ComboFix 08-06-09.7 - Candy 2008-06-10 9:29:50.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.197 [GMT -4:00] Running from: C:\Documents and Settings\Candy\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Candy\Application Data\AXPDefender C:\Documents and Settings\Candy\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPDefender.lnk C:\Documents and Settings\Candy\Local Settings\Temporary Internet Files\temp.dmf C:\Documents and Settings\Candy\Local Settings\Temporary Internet Files\Tvm.log C:\Program Files\newdotnet C:\Program Files\newdotnet\nncore.dll C:\Program Files\newdotnet\nnrun.exe C:\Program Files\newdotnet\readme.html C:\Program Files\newdotnet\uninstall.exe C:\Program Files\popcorn Terms.html C:\WINDOWS\Downloaded Program Files\hotbar.inf C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\NDNuninstall7_22.exe C:\WINDOWS\NDNuninstall7_48.exe C:\WINDOWS\sasent.dll C:\WINDOWS\system32\drivers\Winye27.sys C:\WINDOWS\system32\hykdmini.ini C:\WINDOWS\system32\rkisbcbv.ini C:\WINDOWS\system32\WinCtrl32.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_MSUPDATE -------\Legacy_NNSERV -------\Legacy_WINYE27 -------\Service_msupdate -------\Service_NNServ -------\Service_Winye27 ((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))) . 2008-06-09 20:56 . 2008-06-09 20:56 d-------- C:\Deckard 2008-06-07 17:05 . 2008-06-10 09:36 52,736 --a------ C:\WINDOWS\system32\blphc3vtj0epa1.scr 2008-06-07 14:44 . 2008-06-07 14:57 3,156 --a------ C:\WINDOWS\system32\tmp.reg 2008-06-07 14:27 . 2008-06-07 14:27 d-------- C:\VundoFix Backups 2008-06-07 14:11 . 2008-06-07 15:13 d-------- C:\Documents and Settings\Candy\.housecall6.6 2008-06-07 12:25 . 2008-06-07 12:25 d-------- C:\Documents and Settings\Candy\Application Data\Malwarebytes 2008-06-07 10:40 . 2008-06-07 12:32 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-07 10:40 . 2008-06-07 10:40 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-07 10:40 . 2008-06-07 10:40 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-06-07 10:40 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-07 10:40 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-06 08:17 . 2003-04-29 15:59 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2008-06-06 08:17 . 2003-05-14 14:24 d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo 2008-06-06 08:17 . 2003-04-29 15:49 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust 2008-06-06 08:17 . 2003-04-29 14:47 d-------- C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD+DVD 2008-06-06 08:17 . 2008-06-06 08:17 d-------- C:\Documents and Settings\Administrator 2008-06-04 20:31 . 2008-06-04 20:31 d-------- C:\Documents and Settings\Candy\Application Data\shc5vtj0epa1 2008-06-04 20:28 . 2008-06-04 20:28 92,160 --a------ C:\WINDOWS\system32\lphc3vtj0epa1.exe 2008-06-04 20:28 . 2008-06-10 09:36 90,838 --a------ C:\WINDOWS\system32\phc3vtj0epa1.bmp 2008-05-26 20:52 . 2008-05-26 20:52 d-------- C:\Program Files\Windows Media Connect 2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-10 13:36 --------- d-----w C:\Program Files\CallWave 2008-06-10 03:14 --------- d-----w C:\Program Files\Norton AntiVirus 2008-06-07 18:06 --------- d-----w C:\Program Files\Yahoo! 2008-06-07 18:04 --------- d-----w C:\Program Files\Google 2008-06-07 17:59 --------- d-----w C:\Program Files\MBKWBar 2008-05-21 01:31 --------- d--h--w C:\Documents and Settings\Candy\Application Data\Move Networks 2008-05-10 16:06 --------- d-----w C:\Documents and Settings\Candy\Application Data\PhotoParade 2008-04-24 01:49 --------- d-----w C:\Documents and Settings\Candy\Application Data\Documents and Settings 2005-05-12 02:06 42 ----a-w C:\Documents and Settings\Candy\Application Data\tvmuknwrd.dll 2005-04-03 04:28 353,851 ----a-w C:\Documents and Settings\Candy\Application Data\tvmknwrd.dll 2004-12-18 17:57 0 ---ha-w C:\Documents and Settings\Candy\hpothb07.dat 2003-08-27 21:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll 2005-11-05 23:22 232,349 --sh--r C:\WINDOWS\f1tlarb.sys 2003-04-29 20:00 32 --sha-w C:\WINDOWS\{1AECDE68-1081-45C8-9BEA-C9481A24AD53}.dat 2005-11-13 23:58 211,348 --sh--r C:\WINDOWS\system32\16k0z.exe 2005-11-05 23:22 612,066 --sh--r C:\WINDOWS\system32\7xf2inu.dll 2005-11-05 23:22 309,754 --sh--r C:\WINDOWS\system32\f1tlarb.sys 2005-11-05 23:22 166,423 --sh--r C:\WINDOWS\system32\plivib6.exe 2003-04-29 20:00 32 --sha-w C:\WINDOWS\system32\{DDCA5DCC-AA28-48CB-B6F3-DEF1BA15A743}.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00855933-F2CA-4D03-913C-BA6AF2D20D49}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{134F95DD-1F11-4BE7-BD49-715BEB12F8EB}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18417486-220A-4F8E-8190-4E9C08CB0D15}] C:\Program Files\CSBB\CSBB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1AB08EBF-917D-4DA5-B753-9C9E99F6F82E}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{230EDB2E-D555-46F3-B434-F746AADBB37E}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2909C652-7E5F-41F1-915C-DE62390381B7}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BBAECC3-6C41-486B-BF8F-88B6290F3F60}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37B0A6A0-FC0D-4ACC-9939-EF7CC35E084D}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F820870-E549-4728-B391-397E47B82DA1}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{401F7A17-0E47-4F50-9F65-9EF2C176E666}] C:\Program Files\CSBB\CSBB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4548BEED-6968-4849-9434-003BD236D591}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49C03043-39EE-4CBF-8FA9-D1EEFBD50A34}] C:\Program Files\CSBB\CSBB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A25D449-2BAA-4426-A992-D18CA70CF5A9}] C:\WINDOWS\system32\tzm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{533246BC-F554-41CB-BCE3-E682CA36E43D}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6086F842-66F5-4700-936F-FD1AC3B88E68}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C902F78-5FF1-4A20-A89C-F072E811F939}] C:\Program Files\CSBB\CSBB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{819D0A6D-1AFF-49E4-B0C3-03349B1F3AC8}] C:\Program Files\CSBB\CSBB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8251C34F-BFEC-46A5-9330-706F0531DA14}] C:\Program Files\CSBB\CSBB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89658AFA-5D60-474C-B94B-E4B1D1681500}] C:\Program Files\CSBB\CSBB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C930571-B657-49E8-871F-DC6589E3CBE7}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9006DCAF-FC1E-4A71-92D9-CAC45EBA3D94}] C:\Program Files\CSBB\CSBB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93D7A4BE-9DFA-4E04-AAF4-65F48EBDD42A}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95E4AFD9-4F86-4E7D-9104-068EEE0E9614}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A5A5F23-B4AD-4323-9C4D-E55C4120E1CC}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C148EE5-3AF6-43F7-9317-0F743E480636}] C:\Program Files\CSBB\CSBB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B425796A-D395-4CDE-A985-2DE2ECC83957}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7191A3A-51BB-4122-882F-2962B178DB57}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B952ADBC-AC73-4FAC-A4FE-E9C169352C62}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE5500D7-96BC-4455-8D89-EF80C00A4483}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D36763E2-E97E-42BF-ABEB-ED2675D0FBE4}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE1E8E8F-9AD3-4BA3-A3EA-6B2C5EFD703E}] C:\Program Files\CSBB\CSBB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E15F0656-969A-4C56-9EC4-8E2A4494DDCA}] C:\Program Files\CSBB\CSBB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2A071A7-A4B8-496D-BE15-B62B5F7BE6FF}] C:\Program Files\CSBB\CSBB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6410C9F-6195-4B55-A4C0-440CBA6BF155}] C:\Program Files\CSBB\CSBB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF914DE2-23AA-4743-9CC0-0E5B8A9D098F}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA8B79BA-1BE9-4D31-89D7-8312E7AE160F}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE3DDC41-B10B-4BB6-ACA1-CD557B02B129}] C:\Program Files\CSBB\CSBB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE6D51F3-CE99-4741-BA5F-A9DD581D40CF}] 2005-05-12 07:47 135680 --a------ C:\Program Files\z16roskn\z16roskn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2004-05-28 18:22 4882432] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 14:08 4670968] "License Manager"="C:\Program Files\License_Manager\license_manager.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 22:01 68856] "DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 14:43 472632] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-01-11 21:45 4898816] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600] "WhenUSave"="C:\Program Files\Save\Save.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29 40960] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624] "Ujlisy"="C:\Program Files\Nkgxtn\Koftw.exe" [2005-08-19 21:32 37512] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "HookUpFinder"="C:\Program Files\HookUpFinder\HookUpFinder.Exe" [2006-03-07 14:38 221184] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51 257088] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-30 09:37 185632] "SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 16:32 126976] "MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 20:36 57344] "lphc3vtj0epa1"="C:\WINDOWS\system32\lphc3vtj0epa1.exe" [2008-06-04 20:28 92160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-01-11 21:45 4898816] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"= 1 (0x1) "NoDispScrSavPage"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Internet Answering Machine.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Internet Answering Machine.lnk backup=C:\WINDOWS\pss\Internet Answering Machine.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0[/u]00StTHK] --a------ 2001-06-23 23:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0[/u]0THotkey] --a------ 2003-04-15 23:01 258048 C:\WINDOWS\System32\[u]0[/u]0THotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a------ 2003-04-18 14:20 88363 C:\WINDOWS\agrsmmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a------ 2002-12-25 17:38 159744 C:\Program Files\Apoint2K\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CashBack] C:\Program Files\CashBack\bin\cashback.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2002-12-13 15:47 54512 C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy] --a------ 2002-12-13 15:47 58616 C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker0] C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px] --a------ 2002-08-20 13:29 40960 C:\WINDOWS\System32\ezSP_Px.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotbar] C:\Program Files\Hotbar\bin\4.6.1.0\Hbinst.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2003-04-07 03:07 114688 C:\WINDOWS\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2003-04-07 03:19 155648 C:\WINDOWS\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] --a------ 2003-01-02 20:16 172032 C:\Program Files\ltmoh\Ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb] c:\docume~1\candy\locals~1\temp\msbb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2004-05-28 18:22 4882432 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe] --a------ 2003-01-17 23:26 458752 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pifmgr] --a------ 2005-01-29 18:38 54663 C:\WINDOWS\System32\pifmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger] --a------ 2002-10-17 16:21 159744 C:\toshiba\ivp\ism\pinger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PmProxy] --a------ 2003-02-28 22:54 40960 C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rckajmyvyvudp] C:\WINDOWS\System32\laesbpfl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2007-09-30 09:38 214296 C:\Program Files\Real\RealPlayer\RealPlay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\requester] --a------ 2005-01-02 12:29 27648 C:\WINDOWS\System32\requester.10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\satmat] C:\WINDOWS\satmat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG] -ra------ 2003-08-27 17:20 94208 C:\WINDOWS\SM1BG.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5] --a------ 2001-08-03 20:08 73728 C:\WINDOWS\system32\TFNF5.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TickSlow] --a------ 2005-01-10 23:28 244819 C:\DOCUME~1\Candy\APPLIC~1\DVDBOR~1\Dent setup seek.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED] --a------ 2003-01-21 21:00 126976 C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tpwrtray] --a------ 2002-12-10 13:49 237568 C:\WINDOWS\system32\TPWRTRAY.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSysSMon] --a------ 2003-02-25 20:03 49152 c:\toshiba\sysstability\tsyssmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\z16roskn] C:\Program Files\z16roskn\z16roskn.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzuq] C:\PROGRA~1\COMMON~1\zzuq\zzuqm.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\WINDOWS\\system32\\muzapp.exe"= "C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "C:\\Program Files\\CallWave\\IAM.exe"= R3 wlags48b;Wireless LAN PCCard Driver;C:\WINDOWS\system32\DRIVERS\wlags48b.sys [2002-06-28 19:29] S2 ISEXEng;ISEXEng;C:\WINDOWS\System32\angelex.exe [] S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;C:\WINDOWS\system32\DRIVERS\cben5.sys [2001-08-17 08:13] S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-06-05 16:04] . Contents of the 'Scheduled Tasks' folder "2008-06-10 02:00:02 C:\WINDOWS\Tasks\ADAB310F91B8A80B.job" - c:\progra~1\dvdbor~1\USER DRAW PROC.exe "2007-12-26 11:48:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2005-07-10 19:47:19 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1065242033.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-04-19 01:27:21 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" - C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca "2003-09-25 01:40:22 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-10 09:36:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\drivers\CDANTSRV.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Completion time: 2008-06-10 9:45:30 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-10 13:45:25 Pre-Run: 26,278,539,264 bytes free Post-Run: 26,263,552,000 bytes free 332 --- E O F --- 2008-05-28 00:45:00