ComboFix 08-08-26.03 - Charlie & Mandy 2008-08-27 20:57:35.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.585 [GMT 1:00] Running from: C:\Documents and Settings\Charlie & Mandy\Desktop\ComboFix.exe . Error: Cfiles.dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Charlie & Mandy\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\system32\_000115_.tmp.dll C:\WINDOWS\system32\_003864_.tmp.dll C:\WINDOWS\system32\_003865_.tmp.dll C:\WINDOWS\system32\_003866_.tmp.dll C:\WINDOWS\system32\_003867_.tmp.dll C:\WINDOWS\system32\_003874_.tmp.dll C:\WINDOWS\system32\_003875_.tmp.dll C:\WINDOWS\system32\_003876_.tmp.dll C:\WINDOWS\system32\_003878_.tmp.dll C:\WINDOWS\system32\_003879_.tmp.dll C:\WINDOWS\system32\_003882_.tmp.dll C:\WINDOWS\system32\_003883_.tmp.dll C:\WINDOWS\system32\_003885_.tmp.dll C:\WINDOWS\system32\_003886_.tmp.dll C:\WINDOWS\system32\_003887_.tmp.dll C:\WINDOWS\system32\_003889_.tmp.dll C:\WINDOWS\system32\_003890_.tmp.dll C:\WINDOWS\system32\_003892_.tmp.dll C:\WINDOWS\system32\_003893_.tmp.dll C:\WINDOWS\system32\_003894_.tmp.dll C:\WINDOWS\system32\_003895_.tmp.dll C:\WINDOWS\system32\_003896_.tmp.dll C:\WINDOWS\system32\_003897_.tmp.dll C:\WINDOWS\system32\_003898_.tmp.dll C:\WINDOWS\system32\_003899_.tmp.dll C:\WINDOWS\system32\_003900_.tmp.dll C:\WINDOWS\system32\_003901_.tmp.dll C:\WINDOWS\system32\_003903_.tmp.dll C:\WINDOWS\system32\_003905_.tmp.dll C:\WINDOWS\system32\_003906_.tmp.dll C:\WINDOWS\system32\_003907_.tmp.dll C:\WINDOWS\system32\_003908_.tmp.dll C:\WINDOWS\system32\_003911_.tmp.dll C:\WINDOWS\system32\_003912_.tmp.dll C:\WINDOWS\system32\_003913_.tmp.dll C:\WINDOWS\system32\_003914_.tmp.dll C:\WINDOWS\system32\_003915_.tmp.dll C:\WINDOWS\system32\_003918_.tmp.dll C:\WINDOWS\system32\_003919_.tmp.dll C:\WINDOWS\system32\_003920_.tmp.dll C:\WINDOWS\system32\_003921_.tmp.dll C:\WINDOWS\system32\_003922_.tmp.dll C:\WINDOWS\system32\_003923_.tmp.dll C:\WINDOWS\system32\_003925_.tmp.dll C:\WINDOWS\system32\_003926_.tmp.dll C:\WINDOWS\system32\_003929_.tmp.dll C:\WINDOWS\system32\_003930_.tmp.dll C:\WINDOWS\system32\_003932_.tmp.dll C:\WINDOWS\system32\_003933_.tmp.dll C:\WINDOWS\system32\_003934_.tmp.dll C:\WINDOWS\system32\_003936_.tmp.dll C:\WINDOWS\system32\_003939_.tmp.dll C:\WINDOWS\system32\_003940_.tmp.dll C:\WINDOWS\system32\_003944_.tmp.dll C:\WINDOWS\system32\_003945_.tmp.dll C:\WINDOWS\system32\_003947_.tmp.dll C:\WINDOWS\system32\_003948_.tmp.dll C:\WINDOWS\system32\_003950_.tmp.dll C:\WINDOWS\system32\_003952_.tmp.dll C:\WINDOWS\system32\_003953_.tmp.dll C:\WINDOWS\system32\_003954_.tmp.dll C:\WINDOWS\system32\_003955_.tmp.dll C:\WINDOWS\system32\_003958_.tmp.dll C:\WINDOWS\system32\_003959_.tmp.dll C:\WINDOWS\system32\_003960_.tmp.dll C:\WINDOWS\system32\_003961_.tmp.dll C:\WINDOWS\system32\_003962_.tmp.dll C:\WINDOWS\system32\_003967_.tmp.dll C:\WINDOWS\system32\_003969_.tmp.dll C:\WINDOWS\system32\_003970_.tmp.dll . ((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))) . 2008-08-27 18:57 . 2008-05-01 15:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-25 20:25 . 2008-08-27 20:49 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-08-25 20:20 . 2008-08-27 20:55 4,958,588 --a------ C:\WINDOWS\{00000000-00000000-0000000D-00001102-00000004-20021102}.BAK 2008-08-25 17:25 . 2008-04-14 05:42 2,843,136 --a------ C:\WINDOWS\system32\msi.dll 2008-08-25 17:25 . 2008-04-13 21:09 884,736 --a------ C:\WINDOWS\system32\msimsg.dll 2008-08-25 17:25 . 2008-04-14 05:42 271,360 --a------ C:\WINDOWS\system32\msihnd.dll 2008-08-25 17:25 . 2008-04-14 05:42 78,848 --a------ C:\WINDOWS\system32\msiexec.exe 2008-08-25 17:25 . 2008-04-14 05:42 15,360 --a------ C:\WINDOWS\system32\msisip.dll 2008-08-25 15:54 . 2008-04-11 20:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-25 11:44 . 2008-08-25 11:44 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-08-25 11:41 . 2008-08-25 11:41 d-------- C:\WINDOWS\ERUNT 2008-08-25 10:28 . 2008-08-25 12:13 d-------- C:\SDFix 2008-08-25 10:09 . 2008-08-25 10:09 2,335,270 --a------ C:\WINDOWS\system32\36180.mht 2008-08-25 10:09 . 2008-04-14 05:41 706,048 --a------ C:\WINDOWS\system32\fe382.tmp 2008-08-25 10:09 . 2008-08-25 10:09 128,352 --a------ C:\WINDOWS\system32\bde81.dll 2008-08-25 10:09 . 2008-08-25 10:09 54,624 --a------ C:\WINDOWS\system32\bde81.sys 2008-08-20 18:40 . 2008-08-21 19:34 250 --a------ C:\WINDOWS\gmer.ini 2008-08-18 21:07 . 2008-08-18 21:07 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-18 21:07 . 2008-08-18 21:07 d-------- C:\Documents and Settings\Charlie & Mandy\Application Data\Malwarebytes 2008-08-18 21:07 . 2008-08-18 21:07 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-18 21:07 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-18 21:07 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-12 18:32 . 2008-08-12 18:32 29 --a------ C:\WINDOWS\system32\ggaittqf.tmp 2008-08-11 23:38 . 2008-08-11 23:38 d-------- C:\Program Files\iTunes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-27 20:07 --------- d-----w C:\Program Files\BOINC 2008-08-25 14:40 --------- d-----w C:\Documents and Settings\Charlie & Mandy\Application Data\SiteAdvisor 2008-08-25 09:16 --------- d-----w C:\Program Files\iiyama monitor test 2008-08-25 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\OsaSync 2008-08-25 08:32 --------- d-----w C:\Program Files\RunLog 2008-08-14 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-08-12 07:04 --------- d-----w C:\Program Files\Apple Software Update 2008-08-11 22:38 --------- d-----w C:\Program Files\iPod 2008-07-25 13:39 --------- d-----w C:\Documents and Settings\Charlie & Mandy\Application Data\Canon 2008-07-13 18:00 --------- d-----w C:\Program Files\QuickTime 2008-07-13 18:00 --------- d-----w C:\Program Files\Bonjour 2008-06-29 19:01 --------- d-----w C:\Program Files\FinePixViewer 2008-06-29 19:01 --------- d-----w C:\Documents and Settings\Charlie & Mandy\Application Data\FUJIFILM 2008-06-29 18:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-29 18:15 --------- d-----w C:\Program Files\REGSHAVE 2007-06-14 06:38 92,064 ------w C:\Documents and Settings\Charlie & Mandy\mqdmmdm.sys 2007-06-14 06:38 9,232 ------w C:\Documents and Settings\Charlie & Mandy\mqdmmdfl.sys 2007-06-14 06:38 79,328 ------w C:\Documents and Settings\Charlie & Mandy\mqdmserd.sys 2007-06-14 06:38 66,656 ------w C:\Documents and Settings\Charlie & Mandy\mqdmbus.sys 2007-06-14 06:38 6,208 ------w C:\Documents and Settings\Charlie & Mandy\mqdmcmnt.sys 2007-06-14 06:38 5,936 ------w C:\Documents and Settings\Charlie & Mandy\mqdmwhnt.sys 2007-06-14 06:38 4,048 ------w C:\Documents and Settings\Charlie & Mandy\mqdmcr.sys 2007-06-14 06:38 25,600 ------w C:\Documents and Settings\Charlie & Mandy\usbsermptxp.sys 2007-06-14 06:38 22,768 ------w C:\Documents and Settings\Charlie & Mandy\usbsermpt.sys 2007-05-24 13:58 249,856 ----a-w C:\WINDOWS\inf\WG311v3\InsDrv2k.exe 2006-12-04 10:38 212,992 ----a-w C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe 2005-12-29 17:07 282,624 ----a-r C:\WINDOWS\inf\WG311v3\WG311v3XP.sys 2005-10-27 07:44 96,560 ------w C:\Documents and Settings\Charlie & Mandy\Application Data\GDIPFONTCACHEV1.DAT 2005-09-25 21:02 5,872 ------w C:\Documents and Settings\All Users\Application Data\ypinfo.bin 2004-12-18 23:45 855 ------w C:\Documents and Settings\Charlie & Mandy\DMOrganizer.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 09:47 135168] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 14:17 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 16:45 114688] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 22:57 36640] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064] "PtiuPbmd"="ptipbm.dll" [2003-01-15 20:41 24576 C:\WINDOWS\system32\ptipbm.dll] "Ptipbmf"="ptipbmf.dll" [2003-06-20 15:06 118784 C:\WINDOWS\system32\ptipbmf.dll] "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 20992 C:\WINDOWS\LOGI_MWX.EXE] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 12:32 19968 C:\WINDOWS\system32\Ctxfihlp.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 05:42 15360] "NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2007-12-05 01:41 81920] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2006-08-03 01:26:30 1966080] Directrec Configuration Tool.lnk - C:\Program Files\Olympus\DSSPlayer\DirectrecConfig.exe [2006-12-08 22:11:27 122880] NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\WG311v3.exe [2007-11-21 17:51:20 1507328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "kavsvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\NeverwinterNights\\NWN\\nwmain.exe"= "C:\\WINDOWS\\system32\\CNAB3RPK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2003-05-09 16:55] R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-09-05 11:25] R1 SSHDRV79;SSHDRV79;C:\WINDOWS\system32\drivers\SSHDRV79.sys [2005-08-29 19:27] R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2005-07-24 22:54] R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40] S2 TROMPSUV;TROMPSUV;C:\WINDOWS\system32\drivers\TROMPSUV.sys [] S3 bde81;bde81;C:\WINDOWS\system32\bde81.sys [2008-08-25 10:09] S3 FANTOM;LEGO MINDSTORMS NXT Driver;C:\WINDOWS\system32\DRIVERS\fantom.sys [2006-03-10 15:55] S3 ids0004C;ids0004C;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys [] S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [] S3 ldiskl;ldiskl;C:\DOCUME~1\CHARLI~1\LOCALS~1\Temp\ldiskl.sys [] S3 LtcyCfgWDM;PCI Latency Tool Driver Service;C:\WINDOWS\system32\DRIVERS\LtcyCfgWDM.sys [2005-12-26 01:24] S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31] S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03] S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 10:27] S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42] S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42] S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42] S3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys [] S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42] S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57] S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-01-18 13:24] S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49] S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 17:50] S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 17:50] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 17:50] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 17:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc bdx REG_MULTI_SZ scan [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89322030-086e-11db-bcb6-000e502476af}] \Shell\AutoRun\command - G:\Installer.exe . Contents of the 'Scheduled Tasks' folder 2008-08-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-05-01 C:\WINDOWS\Tasks\McQcTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . - - - - ORPHANS REMOVED - - - - HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKCU-Run-Power2GoExpress - (no file) HKLM-Run-Cmaudio - cmicnfg.cpl MSConfigStartUp-Steam - c:\program files\valve\steam\steam.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.bbc.co.uk/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R0 -: HKLM-Main,Search Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;*.local R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O16 -: DirectAnimation Java Classes O16 -: Microsoft XML Parser for Java - C:\WINDOWS\Downloaded Program Files\ScriptX.inf O16 -: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/bt/yregucfg.cab C:\WINDOWS\Downloaded Program Files\yregucfg.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-27 21:04:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.exe -> C:\Program Files\SiteAdvisor\6261\saHook.dll -> C:\WINDOWS\system32\nview.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\Olympus\DeviceDetector\DM1Service.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\CNAB3RPK.EXE C:\Program Files\McAfee\MPF\MpfSrv.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\system32\PAStiSvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE C:\Program Files\BOINC\boinc.exe C:\Program Files\BOINC\projects\setiathome.berkeley.edu\astropulse_4.35_windows_intelx86.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe . ************************************************************************** . Completion time: 2008-08-27 21:11:40 - machine was rebooted [Charlie & Mandy] ComboFix-quarantined-files.txt 2008-08-27 20:11:35 Pre-Run: 2,502,279,168 bytes free Post-Run: 2,420,330,496 bytes free 326 --- E O F --- 2008-08-25 19:25:39