (0x2) "AcrSch2Svc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1533:TCP"= 1533:TCP:192.168.1.3/255.255.255.255,192.168.1.4/255.255.255.255,192.168.1.6/255.255.255.255,192.168.1.7/255.255.255.255,192.168.1.8/255.255.255.255,192.168.1.10/255.255.255.255,192.168.1.11/255.255.255.255:Enabled:Sql Server 2005 "80:TCP"= 80:TCP:192.168.1.2/255.255.255.255,192.168.1.3/255.255.255.255:Enabled:HTTP Port R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2008-01-30 12:28] R2 MSSEARCH;Microsoft Search;C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe [2000-07-13 07:14] R2 MSSQL$SQL2005;SQL Server (SQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 03:51] R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-09-30 13:42] R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 13:43] S3 ExtranetAccess;Contivity VPN Service;C:\Program Files\WMI VPN\Extranet_serv.exe [2004-10-08 09:48] S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 13:43] S4 MsDtsServer;SQL Server Integration Services;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 03:45] S4 msftesql$SQL2005;SQL Server FullText Search (SQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2005-08-26 16:00] S4 MSOLAP$SQL2005;SQL Server Analysis Services (SQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2005-10-14 03:46] S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 06:17] S4 msvsmon90;Visual Studio 2008 Remote Debugger;C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 08:58] S4 ReportServer$SQL2005;SQL Server Reporting Services (SQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2005-10-14 03:44] S4 SQLAgent$SQL2005;SQL Server Agent (SQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2005-10-14 03:51] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2a43835-ad5b-11dc-abb4-001cc012c388}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe \Shell\Open \command - H:\MicrosoftPowerPoint.exe . Contents of the 'Scheduled Tasks' folder "2008-01-04 09:41:31 C:\WINDOWS\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2008-01-04 09:41:29 C:\WINDOWS\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe "2008-07-14 04:41:36 C:\WINDOWS\Tasks\User_Feed_Synchronization-{940F17C0-E4A7-4918-A95C-7872C4B2307B}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-14 10:29:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$SQL2005] "ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQL2005" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe . ************************************************************************** . Completion time: 2008-07-14 10:33:52 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-14 05:03:49 Pre-Run: 16,887,218,176 bytes free Post-Run: 16,726,310,912 bytes free 277 --- E O F --- 2007-12-24 10:07:43