ComboFix 08-07-04.6 - Compaq_Owner 2008-07-05 12:56:22.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.532 [GMT -6:00] Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Antivirus XP 2008.lnk C:\tmp4898121.dll C:\WINDOWS\mrvtdpqe.exe C:\WINDOWS\Sys1B2.exe C:\WINDOWS\Sys1B3.exe C:\WINDOWS\Sys1B5.exe C:\WINDOWS\system32\mlfcache.dat C:\WINDOWS\system32\tuvUOfET.dll.vir C:\WINDOWS\system32\vav.cpl . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Antivirus XP 2008.lnk C:\Documents and Settings\Compaq_Owner\Desktop\SystemDefender.lnk C:\Documents and Settings\Compaq_Owner\Desktop\Vista Antivirus 2008.lnk C:\tmp4898121.dll C:\WINDOWS\mrvtdpqe.exe C:\WINDOWS\Sys1B2.exe C:\WINDOWS\Sys1B3.exe C:\WINDOWS\Sys1B5.exe C:\WINDOWS\system32\mlfcache.dat C:\WINDOWS\system32\tuvUOfET.dll.vir C:\WINDOWS\system32\vav.cpl . ((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 ))))))))))))))))))))))))))))))) . 2008-07-05 11:22 . 2008-07-05 11:27 d-------- C:\fixwareout 2008-07-05 11:15 . 2008-07-05 11:15 d-------- C:\_OTMoveIt 2008-07-04 12:56 . 2008-07-04 12:56 d-------- C:\Program Files\Trend Micro 2008-07-04 12:04 . 2008-07-05 11:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-04 12:04 . 2008-07-04 12:04 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-04 11:51 . 2005-02-04 02:19 d-------- C:\Documents and Settings\Administrator\WINDOWS 2008-07-04 11:51 . 2005-02-04 02:41 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2008-07-04 11:51 . 2005-02-04 02:33 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView 2008-07-04 11:51 . 2005-02-04 02:38 d-------- C:\Documents and Settings\Administrator\Application Data\InterMute 2008-07-04 11:51 . 2005-02-04 02:18 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-07-04 11:51 . 2008-07-04 11:51 d-------- C:\Documents and Settings\Administrator 2008-07-04 11:41 . 2008-07-04 11:40 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-07-04 11:41 . 2008-07-04 11:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-07-04 11:41 . 2008-07-04 11:40 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-07-04 11:41 . 2008-07-04 11:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-07-04 11:41 . 2008-07-04 11:40 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-07-04 11:41 . 2008-07-04 11:40 81,920 --a------ C:\WINDOWS\system32\404Fix.exe 2008-07-04 11:41 . 2008-07-04 11:40 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-07-04 11:41 . 2008-07-04 11:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-07-04 11:41 . 2008-07-04 11:40 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-07-04 11:41 . 2008-07-04 12:11 5,142 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-03 19:57 . 2008-07-03 20:14 30,208 --a------ C:\WINDOWS\Sys1B4.exe 2008-07-02 21:03 . 2008-07-03 09:51 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Download Manager 2008-06-20 08:08 . 2008-06-20 08:08 d-------- C:\WINDOWS\system32\Adobe 2008-06-10 17:34 . 2008-06-13 07:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 17:34 . 2008-06-13 07:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-05 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-07-05 17:56 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire 2008-07-05 17:49 --------- d-----w C:\Program Files\Morpheus 2008-07-04 05:53 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-07-04 02:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-27 04:35 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\WeatherBug 2008-06-26 16:35 --------- d-----w C:\Program Files\Dl_cats 2008-06-25 19:30 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Juniper Networks 2008-06-24 18:04 20,840 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat 2008-06-10 19:06 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks 2008-05-25 19:54 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-24 04:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-03-05 23:16 382 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\internaldb6334.dat 2007-03-05 21:23 194 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\internaldb8467.dat 2007-03-05 21:23 18,432 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\internaldb41.dat 2005-06-23 19:02 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2003-08-27 19:19 36,963 -c--a-r C:\Program Files\Common Files\SM1updtr.dll 2006-07-26 21:06 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344] "Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe" [2005-02-04 02:24 159744] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 18:04 5562368] "Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2007-08-23 19:31 1343488] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 08:59 224248] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-03 16:55 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04 52736] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 09:59 126976] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 13:02 61440] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-04 02:11 180269] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 14:43 233472] "PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 13:13 98304] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 15:54 253952] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 20:13 1695744] "SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 13:20 94208] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50 40960] "DLCICATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 16:01 73728] "dlcimon.exe"="C:\Program Files\Dell AIO Printer 946\dlcimon.exe" [2006-12-07 23:16 435080] "FaxCenterServer"="C:\Program Files\Dell Fax Solutions\fm3032.exe" [2006-12-07 23:19 312200] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 08:59 224248] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e"="C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe" [2008-04-04 10:17 587176] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 11:06 88363 C:\WINDOWS\AGRSMMSG.exe] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 19:23 443968] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 18:04 5562368] C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\ hc_tray.lnk - C:\Program Files\Kuma Games\hcsystray\hc_tray.exe [2007-04-26 13:49:20 31944] LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 15:32:57 147456] Morpheus.lnk - C:\Program Files\Morpheus\Morpheus.exe [2007-11-14 12:58:18 785920] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26 29696] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-14 21:35:02 124400] SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [2005-02-04 02:20:30 73728] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg21.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Quicken WillMaker Plus 2007\\qwp.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Morpheus\\Morpheus.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 01:00] R2 dlci_device;dlci_device;C:\WINDOWS\system32\dlcicoms.exe [2006-12-07 23:17] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}] \Shell\AutoRun\command - D:\setup.exe *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-07-04 23:04:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-07-03 10:00:00 C:\WINDOWS\Tasks\Disk Cleanup.job" - C:\WINDOWS\system32\cleanmgr.exe . - - - - ORPHANS REMOVED - - - - WebBrowser-{5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file) WebBrowser-{E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file) ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file) ShellExecuteHooks-{5D72C2A4-9AC6-4727-A705-CEA1F0220B78} - (no file) ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-05 12:59:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-07-05 13:02:41 ComboFix-quarantined-files.txt 2008-07-05 19:01:36 ComboFix2.txt 2008-07-05 18:00:36 ComboFix3.txt 2007-10-24 03:04:25 Pre-Run: 26,454,302,720 bytes free Post-Run: 26,445,152,256 bytes free 188 --- E O F --- 2008-06-20 09:01:50