ComboFix 08-12-15.08 - The Colyers 2008-12-16 18:28:32.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1526.748 [GMT 0:00] Running from: c:\users\The Colyers\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\x64 J:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 ))))))))))))))))))))))))))))))) . 2008-12-16 14:12 . 2008-12-16 14:12 0 --a------ c:\windows\nsreg.dat 2008-12-16 08:09 . 2008-12-16 08:09 d-------- c:\program files\Bonjour 2008-12-14 15:08 . 2008-12-14 15:08 d-------- c:\program files\Trend Micro 2008-12-12 21:57 . 2008-12-12 21:57 d-------- c:\users\Public\Pictures 2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\System32\dns-sd.exe 2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\System32\dnssd.dll 2008-12-10 20:46 . 2008-12-12 22:10 d--h----- c:\users\The Colyers 1\AppData 2008-12-10 20:46 . 2008-12-12 22:10 d-------- c:\users\The Colyers 1 2008-12-09 19:59 . 2008-10-22 01:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-09 19:51 . 2008-11-01 01:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2008-12-09 19:51 . 2008-10-29 06:29 2,927,104 --a------ c:\windows\explorer.exe 2008-12-09 19:51 . 2008-10-21 05:25 296,960 --a------ c:\windows\System32\gdi32.dll 2008-12-09 19:51 . 2008-11-01 03:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2008-12-09 19:50 . 2008-06-23 01:59 2,868,736 --a------ c:\windows\System32\mf.dll 2008-12-09 19:50 . 2008-10-16 02:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2008-12-09 19:50 . 2008-06-23 01:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2008-12-09 19:50 . 2008-10-16 04:47 827,392 --a------ c:\windows\System32\wininet.dll 2008-12-09 19:50 . 2008-06-23 01:58 94,720 --a------ c:\windows\System32\logagent.exe 2008-12-07 13:05 . 2008-12-07 13:05 d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-07 13:05 . 2008-12-07 13:05 d-------- c:\program files\iTunes 2008-12-07 13:05 . 2008-12-07 13:05 d-------- c:\program files\iPod 2008-12-07 13:05 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2008-12-07 13:05 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2008-12-01 20:28 . 2008-12-16 12:00 d--h----- C:\$AVG8.VAULT$ 2008-11-29 09:30 . 2008-12-16 18:22 d-------- c:\programdata\avg8 2008-11-29 09:30 . 2008-11-29 09:30 d-------- c:\program files\AVG 2008-11-27 20:38 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-27 20:37 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-27 20:37 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-27 20:37 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-27 20:37 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-19 18:21 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-19 18:21 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-19 18:21 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-19 18:21 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-19 18:21 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-19 18:21 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-19 18:21 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-19 18:21 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-19 18:21 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-18 20:52 . 2008-11-18 20:52 d-------- c:\users\The Colyers\AppData\Roaming\Malwarebytes 2008-11-18 20:52 . 2008-11-18 20:52 d-------- c:\programdata\Malwarebytes 2008-11-18 20:52 . 2008-11-18 20:52 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-18 20:52 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-18 20:52 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-12 23:52 --------- d-----w c:\programdata\Kontiki 2008-12-09 20:25 --------- d-----w c:\program files\Windows Mail 2008-12-07 13:05 --------- d-----w c:\program files\Common Files\Apple 2008-12-04 12:09 --------- d-----w c:\program files\GameSpy Arcade 2008-11-28 14:12 --------- d-----w c:\program files\QuickTime 2008-11-16 16:17 --------- d-----w c:\program files\Yahoo! 2008-11-15 20:28 --------- d-----w c:\users\The Colyers\AppData\Roaming\Yahoo! 2008-11-15 20:14 --------- d-----w c:\program files\Cucusoft 2008-11-15 19:50 --------- d-----w c:\users\The Colyers\AppData\Roaming\dvdcss 2008-11-14 21:58 --------- d-----w c:\program files\FriendFinder 2008-11-08 20:39 --------- d-----w c:\program files\LucasArts 2008-11-08 20:32 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-08 17:43 --------- d-----w c:\users\The Colyers\AppData\Roaming\GARMIN 2008-11-08 17:40 --------- d-----w c:\program files\Garmin GPS Plugin 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-26 20:21 --------- d-----w c:\programdata\Bluebeam Software 2008-10-26 20:19 --------- d-----w c:\program files\Common Files\Bluebeam Software 2008-10-26 20:18 --------- d-----w c:\program files\Bluebeam Software 2008-10-14 10:22 278,528 ----a-w c:\windows\System32\Bluebeam Jpeg Library.dll 2008-10-09 12:26 174 --sha-w c:\program files\desktop.ini 2008-10-09 09:58 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2008-10-09 09:57 82,432 ----a-w c:\windows\System32\axaltocm.dll 2008-09-26 15:54 152,224 ----a-w c:\windows\System32\InstallPrinter6.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2007-11-20 17:24 53,744 ----a-w c:\users\The Colyers\AppData\Roaming\GDIPFONTCACHEV1.DAT 2008-02-17 19:07 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-02-17 19:07 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-02-17 19:07 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488] "kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-02 185632] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "MediaBarFileManager"="c:\program files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe" [2007-06-25 30024] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656] "kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376] "BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe" [2008-04-16 156320] "BbInstallUser"="c:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe" [2008-10-22 49824] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-04-04 c:\windows\SkyTel.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{79838B4C-5211-4454-9157-31CF0ABF2E07}"= UDP:c:\users\The Colyers\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard "{5696418A-A092-493D-B0DA-4CFEF80AD11A}"= TCP:c:\users\The Colyers\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard "{02E5B8B3-BF9E-4969-A2CD-C69983F3011B}"= UDP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service "{214AE8EF-AF2D-426F-A626-EB7CB947C4DB}"= TCP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service "{2CB05B2E-F1CD-4A6A-AD42-E5EB76984AAE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{C9374715-758C-4B68-AB96-3DF0F53DE463}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{6387A6A3-71DD-461D-B4F4-AB3C998CB133}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{707D86F2-11D1-4049-93A1-82303B1EFE8A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{1ADF43DB-D08E-46FC-84D4-5E53EAFFF5E8}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{6A375401-D523-48C1-82C1-9BF180B74BCD}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer "UDP Query User{5386CF9C-1C81-42E6-96C2-99F7B573024E}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer "{934899E5-A24C-429B-A1E7-4003FD7AE9AA}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service "{D0A306DB-F756-4483-B177-A2A1AB2ACED4}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service "{AFE855AB-871F-458A-8B4D-9F02D5C79C11}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service "{9643BFD7-5B78-4316-9E04-C9347CEF805C}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service "{394E58EA-659C-49A5-B918-F263E7C4BAED}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "{EA8D1E2A-1ED1-46AB-AA27-24338188C0AD}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "{7D83E040-F9B6-4D60-AC98-D013EE1C455D}"= UDP:j:\program files\Orb Networks\Orb\bin\Orb.exe:Orb "{753E6D2E-0333-4F12-99DB-345CC7D6869F}"= TCP:j:\program files\Orb Networks\Orb\bin\Orb.exe:Orb "{B2A11334-5BC8-4190-8907-FFE99B6EDA76}"= UDP:j:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray "{999DA964-4077-4441-9307-319EA4CC2AA8}"= TCP:j:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray "{1DC9D40F-74EB-4DAF-9E02-20E58C0E5517}"= UDP:j:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR "{AA72E6DE-A62C-4C23-BA7B-B4C87F763ACE}"= TCP:j:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR "{C30C3149-120D-4E81-87A2-EFEDE3574711}"= UDP:j:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client "{597AE5F8-6876-4008-9E60-69AC60D23CF9}"= TCP:j:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client "{02CF727F-F7D7-400D-8F44-3BBD47F1FD46}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{8ACB1745-9341-4AA7-9E2B-2AB0A2CD4E85}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{56E24FEF-75F9-464E-8D7A-8FCAD6C353FD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{467CDED3-07C3-4166-BE3E-C36299D0661F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-03-29 810320] S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2007-10-08 30464] S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2007-10-08 12672] S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys [2007-10-08 35328] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \shell\AutoRun\command - j:\wd_windows_tools\WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{184ab975-8359-11dd-aadd-9848f6bf6327}] \shell\AutoRun\command - K:\LOCKv220.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7480fbf7-444a-11dd-81a2-ba711d2fdb07}] \shell\AutoRun\command - j:\wd_windows_tools\WDSetup.exe *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-12-16 c:\windows\Tasks\User_Feed_Synchronization-{BFAD5074-38C2-4D93-8C80-423E6C030314}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 07:33] . - - - - ORPHANS REMOVED - - - - HKCU-Run-IMC - c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe HKLM-Run-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-16 18:32:21 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-12-16 18:37:25 ComboFix-quarantined-files.txt 2008-12-16 18:37:23 Pre-Run: 183,249,457,152 bytes free Post-Run: 182,466,412,544 bytes free 194 --- E O F --- 2008-12-16 08:14:09