ComboFix 12-01-05.01 - Allen 01/05/2012 10:34:56.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1262.802 [GMT -5:00] Running from: c:\documents and settings\Allen\Desktop\The Malware Issue\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\jkp151xy5ffv58xt0f388o1gdtkty7jp8gqbp c:\documents and settings\All Users\Application Data\Tarma Installer c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Allen\Application Data\Desktop Security c:\documents and settings\Allen\Application Data\Mozilla\Firefox\Profiles\g5i37zh8.default\searchplugins\bing-zugo.xml c:\documents and settings\Allen\Local Settings\Application Data\assembly\tmp c:\documents and settings\Allen\Start Menu\Programs\Desktop Security c:\documents and settings\Allen\Templates\jkp151xy5ffv58xt0f388o1gdtkty7jp8gqbp c:\documents and settings\Allen\WINDOWS C:\install.exe C:\LOG239.tmp C:\LOGF0.tmp C:\LOGFD.tmp c:\program files\Retrogamer_2zEI c:\program files\Shop to Win c:\program files\Shop to Win\InstallNotifier.exe c:\program files\Shop to Win\unins000.dat c:\program files\Shop to Win\unins000.exe c:\program files\Shop to Win\UnInstallPlugin.exe c:\windows\$NtUninstallKB31486$\2631067180\@ c:\windows\$NtUninstallKB31486$\2631067180\bckfg.tmp c:\windows\$NtUninstallKB31486$\2631067180\cfg.ini c:\windows\$NtUninstallKB31486$\2631067180\Desktop.ini c:\windows\$NtUninstallKB31486$\2631067180\keywords c:\windows\$NtUninstallKB31486$\2631067180\kwrd.dll c:\windows\$NtUninstallKB31486$\2631067180\L\odetmngk c:\windows\$NtUninstallKB31486$\2631067180\lsflt7.ver c:\windows\$NtUninstallKB31486$\2631067180\U\00000001.@ c:\windows\$NtUninstallKB31486$\2631067180\U\00000002.@ c:\windows\$NtUninstallKB31486$\2631067180\U\00000004.@ c:\windows\$NtUninstallKB31486$\2631067180\U\80000000.@ c:\windows\$NtUninstallKB31486$\2631067180\U\80000004.@ c:\windows\$NtUninstallKB31486$\2631067180\U\80000032.@ c:\windows\$NtUninstallKB31486$\811083589 c:\windows\Downloaded Installations\BMP c:\windows\Downloaded Installations\BMP\{FC22FE0D-231E-4E0C-BB36-CDFD268B7956}\0x0409.ini c:\windows\Downloaded Installations\BMP\{FC22FE0D-231E-4E0C-BB36-CDFD268B7956}\1033.MST c:\windows\Downloaded Installations\BMP\{FC22FE0D-231E-4E0C-BB36-CDFD268B7956}\BACS.msi c:\windows\Downloaded Program Files\popcaploader.dll c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\ST6UNST.000 c:\windows\system32\PowerToyReadme.htm c:\windows\$NtUninstallKB31486$ . . . . Failed to delete . . ((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 ))))))))))))))))))))))))))))))) . . 2012-01-05 05:43 . 2012-01-05 05:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2012-01-05 05:15 . 2012-01-05 05:15 -------- d-----w- c:\windows\MATS 2012-01-05 05:15 . 2012-01-05 05:15 -------- d-----w- c:\program files\Microsoft Fix it Center 2012-01-05 05:08 . 2012-01-05 05:08 -------- d-----w- c:\documents and settings\Allen\Application Data\ElevatedDiagnostics 2012-01-05 03:19 . 2010-04-14 01:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys 2012-01-05 03:19 . 2012-01-05 03:19 -------- d-----w- c:\program files\McAfee Online Backup 2012-01-05 03:18 . 2011-04-11 19:29 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2012-01-05 03:17 . 2012-01-05 03:17 -------- d-----w- c:\documents and settings\Allen\Local Settings\Application Data\McAfee Anti-Theft 2012-01-05 03:16 . 2011-12-06 22:22 28760 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll 2012-01-05 03:16 . 2011-10-15 17:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-01-05 03:16 . 2011-10-15 17:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2012-01-05 03:16 . 2011-10-15 17:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-01-05 03:16 . 2011-10-15 17:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2012-01-05 03:16 . 2011-10-15 17:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-01-05 03:16 . 2011-10-15 17:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-01-05 03:16 . 2011-10-15 17:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-01-05 03:16 . 2011-10-15 17:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-01-05 03:15 . 2012-01-05 03:17 -------- d-----w- c:\program files\Common Files\Mcafee 2012-01-05 03:15 . 2012-01-05 04:10 -------- d-----w- c:\program files\McAfee 2012-01-05 03:02 . 2011-11-18 21:36 150856 ----a-w- c:\windows\system32\mfevtps.exe 2012-01-04 20:06 . 2012-01-04 20:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun 2011-12-27 16:10 . 2011-12-27 16:11 -------- d-----w- C:\WLMP 2011-12-27 14:22 . 2011-12-27 14:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2011-12-27 14:22 . 2011-12-27 14:22 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll 2011-12-09 21:45 . 2011-12-09 21:45 -------- d-----w- c:\program files\Stentor 2011-12-09 21:45 . 2011-12-09 21:45 -------- d-----w- C:\iSiteLogs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-22 23:07 . 2011-06-02 23:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-10 06:07 . 2011-11-10 06:07 151312 ----a-w- c:\windows\system32\winwb86.IME 2011-11-04 19:20 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2004-08-10 17:51 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:33 . 2004-08-10 17:51 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2004-08-04 03:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2004-08-10 17:51 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-15 17:16 . 2011-10-15 17:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-10-15 17:16 . 2011-10-15 17:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-10-10 14:22 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll 2008-12-31 05:30 . 2008-12-31 05:30 336 ----a-w- c:\program files\temp995.bat 2011-07-08 07:16 . 2011-08-06 21:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK] @="{3c3f3c1a-9153-7c05-f938-622e7003894d}" [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2] @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}" [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3] @="{b4caf489-1eec-c617-49ad-8d7088598c06}" [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}] 2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-14 98304] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816] "McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . c:\documents and settings\Allen\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-5-31 575488] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] VirtuaWin.lnk - c:\program files\VirtuaWin\VirtuaWin.exe [2008-5-25 124928] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 setuid . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ WINWB86.IME . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk backup=c:\windows\pss\Billminder.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk backup=c:\windows\pss\Quicken Startup.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Allen^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=c:\documents and settings\Allen\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2008-08-13 22:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-04-27 14:09 133104 ----atw- c:\documents and settings\Allen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-16 11:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] 2006-01-17 17:03 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [1/4/2012 10:18 PM 64048] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/4/2012 10:16 PM 89792] R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [1/4/2012 10:19 PM 54776] R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [1/19/2006 11:59 PM 8576] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2012 10:15 PM 214904] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2012 10:15 PM 214904] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2012 10:15 PM 214904] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [1/4/2012 10:16 PM 160608] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/4/2012 10:02 PM 150856] R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 8:11 PM 229688] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/4/2012 10:16 PM 57600] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/4/2012 10:16 PM 338176] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/4/2012 10:16 PM 83856] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 8:49 PM 136176] S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys --> c:\windows\system32\DRIVERS\CSVirtA.sys [?] S3 fidcam;Unibrain MS 1394 based IIDC Digital Camera Driver;c:\windows\system32\drivers\fidcam.sys [11/17/2006 11:27 AM 48128] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/14/2010 8:49 PM 136176] S3 JRSKD24;JRSKD24;\??\c:\windows\system32\JRSKD24.SYS --> c:\windows\system32\JRSKD24.SYS [?] S3 MatSvc;@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/4/2012 10:16 PM 83856] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/4/2012 10:16 PM 87656] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064] S3 NPFWFLT;NPFWFLT;c:\windows\system32\npfwflt.sys [6/18/2009 2:13 AM 41600] S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys --> c:\windows\system32\DRIVERS\PTDMBus.sys [?] S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys --> c:\windows\system32\DRIVERS\PTDMMdm.sys [?] S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys --> c:\windows\system32\DRIVERS\PTDMVsp.sys [?] S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys --> c:\windows\system32\DRIVERS\PTDMWWAN.sys [?] S3 SCPMPR5;SCPMPR5 NDIS Protocol Driver;\??\d:\scpmpr5.sys --> d:\SCPMPR5.SYS [?] S3 sonydcam;Generic 1394 Desktop Camera;c:\windows\system32\drivers\sonydcam.sys [8/3/2004 11:09 PM 25344] S3 USRSp50;USRSp50 NDIS Protocol Driver;c:\windows\system32\drivers\USRSp50.sys [7/10/2006 4:18 PM 17664] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 5:28 PM 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 5:28 PM 369688] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-01-05 c:\windows\Tasks\fba_Daily Backup.job - c:\program files\Softland\FBackup 4\fbaSchedStarter.exe [2011-06-03 20:47] . 2012-01-05 c:\windows\Tasks\User_Feed_Synchronization-{DC0CEE94-D4A1-43E1-AC70-E0E93192A266}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com Trusted Zone: aol.com\free Trusted Zone: imlive.com Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.1.1 DPF: {1B5EE264-CCAB-48A4-B8DA-04D4BB004CC3} - hxxp://online.keb.co.kr/cab/miplatform/MiUpdater310-20061109_1035.cab DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://download.softforum.co.kr/Published/XecureWeb/v7.2.2.7/xw_install.cab DPF: {8FD68F8A-641E-4204-AE47-DD835C1AE756} - hxxp://ck.softforum.co.kr/CKKeyPro/keb/CKAppPro.cab DPF: {A2A4336A-E49E-44E8-B152-E98E841CFA24} - hxxp://gisweb4.chzero.com/zeromap/ZeroMapUpdate.cab DPF: {CDD6E613-CBEF-40C3-A140-4F5EEE0C4E00} - hxxp://ck.softforum.co.kr/phishingpro/current/CKPhishingPro.cab FF - ProfilePath - c:\documents and settings\Allen\Application Data\Mozilla\Firefox\Profiles\g5i37zh8.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - user.js: yahoo.homepage.dontask - true);user_pref(dom.disable_open_during_load, true // Popupblocker control handled by McAfee Privacy Service FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . BHO-{518295fe-e2bb-49de-accc-c9d284a0d736} - (no file) BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Runtime\YontooIEClient.dll Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe MSConfigStartUp-E08AXLRD_10992746 - c:\program files\Microsoft Encarta\Encarta Premium DVD 2008\EDICT.EXE MSConfigStartUp-E08AXLRD_134246546 - c:\program files\Microsoft Encarta 2008\Encarta Premium DVD 2008\EDICT.EXE MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb AddRemove-{50D9C7D1-86C4-4982-A47E-D490C70A1C7D}_is1 - c:\program files\Shop To Win\unins000.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-05 11:16 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\x*] "Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\" . [HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\¬ *ª*] "Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(1492) c:\windows\system32\setuid.dll . - - - - - - - > 'explorer.exe'(3316) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\program files\McAfee Online Backup\MOBKshell.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\CVSNT\cvslock.exe c:\program files\CVSNT\cvsservice.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\rundll32.exe c:\windows\system32\igfxsrvc.exe c:\program files\VirtuaWin\modules\WinList.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\NOTEPAD.EXE c:\windows\system32\NOTEPAD.EXE . ************************************************************************** . Completion time: 2012-01-05 11:36:08 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-05 16:35 . Pre-Run: 1,645,867,008 bytes free Post-Run: 2,130,915,328 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 39454AB4678C8EA2267517EF17DE7E08