ComboFix 08-06-20.4 - Sergio Perez 2008-06-25 15:19:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.108 [GMT -6:00]
Running from: C:\Documents and Settings\Sergio Perez\Desktop\PC Protection\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sergio Perez\Desktop\PC Protection\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\smp.bat
C:\WINDOWS\BMdb5b4263.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\28463
C:\WINDOWS\system32\28463\POLG.001
C:\WINDOWS\system32\28463\POLG.002
C:\WINDOWS\system32\28463\POLG.002.tmp
C:\WINDOWS\system32\28463\POLG.005
C:\WINDOWS\system32\28463\POLG.005.tmp
C:\WINDOWS\system32\28463\POLG.008
C:\WINDOWS\system32\28463\POLG.008.tmp
C:\WINDOWS\system32\fhbatdkt.ini
C:\WINDOWS\system32\fvccxdug.ini
C:\WINDOWS\system32\jdlktivj.dll
C:\WINDOWS\system32\jncakloh.ini
C:\WINDOWS\system32\lgapormg.dll
C:\WINDOWS\system32\lhfekwgp.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nnussaux.dll
C:\WINDOWS\system32\nTBLkUvw.ini
C:\WINDOWS\system32\piwfcnaw.ini
C:\WINDOWS\system32\qdvltfbb.dll
C:\WINDOWS\system32\qgdjlich.dll
C:\WINDOWS\system32\rilurdbm.ini
C:\WINDOWS\system32\sltorffq.dll
C:\WINDOWS\system32\sqfdhmlr.ini
C:\WINDOWS\system32\svhosts.exe
C:\WINDOWS\system32\uaymhiri.ini
C:\WINDOWS\system32\ujeaawfv.dll
C:\WINDOWS\system32\urqNGxuV.dll
C:\WINDOWS\system32\vntghcmn.dll
C:\WINDOWS\system32\vpftvsfg.dll
C:\WINDOWS\system32\weukewgi.dll
C:\WINDOWS\system32\winxtx32.dll
C:\WINDOWS\system32\wvUkLBTn.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.
2008-06-25 15:18 . 2008-06-25 15:19
d-------- C:\cmdcons
2008-06-25 15:15 . 2008-06-25 15:28 d-------- C:\ComboFix
2008-06-25 13:31 . 2008-06-25 13:31 d-------- C:\Documents and Settings\Sergio Perez\Application Data\Comodo
2008-06-25 13:31 . 2008-06-25 13:36 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-06-25 13:31 . 2008-06-25 13:31 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-06-25 13:31 . 2008-06-25 13:31 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-25 13:31 . 2008-06-25 13:31 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-25 12:57 . 2008-06-25 12:57 d-------- C:\Program Files\ZoneAlarmSB
2008-06-25 12:32 . 2008-06-25 12:32 d-------- C:\Documents and Settings\Sergio Perez\Application Data\Malwarebytes
2008-06-25 12:32 . 2008-06-25 12:32 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 12:32 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-25 12:32 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-25 12:25 . 2008-06-25 15:19 d-------- C:\QooBox
2008-06-25 12:04 . 2008-06-25 12:04 d-------- C:\Deckard
2008-06-25 12:04 . 2008-06-25 12:04 d-------- C:\Deckard
2008-06-24 23:16 . 2008-06-24 23:16 101,888 --a------ C:\WINDOWS\system32\encuuiot.dll
2008-06-24 16:15 . 37 C:\WINDOWS\!é
2008-06-23 23:02 . 2008-06-23 23:02 106,496 --a------ C:\WINDOWS\system32\qcalcufl.dll
2008-06-23 23:02 . 2008-06-23 23:02 95,232 --a------ C:\WINDOWS\system32\tgbbhbap.dll
2008-06-23 13:21 . 2008-06-23 13:22 d-------- C:\root
2008-06-23 13:21 . 2008-06-23 13:22 d-------- C:\root
2008-06-22 22:34 . 2008-06-22 22:34 101,888 --a------ C:\WINDOWS\system32\pwtypnwj.dll
2008-06-22 22:31 . 2008-06-22 22:31 95,232 --a------ C:\WINDOWS\system32\cauiglni.dll
2008-06-22 18:09 . 2008-06-22 18:09 95,232 --a------ C:\WINDOWS\system32\fbhkudlg.dll
2008-06-21 17:36 . 2004-01-21 18:49 389,120 --a------ C:\WINDOWS\system32\cmax20.ocx
2008-06-21 15:49 . 2008-06-21 15:49 101,888 --a------ C:\WINDOWS\system32\gvtjfigq.dll
2008-06-21 15:46 . 2008-06-21 15:46 94,208 --a------ C:\WINDOWS\system32\dogodvai.dll
2008-06-20 15:47 . 2008-06-20 15:48 101,888 --a------ C:\WINDOWS\system32\damirjio.dll
2008-06-18 18:33 . 2008-06-18 19:59 d-------- C:\Documents and Settings\Sergio Perez\Application Data\OpenArena
2008-06-17 14:24 . 2008-06-17 15:34 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-16 19:04 . 2008-06-18 17:39 d-------- C:\Program Files\Common Files\Merge Modules
2008-06-16 19:03 . 2008-06-16 19:03 d-------- C:\Program Files\Microsoft SDKs
2008-06-15 16:50 . 2008-06-15 16:50 d-------- C:\Documents and Settings\Sergio Perez\Debug
2008-06-15 15:55 . 2008-06-21 20:10 1,733 --a------ C:\WINDOWS\TSearch.INI
2008-06-15 11:57 . 2008-06-15 11:57 145 --a------ C:\WINDOWS\system32\winver.bat
2008-06-12 19:39 . 2008-06-12 19:39 d-------- C:\WINDOWS\wb
2008-06-12 19:39 . 1996-08-15 22:44 87,552 -ra------ C:\WINDOWS\system\url.dll
2008-06-12 19:39 . 1996-09-29 21:32 9,728 -ra------ C:\WINDOWS\system\rnaph.dll
2008-06-11 17:55 . 2008-06-11 17:55 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-11 16:15 . 2008-04-14 05:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 16:15 . 2008-04-14 05:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:09 . 2008-06-11 16:09 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-06-11 15:54 . 2008-06-11 15:54 0 --a------ C:\WINDOWS\LiveBilliards.INI
2008-06-10 13:23 . 2008-06-10 13:23 d-------- C:\Program Files\OpenAL
2008-06-10 13:23 . 2008-06-10 13:23 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-06-10 13:23 . 2008-06-10 13:23 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-06-10 13:05 . 2008-06-10 13:05 d-------- C:\Documents and Settings\Sergio Perez\.smartcvs
2008-06-10 00:09 . 2008-06-10 00:09 0 --a------ C:\WINDOWS\JoyAct.INI
2008-06-09 23:40 . 2008-06-09 23:40 d-------- C:\Program Files\ReflexiveArcade
2008-06-09 22:01 . 1996-07-29 12:11 733,296 --a------ C:\Documents and Settings\Sergio Perez\OPENGL32.DLL
2008-06-09 22:01 . 1996-07-29 12:09 139,712 --a------ C:\Documents and Settings\Sergio Perez\GLU32.DLL
2008-06-09 20:18 . 2008-06-09 20:18 122,880 --a------ C:\WINDOWS\system\u_inst.exe
2008-06-09 20:18 . 1997-01-31 16:44 50,176 --a------ C:\WINDOWS\system32\CSH.DLL
2008-06-09 20:18 . 1996-09-11 14:33 48,640 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-06-09 20:18 . 2000-01-21 09:44 29,696 --a------ C:\WINDOWS\system32\iaimidi.dll
2008-06-09 20:18 . 1999-11-25 21:00 5,272 --a------ C:\WINDOWS\system32\Iaikeyb.vxd
2008-06-09 20:17 . 1998-06-30 15:13 287,504 --a------ C:\WINDOWS\system32\msxbse35.dll
2008-06-09 20:17 . 1998-06-30 15:13 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2008-06-09 20:17 . 1998-06-30 15:15 250,128 --a------ C:\WINDOWS\system32\MSEXCL35.DLL
2008-06-09 20:17 . 1998-06-30 15:13 166,160 --a------ C:\WINDOWS\system32\msltus35.dll
2008-06-09 20:17 . 1998-06-30 15:18 165,648 --a------ C:\WINDOWS\system32\MSTEXT35.DLL
2008-06-09 20:16 . 1998-10-06 18:34 327,168 --a------ C:\WINDOWS\IsUn040a.exe
2008-06-06 14:35 . 2008-06-06 14:35 d-------- C:\Documents and Settings\All Users\Application Data\Digital Anarchy
2008-06-04 17:00 . 2008-06-04 17:00 253,952 --------- C:\WINDOWS\Setup1.exe
2008-06-04 16:11 . 37 C:\WINDOWS\~L
2008-06-02 17:51 . 2005-02-09 12:44 22,528 --a------ C:\WINDOWS\exeshl.dll
2008-06-02 17:51 . 2008-06-02 18:09 9,719 --a------ C:\WINDOWS\PACEMAKER123.LIC
2008-06-02 17:51 . 2008-06-02 18:09 97 --a------ C:\WINDOWS\netctrl.ini
2008-06-01 17:15 . 2000-08-23 17:00 33,280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL
2008-06-01 10:23 . 37 C:\WINDOWS\!Ò
2008-05-31 13:48 . 37 C:\WINDOWS\^9Ò
2008-05-31 13:37 . 2007-01-23 18:49 71,680 --------- C:\WINDOWS\system32\drivers\PAVDRV51.SYS
2008-05-31 13:37 . 2008-05-31 13:37 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-05-31 13:37 . 2008-05-31 13:37 37 --a------ C:\WINDOWS\r007
2008-05-31 13:35 . 2008-06-25 12:13 d-------- C:\WINDOWS\system32\PAV
2008-05-31 13:35 . 2008-05-31 13:35 d-------- C:\Program Files\Prodigy Antivirus
2008-05-31 13:35 . 2006-05-02 09:40 49,152 --a------ C:\WINDOWS\system32\pavcpl.cpl
2008-05-31 13:35 . 2006-07-14 13:46 45,056 --a------ C:\WINDOWS\system32\avldr.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 21:22 --------- d-----w C:\Documents and Settings\Sergio Perez\Application Data\DNA
2008-06-22 02:10 --------- d-----w C:\Documents and Settings\Sergio Perez\Application Data\Xfire
2008-06-18 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-18 22:41 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-18 17:13 --------- d-----w C:\Program Files\Opera
2008-06-04 23:00 74,240 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-31 20:07 --------- d-----w C:\Program Files\Circle Developement
2008-05-31 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 19:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 19:27 --------- d-----w C:\Program Files\Symantec
2008-05-31 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-22 01:50 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-05-16 03:07 --------- d-----w C:\Program Files\DNA
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-06 01:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-05 23:14 --------- d-----w C:\Documents and Settings\Sergio Perez\Application Data\Nubs
2008-05-05 01:21 --------- d-----w C:\Documents and Settings\Sergio Perez\Application Data\gunz-mrb
2008-04-29 22:13 --------- d-----w C:\Documents and Settings\Sergio Perez\Application Data\BitTorrent
2008-04-27 06:04 --------- d-----w C:\Program Files\Java
2008-04-26 17:43 --------- d--h--w C:\Documents and Settings\Sergio Perez\Application Data\ijjigame
2008-04-26 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-01-12 23:32 332 ----a-w C:\Documents and Settings\Sergio Perez\sparkedit.dat
2007-10-15 20:42 57,344 ----a-w C:\Documents and Settings\Sergio Perez\lametritonus.dll
2007-10-15 20:41 162,304 ----a-w C:\Documents and Settings\Sergio Perez\lame_enc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4557e1d0-3cbf-434f-83df-0e4d85795721}]
2008-06-24 23:16 101888 --a------ C:\WINDOWS\system32\encuuiot.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-07 22:58 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMan"="SOUNDMAN.EXE" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 04:41 1122304]
"PE2CKFNT SE"="D:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 13:51 25088]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.EXE" [ ]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\System Files Updater.exe" [2006-01-15 00:31 153233]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"APVXDWIN"="C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\APVXDWIN.EXE" [2007-01-25 18:50 321072]
"COMODO Firewall Pro"="D:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-25 13:31 1655552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Keyboard Manager"="C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe" [2001-07-17 04:34 589824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]
C:\Documents and Settings\Sergio Perez\Start Menu\Programs\Startup\
InterAct Profile Activator.lnk - D:\Program Files\InterAct\Gaming Devices\JoyAct.exe [2008-06-09 20:17:52 352256]
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe [2007-12-29 15:11:03 534016]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - D:\Program Files\Launchy\Launchy.exe [2008-04-19 13:36:32 274432]
Photo Express Calendar Checker SE.lnk - D:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2008-01-21 21:54:18 55296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2006-07-14 13:46 45056 C:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qcalcufl.dll C:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.XFR1"= xfcodec.dll
"VIDC.HFYU"= huffyuv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Archivos de Programa\\Soldat\\Soldat.exe"=
"D:\\Archivos de Programa\\Xfire\\xfire.exe"=
"D:\\Archivos de Programa\\Soldat\\Server\\soldatserver.exe"=
"D:\\Archivos de Programa\\Steam\\SteamApps\\ivanxpm\\half-life 2 deathmatch\\hl2.exe"=
"D:\\Softimage\\XSI_4.2_ModTool\\Application\\bin\\nt-x86-p4\\XSI.exe"=
"D:\\Archivos de Programa\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"D:\\Archivos de Programa\\Steam\\SteamApps\\ivanxpm\\half-life 2\\hl2.exe"=
"D:\\Archivos de Programa\\Steam\\SteamApps\\ivanxpm\\source sdk base\\hl2.exe"=
"D:\\Archivos de Programa\\Steam\\Steam.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"D:\\Archivos de Programa\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"D:\\Archivos de Programa\\softnyx\\GunboundWC\\GunBound.gme"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Sergio Perez\\Desktop\\mmorpgs\\Elysium Diamond\\Server\\Server.exe"=
"C:\\Documents and Settings\\Sergio Perez\\Desktop\\mmorpgs\\Chaos_1.3_\\Server\\Chaos Server.exe"=
"C:\\Documents and Settings\\Sergio Perez\\Desktop\\mmorpgs\\XW1.0RC1Full\\Server\\Server.exe"=
"D:\\Archivos de Programa\\Microsoft Visual Studio\\VB98\\VB6.EXE"=
"C:\\Documents and Settings\\Sergio Perez\\Desktop\\mmorpgs\\mse-build1\\server\\Server.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"D:\\Halo\\halo.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"D:\\Halo CE\\Halo Custom Edition\\haloce.exe"=
"D:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"D:\\Program Files\\Python25\\pythonw.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"D:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\Program Files\\AssaultCube\\bin_win32\\ac_server.exe"=
"D:\\nexuiz-23\\Nexuiz\\nexuiz.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"D:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\Program Files\\Off Road Arena\\Off-Road Arena.RWG"=
"D:\\Program Files\\Live Billiards\\LiveBilliards.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"D:\\Program Files\\OpenArena\\openarena.exe"=
"D:\\Program Files\\OpenArena\\oa_ded.exe"=
R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-29 03:33]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-25 13:31]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-25 13:31]
R1 EPPSCSIx;EPPSCSIx;C:\WINDOWS\system32\drivers\EPPSCSI.SYS [1999-11-11 18:39]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 13:03]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-29 04:13]
R2 npkcmsvc;npkcmsvc;D:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 12:33]
S2 ManagereUpdate;Windows Update Managere;C:\Program Files\WindowsUpdate\update []
S3 DBKDRVR54;DBKDRVR54;D:\Program Files\Cheat Engine\dbk32.sys [2007-12-27 05:45]
S3 Scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2001-08-17 14:53]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caee3f1f-1559-11dc-ac73-001617206c73}]
\Shell\AutoRun\command - R:\x.com
\Shell\explore\Command - R:\x.com
\Shell\open\Command - R:\x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d81feb18-15fa-11dc-ac7b-001617206c73}]
\Shell\AutoRun\command - P:\x.com
\Shell\explore\Command - P:\x.com
\Shell\open\Command - P:\x.com
.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 16:28:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-07 09:30:00 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.ex
- C:\Program Files\RegSweep
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 15:25:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ManagereUpdate]
"ImagePath"="C:\Program Files\WindowsUpdate\update"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\gearsec.exe
D:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\PsCtrlS.exe
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\PAVSRV51.EXE
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\AVENGINE.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\PsImSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\ComboFix\catchme.tmp
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Prodigy Antivirus\Prodigy Antivirus\WebProxy.exe
.
**************************************************************************
.
Completion time: 2008-06-25 15:38:56 - machine was rebooted [Sergio Perez]
ComboFix-quarantined-files.txt 2008-06-25 21:38:41
Pre-Run: 4,315,238,400 bytes free
Post-Run: 4,208,291,840 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
332 --- E O F --- 2008-06-11 23:58:08