ComboFix 08-07-13.6 - Administrator 2008-07-14 10:22:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.540 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\g2mdlhlpx.exe
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\mcrh.tmp
.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.
2008-07-09 15:28 . 2008-07-09 15:28
d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 15:28 . 2008-07-09 15:28 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 15:28 . 2008-07-09 15:28 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-09 15:28 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-09 15:28 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-09 14:50 . 2008-07-09 14:50 d-------- C:\_OTMoveIt
2008-07-09 14:45 . 2008-07-09 14:45 d-------- C:\Program Files\ERUNT
2008-07-09 10:19 . 2008-07-09 10:19 d-------- C:\Deckard
2008-07-08 15:36 . 2008-07-08 15:36 d-------- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
2008-07-08 15:35 . 2008-07-08 15:35 d-------- C:\Program Files\TrojanHunter 5.0
2008-07-08 12:13 . 2008-07-14 09:35 d-------- C:\Program Files\Spyware Doctor
2008-07-08 12:13 . 2008-07-14 10:12 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-08 12:13 . 2008-07-08 12:13 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-07-08 12:13 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-08 12:13 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-08 12:13 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-08 12:13 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-08 10:52 . 2008-07-08 10:52 d-------- C:\Program Files\Trend Micro
2008-07-01 19:46 . 2008-07-02 18:42 d-------- C:\CLRProfiler
2008-06-26 13:08 . 2008-06-26 13:08 d-------- C:\Program Files\Real
2008-06-26 13:08 . 2008-06-26 13:08 d-------- C:\Program Files\Common Files\xing shared
2008-06-26 13:08 . 2008-06-26 13:08 d-------- C:\Program Files\Common Files\Real
2008-06-25 17:59 . 2008-06-25 17:59 d-------- C:\Program Files\Offline Course Player
2008-06-25 17:59 . 2003-07-24 14:03 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-25 17:35 . 2008-06-25 17:35 d-------- C:\Program Files\Microsoft Silverlight
2008-06-25 13:07 . 2008-06-25 13:07 d-------- C:\spoolerlogs
2008-06-24 15:38 . 2008-06-24 15:38 268 --ah----- C:\sqmdata04.sqm
2008-06-24 15:38 . 2008-06-24 15:38 244 --ah----- C:\sqmnoopt04.sqm
2008-06-24 11:19 . 2008-06-24 11:19 268 --ah----- C:\sqmdata03.sqm
2008-06-24 11:19 . 2008-06-24 11:19 244 --ah----- C:\sqmnoopt03.sqm
2008-06-24 08:39 . 2008-06-24 08:39 6,619 --a------ C:\Web.config_BACKUP
2008-06-23 15:44 . 2008-06-23 15:44 d-------- C:\Documents and Settings\Administrator\Application Data\IsolatedStorage
2008-06-20 10:31 . 2008-06-20 10:31 d-------- C:\Program Files\MultipleIEs
2008-06-18 13:42 . 2008-06-18 13:42 d-------- C:\Program Files\Business Objects
2008-06-18 13:41 . 2008-06-18 13:41 d-------- C:\Program Files\Microsoft Device Emulator
2008-06-18 13:40 . 2008-06-18 13:41 d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
2008-06-18 13:39 . 2008-06-18 13:39 d-------- C:\Program Files\Microsoft Synchronization Services
2008-06-18 13:39 . 2008-06-18 13:39 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-18 13:27 . 2008-06-18 13:42 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-06-18 13:27 . 2008-06-18 13:27 d-------- C:\Program Files\Microsoft SDKs
2008-06-18 13:26 . 2008-06-18 13:26 d-------- C:\Program Files\Microsoft Web Designer Tools
2008-06-18 13:23 . 2008-06-18 13:23 d-------- C:\WINDOWS\system32\XPSViewer
2008-06-18 13:23 . 2008-06-18 13:23 d-------- C:\Program Files\Reference Assemblies
2008-06-18 13:22 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-18 10:31 . 2008-06-18 10:31 d-------- C:\Program Files\WinAVIVideoConverter
2008-06-18 10:31 . 2008-06-18 10:31 3,082 --a------ C:\WINDOWS\system32\affv208325p1now.sys
2008-06-17 15:36 . 2008-06-17 15:36 d-------- C:\Program Files\Cucusoft
2008-06-17 15:36 . 2008-06-17 15:36 d-------- C:\Program Files\Common Files\Download Manager
2008-06-17 15:36 . 2007-03-25 00:51 3,049,984 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-06-17 15:36 . 2007-03-25 21:40 2,174,976 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-06-17 15:36 . 2007-03-25 00:51 404,480 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-06-17 15:36 . 2003-03-30 20:08 372,736 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-17 15:36 . 2007-01-01 05:30 200,704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-06-17 15:36 . 2006-07-08 04:07 114,688 --a------ C:\WINDOWS\system32\PropListCtrl.ocx
2008-06-17 15:36 . 2007-03-25 00:51 114,688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-06-17 15:36 . 2004-09-10 13:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-06-17 15:36 . 2006-07-17 21:42 14,909 --a------ C:\WINDOWS\system32\A_reg.reg
2008-06-16 12:46 . 2008-06-16 12:50 d-------- C:\Program Files\123 GIF&JPG Optimizer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 04:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-07-08 06:43 --------- d-----w C:\Program Files\Google
2008-06-26 09:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-25 12:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 09:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-18 09:18 --------- d-----w C:\Program Files\MSDN
2008-06-18 08:08 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-18 08:03 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-06-18 08:00 --------- d-----w C:\Program Files\MSBuild
2008-06-10 11:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Microsoft FxCop
2008-06-10 11:18 --------- d-----w C:\Program Files\Microsoft FxCop 1.36
2008-06-09 14:33 --------- d-----w C:\Program Files\Core Services
2008-06-09 12:54 --------- d-----w C:\Program Files\Microsoft ACT
2008-06-09 04:11 --------- d-----w C:\Program Files\McAfee
2008-06-06 11:15 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-05 12:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-05 11:36 --------- d-----w C:\Program Files\Photomatix
2008-06-05 11:36 --------- d-----w C:\Program Files\AdventNet
2008-06-05 11:35 --------- d-----w C:\Program Files\Microsoft Web Application Stress Tool
2008-06-05 05:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\QEngine
2008-06-02 09:44 --------- d-----w C:\Program Files\Ultrapico
2008-05-22 12:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-05-22 12:45 --------- d-----w C:\Program Files\Safari
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 14:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 17:30 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-08 12:13 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"OLPSYNCH"="C:\Program Files\Offline Course Player\OlpSynch.exe" [2008-02-19 04:00 42288]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-26 13:08 185896]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-03-25 19:08 1047712]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 15:34 16858112 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-02-28 17:30 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2005-12-27 11:32 118784 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2007-11-17 04:20 91432 C:\Program Files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2007-06-15 09:38 162584 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2007-06-15 09:38 142104 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-10-11 12:06 62760 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 21:54 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2007-06-15 09:38 138008 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2008-01-22 14:23 81920 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2005-12-27 11:32 988736 C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"SQLWriter"=3 (0x3)
"SQLSERVERAGENT"=3 (0x3)
"SQLAgent$SQL2005"=3 (0x3)
"Spooler"=2 (0x2)
"RichVideo"=2 (0x2)
"ReportServer$SQL2005"=3 (0x3)
"MSSQLSERVER"=2 (0x2)
"MSOLAP$SQL2005"=3 (0x3)
"msftesql$SQL2005"=3 (0x3)
"MsDtsServer"=3 (0x3)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1533:TCP"= 1533:TCP:192.168.1.3/255.255.255.255,192.168.1.4/255.255.255.255,192.168.1.6/255.255.255.255,192.168.1.7/255.255.255.255,192.168.1.8/255.255.255.255,192.168.1.10/255.255.255.255,192.168.1.11/255.255.255.255:Enabled:Sql Server 2005
"80:TCP"= 80:TCP:192.168.1.2/255.255.255.255,192.168.1.3/255.255.255.255:Enabled:HTTP Port
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2008-01-30 12:28]
R2 MSSEARCH;Microsoft Search;C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe [2000-07-13 07:14]
R2 MSSQL$SQL2005;SQL Server (SQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 03:51]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-09-30 13:42]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 13:43]
S3 ExtranetAccess;Contivity VPN Service;C:\Program Files\WMI VPN\Extranet_serv.exe [2004-10-08 09:48]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 13:43]
S4 MsDtsServer;SQL Server Integration Services;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 03:45]
S4 msftesql$SQL2005;SQL Server FullText Search (SQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2005-08-26 16:00]
S4 MSOLAP$SQL2005;SQL Server Analysis Services (SQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2005-10-14 03:46]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 06:17]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 08:58]
S4 ReportServer$SQL2005;SQL Server Reporting Services (SQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2005-10-14 03:44]
S4 SQLAgent$SQL2005;SQL Server Agent (SQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2005-10-14 03:51]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2a43835-ad5b-11dc-abb4-001cc012c388}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
\Shell\Open \command - H:\MicrosoftPowerPoint.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 09:41:31 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-04 09:41:29 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-07-14 04:41:36 C:\WINDOWS\Tasks\User_Feed_Synchronization-{940F17C0-E4A7-4918-A95C-7872C4B2307B}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 10:29:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$SQL2005]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQL2005"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-07-14 10:33:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 05:03:49
Pre-Run: 16,887,218,176 bytes free
Post-Run: 16,726,310,912 bytes free
277 --- E O F --- 2007-12-24 10:07:43