ComboFix 08-11-02.05 - Tha Mouse 2008-11-03 20:07:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2604 [GMT 1:00] Running from: c:\documents and settings\Tha Mouse\Desktop\ComboFix.exe * Created a new restore point [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ldyswytk.ini . ((((((((((((((((((((((((( Files Created from 2008-10-03 to 2008-11-03 ))))))))))))))))))))))))))))))) . 2008-11-03 19:46 . 2008-11-03 19:46 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-03 19:46 . 2008-11-03 19:46 d-------- c:\documents and settings\Tha Mouse\Application Data\Malwarebytes 2008-11-03 19:46 . 2008-11-03 19:46 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-03 19:46 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-03 19:46 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-02 13:27 . 2008-11-02 13:27 268 --ah----- C:\sqmdata02.sqm 2008-11-02 13:27 . 2008-11-02 13:27 244 --ah----- C:\sqmnoopt02.sqm 2008-11-02 13:15 . 2008-11-02 13:15 268 --ah----- C:\sqmdata01.sqm 2008-11-02 13:15 . 2008-11-02 13:15 244 --ah----- C:\sqmnoopt01.sqm 2008-10-31 16:28 . 2008-10-31 16:29 d-------- c:\windows\system32\Adobe 2008-10-25 10:01 . 2008-10-25 10:01 d-------- c:\program files\Boilsoft Video Splitter 2008-10-24 10:52 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-16 17:05 . 2008-10-16 17:05 268 --ah----- C:\sqmdata00.sqm 2008-10-16 17:05 . 2008-10-16 17:05 244 --ah----- C:\sqmnoopt00.sqm 2008-10-16 16:28 . 2008-10-16 16:28 d-------- c:\program files\iTunes 2008-10-16 16:28 . 2008-10-16 16:28 d-------- c:\program files\iPod 2008-10-16 16:28 . 2008-10-16 16:28 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-15 17:13 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-15 17:13 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-15 17:13 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-15 17:13 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-15 17:08 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-15 17:05 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-11 19:15 . 2008-10-11 19:15 d-------- c:\program files\Vizky 2008-10-11 19:15 . 2008-10-11 19:16 d-------- c:\documents and settings\All Users\Application Data\VIZ_MPS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-03 18:52 --------- d-----w c:\documents and settings\Tha Mouse\Application Data\uTorrent 2008-11-02 12:10 --------- d-----w c:\program files\Steam 2008-10-24 18:24 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-11 16:21 --------- d-----w c:\documents and settings\Tha Mouse\Application Data\Skype 2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys 2008-09-29 20:06 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-09-29 20:06 --------- d-----w c:\program files\AGEIA Technologies 2008-09-29 19:46 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-09-29 19:27 --------- dc-h--w c:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} 2008-09-29 17:42 2,010 ----a-w c:\windows\system32\ealregsnapshot1.reg 2008-09-21 11:24 --------- d-----w c:\program files\Skype 2008-09-21 11:24 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-09-20 22:47 --------- d-----w c:\program files\UltraVNC 2008-09-20 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia 2008-09-20 13:56 --------- d-----w c:\program files\Bonjour 2008-09-20 09:29 --------- d-----w c:\program files\HWMonitor_111 2008-09-20 09:09 --------- d-----w c:\program files\SpeedFan 2008-09-18 18:24 --------- d-----w c:\program files\BPFTP Server 2008-09-16 19:27 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-12 21:47 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2008-09-12 21:47 --------- d-----w c:\program files\Windows Live 2008-09-12 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-09-12 21:31 --------- d-----w c:\program files\Mocha 2008-09-12 17:33 --------- d-----w c:\program files\Apple Software Update 2008-09-12 17:29 --------- d-----w c:\program files\QuickTime 2008-09-12 17:29 --------- d-----w c:\program files\Common Files\Apple 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-09-07 15:05 --------- d--h--w c:\program files\InstallShield Installation Information 2008-09-07 14:42 --------- d-----w c:\documents and settings\Tha Mouse\Application Data\TeraCopy 2008-09-04 07:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe 2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-08-29 06:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll 2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll 2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe 2008-06-14 10:33 22,328 ----a-w c:\documents and settings\Tha Mouse\Application Data\PnkBstrK.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-11-17 171464] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-11-27 1582616] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016] c:\documents and settings\Tha Mouse\Start Menu\Programs\Startup\ DUMeter.lnk - c:\program files\DU Meter\DUMeter.exe [2007-12-01 1582616] No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [2008-01-30 1079296] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=hdbonj.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.LEAD"= LCODCCMP2.DLL [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3] --a------ 2004-09-05 17:20 380928 c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-16 17:02 1410296 c:\program files\Steam\steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-09-17 08:55 1657376 c:\windows\system32\nwiz.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "f:\\Unreal3\\Binaries\\UT3Demo.exe"= "C:1\\Soldier Of Fortune 3\\sof3.exe"= "C:1\\Gears Of War\\Binaries\\WarGame-G4WLive.exe"= "c:\\Program Files\\BPFTP Server\\G6FTPSrv.exe"= "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "C:2\\CallOfDuty4\\iw3mp.exe"= "C:2\\Gears Of War\\Binaries\\WarGame-G4WLive.exe"= "f:\\Crysis\\Bin32\\Crysis.exe"= "f:\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\UltraVNC\\vncviewer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 R0 2310_00;2310_00;c:\windows\system32\DRIVERS\2310_00.sys [2007-10-23 119808] R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2008-08-30 1519168] S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [2008-02-11 151552] S3 PciCon;PciCon;D:\PciCon.sys [ ] S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:\windows\system32\DRIVERS\yk51lagg.sys [ ] S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:\windows\system32\DRIVERS\skvlan.sys [2006-05-17 19328] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-10-01 32000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b5f6142-9520-11dc-baed-806d6172696f}] \Shell\AutoRun\command - F:\setup.exe *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-e0ef51c7 - c:\windows\system32\cqhoppxa.dll . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Tha Mouse\Application Data\Mozilla\Firefox\Profiles\cy2lo2ko.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\program files\Vizky\npVizky.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-03 20:08:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-03 20:09:06 ComboFix-quarantined-files.txt 2008-11-03 19:08:56 Pre-Run: 25 305 911 296 bytes free Post-Run: 25,613,840,384 bytes free 184 --- E O F --- 2008-10-24 17:42:10