ComboFix 08-12-28.04 - Administrator 2008-12-29 10:34:14.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.624 [GMT -8:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Macrogaming c:\program files\Macrogaming\SweetIM\conf\users\lucas_van_woerden@hotmail.com\emoticons_shortcut.xml c:\program files\Macrogaming\SweetIM\conf\users\lucas_van_woerden@hotmail.com\lastuse_Emoticons.xml c:\program files\Macrogaming\SweetIM\conf\users\lucas_van_woerden@hotmail.com\user_config.xml c:\program files\Macrogaming\SweetIM\conf\users\main_user_config.xml c:\program files\Macrogaming\SweetIM\data\contentdb\[u]0[/u]002005C.dat c:\program files\Macrogaming\SweetIM\data\contentdb\[u]0[/u]0020069.dat c:\program files\Macrogaming\SweetIM\data\contentdb\[u]0[/u]002006B.dat c:\program files\Macrogaming\SweetIM\data\contentdb\[u]0[/u]002006E.dat c:\program files\Macrogaming\SweetIM\data\contentdb\[u]0[/u]0020072.dat c:\program files\Macrogaming\SweetIM\data\contentdb\[u]0[/u]0020073.dat c:\program files\Macrogaming\SweetIM\data\contentdb\[u]0[/u]0020075.dat c:\program files\Macrogaming\SweetIM\data\contentdb\[u]0[/u]002007D.dat c:\program files\Macrogaming\SweetIM\data\contentdb\[u]0[/u]002007F.dat c:\program files\Macrogaming\SweetIM\data\contentdb\[u]0[/u]00200B8.dat c:\program files\Macrogaming\SweetIM\data\contentdb\[u]0[/u]00200BB.dat c:\program files\Macrogaming\SweetIM\data\contentdb\[u]0[/u]002010E.dat c:\program files\Macrogaming\SweetIM\data\contentdb\[u]0[/u]0020110.dat c:\program files\Macrogaming\SweetIM\data\contentdb\[u]0[/u]002011B.dat c:\program files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat c:\program files\Macrogaming\SweetIM\update\lastversioninfo.xml . ((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 ))))))))))))))))))))))))))))))) . 2008-12-29 09:48 . 2008-12-29 09:48 d-------- c:\documents and settings\LocalService\Application Data\SACore 2008-12-29 09:45 . 2008-12-29 09:45 d-------- c:\windows\LastGood 2008-12-29 01:24 . 2008-12-29 01:42 d-------- c:\windows\system32\CatRoot_bak 2008-12-28 15:35 . 2008-12-28 15:35 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-28 15:35 . 2008-12-28 15:35 d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2008-12-28 15:35 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-28 15:35 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-27 15:40 . 2008-12-29 00:30 d-------- c:\program files\Spyware Doctor 2008-12-27 15:40 . 2008-12-27 15:40 d-------- c:\documents and settings\Administrator\Application Data\PC Tools 2008-12-27 15:40 . 2008-12-27 15:43 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2008-12-27 15:40 . 2008-12-27 15:43 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2008-12-27 15:40 . 2008-12-27 15:43 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2008-12-27 15:40 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2008-12-27 15:39 . 2008-12-29 09:55 d-------- c:\documents and settings\All Users\Application Data\Google Updater 2008-12-27 15:16 . 2008-12-29 00:58 d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-12-27 06:49 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll 2008-12-27 03:34 . 2008-12-29 09:45 10,489 --a------ c:\windows\system32\Config.MPF 2008-12-27 03:33 . 2008-12-28 03:30 d-------- c:\program files\SiteAdvisor 2008-12-27 03:33 . 2008-12-27 03:33 d-------- c:\documents and settings\LocalService\Application Data\SiteAdvisor 2008-12-27 03:33 . 2008-12-27 03:33 d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor 2008-12-27 03:33 . 2008-12-29 09:52 d-------- c:\documents and settings\Administrator\Application Data\SiteAdvisor 2008-12-27 03:32 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys 2008-12-27 03:32 . 2007-07-13 09:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys 2008-12-27 03:32 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys 2008-12-27 03:32 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys 2008-12-27 03:32 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys 2008-12-27 03:32 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys 2008-12-27 03:31 . 2008-12-27 03:31 d-------- c:\program files\McAfee.com 2008-12-27 03:31 . 2008-12-27 03:32 d-------- c:\program files\Common Files\McAfee 2008-12-27 03:21 . 2008-12-29 09:46 d-------- c:\documents and settings\All Users\Application Data\McAfee 2008-12-26 08:52 . 2008-12-27 02:42 d-------- c:\documents and settings\All Users\Application Data\Hitman Pro 3 2008-12-23 17:21 . 2008-12-29 09:47 d-------- c:\temp\google 2008-12-23 17:21 . 2008-12-23 17:21 d-------- C:\temp 2008-12-23 13:15 . 2008-12-29 09:46 d-------- c:\program files\McAfee 2008-12-23 13:14 . 2008-12-23 13:14 d-------- c:\program files\McAfee VirusScan Retail Setup Files 2008-12-22 21:46 . 2008-12-22 21:56 d-------- c:\documents and settings\All Users\Application Data\Hitman Pro 2008-12-08 17:49 . 2008-12-08 17:50 d-------- c:\documents and settings\Administrator\Application Data\Belastingdienst 2008-12-04 06:28 . 2004-09-14 12:55 88,960 --a------ c:\windows\system32\drivers\MidiSyn.sys 2008-12-04 06:27 . 2008-12-04 06:27 d-------- c:\windows\VirtualEar 2008-12-04 06:27 . 2008-12-04 06:27 d-------- c:\program files\Analog Devices 2008-12-04 06:27 . 2001-09-11 14:20 1,285,632 --a------ c:\windows\system32\SMMedia.dll 2008-12-04 06:27 . 2001-09-19 12:47 765,952 --a------ c:\windows\system\crlds3d.dll 2008-12-04 06:27 . 2005-03-01 12:01 392,704 --a------ c:\windows\system32\drivers\senfilt.sys 2008-12-04 06:27 . 2005-03-28 09:19 220,992 --a------ c:\windows\system32\drivers\smwdm.sys 2008-12-04 06:27 . 2005-03-04 19:53 127,872 --a------ c:\windows\system32\drivers\aeaudio.sys 2008-12-04 06:27 . 2003-08-19 18:36 65,536 --a------ c:\windows\system32\Audio3d.dll 2008-12-04 06:27 . 2004-12-08 16:16 49,152 --a------ c:\windows\system32\DSndUp.exe 2008-12-04 06:27 . 2002-04-17 14:05 45,056 --a------ c:\windows\system32\CleanUp.exe 2008-12-04 06:27 . 2001-09-11 14:20 30,208 --a------ c:\windows\system32\wdmioctl.dll 2008-12-04 06:11 . 2005-04-30 04:30 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-29 17:54 --------- d-----w c:\program files\Common Files\Adobe 2008-12-27 23:39 --------- d-----w c:\program files\Google 2008-12-27 11:30 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-12-27 11:30 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-12-27 11:23 --------- d-----w c:\documents and settings\Administrator\Application Data\Symantec 2008-12-19 23:24 96,256 ----a-w c:\windows\system32\drivers\sptd8205.sys 2008-12-09 00:14 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-08 05:13 --------- d-----w c:\documents and settings\Administrator\Application Data\Canon 2008-12-04 14:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Corporation 2008-11-07 15:17 --------- d-----w c:\program files\Real 2008-11-07 15:17 --------- d-----w c:\program files\Common Files\Real 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll 2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((( snapshot@2008-12-29_ 0.46.37,25 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-29 17:55:23 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1043-7B44-A81200000003}\SC_Reader.exe - 2008-12-29 08:17:21 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-12-29 17:52:35 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-12-29 08:17:21 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-12-29 17:52:35 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-12-29 08:17:21 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-12-29 17:52:35 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "atwtusb"="atwtusb.exe" [2005-03-09 c:\windows\system32\atwtusb.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-14 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "e:\dvdreg~1\DVDShell.dll" [2004-10-09 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "vidc.xvid"= xvid.dll "msacm.divxa32"= DivXa32.acm [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Folding@Home 5.03.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Folding@Home 5.03.lnk backup=c:\windows\pss\Folding@Home 5.03.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^TimeLeft.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\TimeLeft.lnk backup=c:\windows\pss\TimeLeft.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk backup=c:\windows\pss\Device Detector 2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=c:\windows\pss\Google Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchpad.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Launchpad.lnk backup=c:\windows\pss\Launchpad.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a--c--- 2006-01-02 16:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a--c--- 2003-12-12 11:31 335872 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Click2Share] --a--c--- 2002-11-13 14:53 65536 c:\program files\Sitecom\C2SLoad.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --a------ 2005-05-19 05:47 57344 e:\clonecd\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2006-11-13 17:34 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hercules 3DTweaker 3.0] --a--c--- 2003-03-17 11:56 253952 c:\program files\Hercules\Video\Hercules 3DTweaker 3.0 LE (Build 25)\H3DTweaker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 12:10 267048 F:\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2006-05-18 10:29 49152 e:\language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 08:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder] --a------ 2003-07-07 09:29 729088 e:\eregeng\Ereg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 11:00 49152 E:\opwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2006-06-15 12:36 229376 e:\pcsuite\NOKIAP~1\LAUNCH~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2006-03-17 18:24 184320 e:\poweriso\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2005-12-07 21:57 30208 E:\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-09-23 12:41 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 09:11 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2005-08-26 18:14 36975 c:\program files\Java\jre1.5.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "e:\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "e:\\BorgIRC 2\\mirc.exe"= "c:\\Program Files\\Sitecom\\C2SLoad.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "e:\\\\FlashFXP.exe"= "f:\\iTunes.exe"= "c:\\WINDOWS\\system32\\ati2evxx.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\SiteAdvisor\\6172\\SiteAdv.exe"= "c:\\Program Files\\Analog Devices\\SoundMAX\\SMax4.exe"= "c:\\Program Files\\McAfee\\MSC\\mcupdmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 GI_PCI;GI_PCI;c:\windows\system32\drivers\GI_PCI.sys [2005-11-03 4751] R2 C2Share;C2Share;c:\program files\Sitecom\IFR_Share.exe [2006-08-03 278528] R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2006-11-06 2368] R2 sw848b;sw848b;c:\windows\system32\drivers\sw848b.sys [2007-09-24 29760] R2 sw878b;sw878b;c:\windows\system32\drivers\sw878b.sys [2007-09-24 10148] R3 FASTNIC;Sitecom PCI Fast 10/100 Ethernet Adapter LN-020;c:\windows\system32\DRIVERS\FASTNIC.sys [2006-08-03 38528] S1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [2008-11-13 22272] S2 0294281230572831mcinstcleanup;McAfee Application Installer Cleanup (0294281230572831);c:\windows\TEMP\[u]0[/u]29428~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-12-29 203280] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys [] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-27 356920] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - i:\autorun\autorun.exe *Newly Created Service* - MCAFEE_SITEADVISOR_SERVICE [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{55E11AA4-AE14-2BA1-1AC1-BE242A1E04EC}] c:\windows\system32\msortd.exe . Contents of the 'Scheduled Tasks' folder 2008-12-29 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-27 15:39] 2008-12-27 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-12-27 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.msn.nl/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - e:\easy-webprint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - e:\easy-webprint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - e:\easy-webprint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - e:\easy-webprint\Toolband.dll/RC_Print.html IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: {09C3BE24-CC0A-4A6B-BB68-DCF76CFC4769} = 83.98.255.11,83.98.255.20 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2mrh62k1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.doelgroeptenv.nl/forum/ FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: c:\program files\SiteAdvisor\6172\FF\components\FFHook.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll FF - plugin: e:\divx\DivX Content Uploader\npUpload.dll FF - plugin: e:\divx\DivX Web Player\npdivx32.dll FF - plugin: e:\picasa2\npPicasa2.dll FF - plugin: f:\mozilla plugins\npitunes.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-29 10:35:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\Ati2evxx.dll . Completion time: 2008-12-29 10:37:01 ComboFix-quarantined-files.txt 2008-12-29 18:36:39 ComboFix2.txt 2008-12-29 09:11:21 ComboFix3.txt 2008-12-29 08:47:28 Pre-Run: 327,720,960 bytes free Post-Run: 316,735,488 bytes free 321 --- E O F --- 2008-12-20 22:46:29