ComboFix 08-08-13.02 - David 2008-08-13 22:00:36.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.684 [GMT -5:00] Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\David\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\David\Application Data\Adobe\crc.dat . ---- Previous Run ------- . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk C:\Documents and Settings\David\Application Data\Adobe\Manager.exe C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\AL849KSK\interclick.com C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\AL849KSK\interclick.com\ud.sol C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\AL849KSK\www.broadcaster.com C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Documents and Settings\David\Application Data\rhcnuoj0ep6t C:\Windows\BM3b6fdceb.txt C:\Windows\BM3b6fdceb.xml C:\Windows\pskt.ini C:\Windows\system32\4.tmp C:\Windows\system32\5.tmp C:\Windows\system32\6.tmp C:\Windows\system32\7.tmp C:\Windows\system32\8.tmp C:\Windows\system32\9.tmp C:\Windows\system32\blphcjuoj0ep6t.scr C:\Windows\system32\cmohjglu.dll C:\Windows\system32\gdi.dll C:\Windows\system32\hmiutufk.dll C:\WINDOWS\system32\ihcaesxj.exe C:\Windows\system32\IRsvFfhk.ini C:\WINDOWS\system32\IRsvFfhk.ini2 C:\Windows\system32\jlthvyav.ini C:\WINDOWS\system32\kyiqhjid.exe C:\Windows\system32\lphcjuoj0ep6t.exe C:\Windows\system32\mcrh.tmp C:\Windows\system32\mctijube.dll C:\Windows\system32\mqhwvonp.ini C:\Windows\system32\myokzk.dll C:\Windows\system32\pbravlym.dll C:\Windows\system32\phcjuoj0ep6t.bmp C:\Windows\system32\poflgx.dll C:\Windows\system32\pphcjuoj0ep6t.exe C:\Windows\system32\rgblwpkq.dll C:\Windows\system32\syisrlnu.dll C:\Windows\system32\tdssadw.dll C:\Windows\system32\tdssinit.dll C:\Windows\system32\tdssl.dll C:\Windows\system32\tdsslog.dll C:\Windows\system32\tdssmain.dll C:\Windows\system32\tdssservers.dat C:\Windows\system32\unlrsiys.ini C:\Windows\system32\uvyxerjl.dll C:\Windows\system32\vayvhtlj.dll . ((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 ))))))))))))))))))))))))))))))) . 2008-08-13 21:55 . 2008-08-13 21:58 d-------- C:\327882R2FWJFW 2008-08-12 23:38 . 2008-08-12 23:38 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-08-12 22:08 . 2008-08-12 22:08 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2008-08-12 22:08 . 2008-08-12 22:01 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys 2008-08-12 22:01 . 2008-08-12 22:08 d-------- C:\Program Files\Common Files\PC Tools 2008-08-11 01:41 . 2008-08-11 02:04 d--h----- C:\$AVG8.VAULT$ 2008-08-11 01:34 . 2008-08-13 21:46 d-------- C:\WINDOWS\system32\drivers\Avg 2008-08-11 01:34 . 2008-08-11 01:34 d-------- C:\Program Files\AVG 2008-08-11 01:34 . 2008-08-11 01:34 d-------- C:\Documents and Settings\David\Application Data\AVGTOOLBAR 2008-08-11 01:34 . 2008-08-11 01:36 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-08-11 01:34 . 2008-08-11 01:34 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-11 01:34 . 2008-08-11 01:34 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-08-10 23:11 . 2008-08-13 12:31 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-10 23:10 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-10 23:10 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-10 23:10 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-10 23:10 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-10 14:54 . 2008-08-10 14:54 2,048 --a------ C:\WINDOWS\system32\kyiqhjid.exe 2008-08-09 15:15 . 2006-01-30 22:10 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek 2008-08-09 15:15 . 2008-08-13 14:32 d-------- C:\Documents and Settings\Administrator 2008-08-09 14:46 . 2008-08-09 14:46 2,048 --a------ C:\WINDOWS\system32\ihcaesxj.exe 2008-08-07 12:30 . 2008-08-09 10:48 d-------- C:\Downloads 2008-08-07 12:27 . 2008-08-07 12:27 d-------- C:\Program Files\Software Informer 2008-08-07 12:27 . 2008-08-07 12:27 d-------- C:\Program Files\Free Download Manager 2008-08-07 12:27 . 2008-08-07 12:29 d-------- C:\Documents and Settings\David\Application Data\Software Informer 2008-08-07 12:27 . 2008-08-12 23:58 d-------- C:\Documents and Settings\David\Application Data\Free Download Manager 2008-08-07 12:27 . 2008-08-07 12:27 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG 2008-07-28 09:38 . 2008-07-28 09:38 d-------- C:\Program Files\Atomic RAR Password Recovery 2008-07-23 10:38 . 2008-07-23 10:38 d-------- C:\Program Files\DNA 2008-07-23 10:38 . 2008-08-11 20:13 d-------- C:\Documents and Settings\David\Application Data\DNA 2008-07-21 16:54 . 2008-07-21 16:54 d-------- C:\Program Files\Slot Machine 98 2008-07-21 16:54 . 2008-07-21 16:54 724,992 --a------ C:\WINDOWS\iun6002.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-13 17:31 --------- d-----w C:\Program Files\Spyware Doctor 2008-08-13 14:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-11 14:03 --------- d-----w C:\Program Files\Trend Micro 2008-08-11 07:38 --------- d-----w C:\Program Files\MP3 Player Utilities 3.5.02 2008-08-11 04:23 96,256 ----a-w C:\Windows\system32\drivers\sptd7725.sys 2008-08-10 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-08-10 21:29 --------- d-----w C:\Program Files\Norton AntiVirus 2008-08-10 21:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-10 21:00 --------- d-----w C:\Program Files\Symantec 2008-08-09 13:33 --------- d-----w C:\Documents and Settings\David\Application Data\BitTorrent 2008-07-31 02:20 0 ----a-w C:\$RJ$.DAT 2008-07-30 00:53 --------- d-----w C:\Program Files\Diablo II 2008-07-28 02:52 --------- d-----w C:\Program Files\Cisco CCNA Network Simulator 2008-07-23 15:38 --------- d-----w C:\Program Files\BitTorrent 2008-07-05 17:42 --------- d-----w C:\Program Files\Acon Digital Media 2008-07-05 17:00 --------- d-----w C:\Program Files\FlashGet 2008-06-25 18:36 --------- d-----w C:\Program Files\Winamp 2008-06-24 20:02 --------- d-----w C:\Program Files\Nstorm 2007-05-03 06:28 92,064 ----a-w C:\Documents and Settings\David\mqdmmdm.sys 2007-05-03 06:28 9,232 ----a-w C:\Documents and Settings\David\mqdmmdfl.sys 2007-05-03 06:28 79,328 ----a-w C:\Documents and Settings\David\mqdmserd.sys 2007-05-03 06:28 66,656 ----a-w C:\Documents and Settings\David\mqdmbus.sys 2007-05-03 06:28 6,208 ----a-w C:\Documents and Settings\David\mqdmcmnt.sys 2007-05-03 06:28 5,936 ----a-w C:\Documents and Settings\David\mqdmwhnt.sys 2007-05-03 06:28 4,048 ----a-w C:\Documents and Settings\David\mqdmcr.sys 2007-05-03 06:28 25,600 ----a-w C:\Documents and Settings\David\usbsermptxp.sys 2007-05-03 06:28 22,768 ----a-w C:\Documents and Settings\David\usbsermpt.sys 2006-12-15 05:29 25,104 ----a-w C:\Documents and Settings\David\Application Data\GDIPFONTCACHEV1.DAT 2006-01-08 06:57 56 --sh--r C:\Windows\system32\5B77058413.sys 2006-01-08 06:57 2,516 --sha-w C:\Windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- md5deep: C:\Windows\system32\svchost.exe: Permission denied md5deep: C:\Windows\system32\winlogon.exe: Permission denied md5deep: C:\Windows\explorer.exe: Permission denied md5deep: C:\Windows\system32\services.exe: Permission denied md5deep: C:\Windows\system32\lsass.exe: Permission denied . ((((((((((((((((((((((((((((( snapshot@2008-08-12_23.05.41.43 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-13 03:39:45 181,498 ----a-w C:\Windows\system32\perfc009.dat + 2008-08-14 02:48:26 186,130 ----a-w C:\Windows\system32\perfc009.dat - 2008-08-13 03:39:45 598,372 ----a-w C:\Windows\system32\perfh009.dat + 2008-08-14 02:48:26 606,636 ----a-w C:\Windows\system32\perfh009.dat - 2006-12-25 03:43:54 253,404 ----a-w C:\Windows\system32\Restore\rstrlog.dat + 2008-08-13 19:33:03 79,644 ----a-w C:\Windows\system32\Restore\rstrlog.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "QUgWtXhphoOc"= {385CEFD9-92F6-4573-6042-720265C47ABE} - C:\Windows\System32\gdi.dll [2006-07-05 05:55 32768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "vidc.3ivx"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "vidc.xvid"= xvid.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] backup=C:\Windows\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] backup=C:\Windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\Windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcnuoj0ep6t HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\385cef77] C:\Windows\system32\vayvhtlj.dll [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2006-10-23 00:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] --a------ 2008-08-11 01:34 1232152 C:\PROGRA~1\AVG\AVG8\avgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2005-12-16 12:57 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-07-23 10:38 341824 C:\Program Files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3b6fdceb] C:\Windows\system32\hmiutufk.dll [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] --a------ 2006-02-07 00:10 98304 C:\Program Files\Lexmark 3400 Series\ezprint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] --a------ 2008-05-20 17:27 2474031 C:\Program Files\Free Download Manager\fdm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2006-11-13 14:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2005-07-19 11:06 77824 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2005-07-19 11:10 114688 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2005-07-19 11:09 94208 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcjuoj0ep6t] C:\Windows\system32\lphcjuoj0ep6t.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCYCATS] --a------ 2005-12-01 13:38 65536 C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcytime.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe] --a------ 2006-01-25 11:02 286720 C:\Program Files\Lexmark 3400 Series\lxcymon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2006-03-17 21:24 184320 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] C:\Documents and Settings\David\Application Data\Adobe\Manager.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2005-06-24 07:36 729178 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] --------- 2004-08-14 05:42 36864 C:\Program Files\mobile PhoneTools\WatchDog.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SxgTkBar] --a------ 2002-07-22 17:03 53248 C:\WINDOWS\system32\Sxgtkbar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Symantec Core LC"=3 (0x3) "SAVScan"=3 (0x3) "NSCService"=3 (0x3) "NPFMntor"=2 (0x2) "navapsvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Team17\\Worms Armageddon\\WA.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\Free Download Manager\\fdm.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-11 01:34] R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-08-12 22:01] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-11 01:34] R3 SOFTXG;YAMAHA XG SoftSynthesizer;C:\Windows\system32\drivers\sxgxgwdm.sys [2002-05-22 09:34] S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2005-08-02 16:10] S3 npkycryp;npkycryp;C:\Program Files\Gravity\RO\npkycryp.sys [] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\Windows\system32\Drivers\usbbc2.sys [2003-05-07 16:54] S3 samhid;samhid;C:\Windows\system32\drivers\samhid.sys [] S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);C:\Windows\system32\DRIVERS\tap0801co.sys [2004-07-10 09:54] S3 XLPINIT;XLPINIT;C:\Windows\system32\Drivers\xromlp.sys [2003-12-06 07:44] S3 XLPWRITER;XLPWRITER;C:\Windows\system32\drivers\xromio.sys [2001-01-28 11:07] S4 lxcy_device;lxcy_device;C:\Windows\system32\lxcycoms.exe [2006-02-20 14:23] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\setup.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 22:15:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\DOCUME~1\David\LOCALS~1\Temp\54542921-007b-472a-8ab0-e11266275a4c.tmp 0 bytes scan completed successfully hidden files: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\WINDOWS\system32\taskmgr.exe C:\PROGRA~1\AVG\AVG8\avgupd.exe . ************************************************************************** . Completion time: 2008-08-13 22:22:31 - machine was rebooted [David] ComboFix-quarantined-files.txt 2008-08-14 03:21:45 Pre-Run: 9,823,191,040 bytes free Post-Run: 9,800,765,440 bytes free 333