Tech Support Forum - View Single Post

turntablist · 08-08-2007, 04:07 PM

thanks for your help in advance... here is the combofix log...

ComboFix 07-08-09 - "Jason" 2007-08-08 17:57:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2873 [GMT -4:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\akjnegmv.exe
C:\WINDOWS\system32\awidlnpm.exe
C:\WINDOWS\system32\eghugvbb.dll
C:\WINDOWS\system32\fkemhnot.ini
C:\WINDOWS\system32\mnnpxlla.exe
C:\WINDOWS\system32\qffuyots.dll
C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.bak2
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\stoyuffq.ini
C:\WINDOWS\system32\tonhmekf.dll
C:\WINDOWS\system32\urqnnli.dll
C:\WINDOWS\system32\ushnqjyw.exe
C:\WINDOWS\system32\vbkhxidy.exe

((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))

2007-08-08 17:56 70,208 --a------ C:\WINDOWS\system32\ahrfmuru.dll
2007-08-08 17:53 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 17:53 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-08-07 18:44 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-07 18:44 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-07 18:32 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-07 18:26 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-07 18:19 70,208 --a------ C:\WINDOWS\system32\sikdivwr.dll
2007-08-06 18:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-05 21:06 <DIR> d-------- C:\Program Files\Ace Utilities
2007-08-05 15:02 <DIR> d-------- C:\WINDOWS\pss
2007-08-05 03:18 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-08-05 03:18 <DIR> d-------- C:\Program Files\FriendBlasterPro
2007-07-29 12:03 <DIR> d-------- C:\Program Files\mIRC
2007-07-29 11:59 <DIR> d-------- C:\Program Files\mresreg
2007-07-29 11:59 <DIR> d-------- C:\Program Files\MailFinder
2007-07-29 11:38 <DIR> d-------- C:\Program Files\Jvw Filter email
2007-07-25 23:13 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-07-25 23:13 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-25 23:13 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-07-25 23:13 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-07-25 23:13 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-07-25 23:13 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2007-07-25 23:13 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2007-07-25 23:13 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-07-25 23:13 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-07-25 23:13 217,073 --a------ C:\WINDOWS\meta4.exe
2007-07-25 23:13 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-07-25 22:12 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-07-25 22:12 <DIR> d-------- C:\WINDOWS\system32\RMBin
2007-07-25 22:12 <DIR> d-------- C:\Program Files\Apex
2007-07-25 22:03 <DIR> d-------- C:\Program Files\Any Video Converter
2007-07-17 22:09 <DIR> d-------- C:\Program Files\BuddyList Ops

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 18:33 --------- d-------- C:\Program Files\FlashFXP
2007-08-07 18:32 --------- d-------- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2007-08-05 20:34 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\Azureus
2007-08-04 17:25 --------- d-------- C:\Program Files\iTunes
2007-07-19 07:20 --------- d-------- C:\Program Files\Soulseek
2007-07-15 09:40 --------- d-------- C:\Program Files\Azureus
2007-06-17 22:15 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\Viewpoint
2007-06-17 15:18 --------- d-------- C:\Program Files\AIM6
2007-06-13 23:12 --------- d-------- C:\Program Files\Belarc
2007-05-16 11:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-10 16:30]
"nwiz"="nwiz.exe" [2006-03-10 16:30 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-10 16:30]
"SigmatelSysTrayApp"="sttray.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Jason\Start Menu\Programs\Startup\
start.exe [2007-06-26 10:57:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaPortal]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys
R2 WMP54GSSVC;WMP54GSSVC;"C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe"
R3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
R3 BlueletSCOAudio;Bluetooth SCO Audio Service;C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
R3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys
R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA;C:\WINDOWS\system32\drivers\sfng32.sys
R3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys
R3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys
R3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys
S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys
S3 c34nb4c5;c34nb4c5;\??\C:\DOCUME~1\Jason\LOCALS~1\Temp\96QmL
S3 ENUM1394;%1394\031887&040892.DeviceDesc%;C:\WINDOWS\system32\DRIVERS\enum1394.sys
S3 HidIr;Microsoft Infrared HID Driver;C:\WINDOWS\system32\DRIVERS\hidir.sys
S3 IrBus;Infrared bus filter driver for eHome remote controls;C:\WINDOWS\system32\DRIVERS\IrBus.sys
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\mxnic.sys

*Newly Created Service* - GTNDIS5

Contents of the 'Scheduled Tasks' folder
2007-08-06 17:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 18:04:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-08 18:05:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-08 18:05

--- E O F ---

08-08-2007, 04:07 PM	#3 (permalink)
turntablist Registered User Join Date: Aug 2007 Posts: 14 OS: xp	Re: Win AntiVirus Spyware 2007 thanks for your help in advance... here is the combofix log... ComboFix 07-08-09 - "Jason" 2007-08-08 17:57:54.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2873 [GMT -4:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\akjnegmv.exe C:\WINDOWS\system32\awidlnpm.exe C:\WINDOWS\system32\eghugvbb.dll C:\WINDOWS\system32\fkemhnot.ini C:\WINDOWS\system32\mnnpxlla.exe C:\WINDOWS\system32\qffuyots.dll C:\WINDOWS\system32\qrqss.bak1 C:\WINDOWS\system32\qrqss.bak2 C:\WINDOWS\system32\qrqss.ini C:\WINDOWS\system32\ssqrq.dll C:\WINDOWS\system32\stoyuffq.ini C:\WINDOWS\system32\tonhmekf.dll C:\WINDOWS\system32\urqnnli.dll C:\WINDOWS\system32\ushnqjyw.exe C:\WINDOWS\system32\vbkhxidy.exe ((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 ))))))))))))))))))))))))))))))) 2007-08-08 17:56 70,208 --a------ C:\WINDOWS\system32\ahrfmuru.dll 2007-08-08 17:53 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-08 17:53 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2007-08-07 18:44 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2007-08-07 18:44 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-08-07 18:32 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-07 18:26 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-07 18:19 70,208 --a------ C:\WINDOWS\system32\sikdivwr.dll 2007-08-06 18:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-08-05 21:06 <DIR> d-------- C:\Program Files\Ace Utilities 2007-08-05 15:02 <DIR> d-------- C:\WINDOWS\pss 2007-08-05 03:18 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL 2007-08-05 03:18 <DIR> d-------- C:\Program Files\FriendBlasterPro 2007-07-29 12:03 <DIR> d-------- C:\Program Files\mIRC 2007-07-29 11:59 <DIR> d-------- C:\Program Files\mresreg 2007-07-29 11:59 <DIR> d-------- C:\Program Files\MailFinder 2007-07-29 11:38 <DIR> d-------- C:\Program Files\Jvw Filter email 2007-07-25 23:13 719,872 --a------ C:\WINDOWS\system32\devil.dll 2007-07-25 23:13 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-07-25 23:13 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll 2007-07-25 23:13 66,560 --a------ C:\WINDOWS\MOTA113.exe 2007-07-25 23:13 502,784 --a------ C:\WINDOWS\x2.64.exe 2007-07-25 23:13 394,240 --a------ C:\WINDOWS\system32\Smab.dll 2007-07-25 23:13 318,976 --a------ C:\WINDOWS\system32\avisynth.dll 2007-07-25 23:13 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll 2007-07-25 23:13 240,128 --a------ C:\WINDOWS\system32\x.264.exe 2007-07-25 23:13 217,073 --a------ C:\WINDOWS\meta4.exe 2007-07-25 23:13 <DIR> d-------- C:\Program Files\AviSynth 2.5 2007-07-25 22:12 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll 2007-07-25 22:12 <DIR> d-------- C:\WINDOWS\system32\RMBin 2007-07-25 22:12 <DIR> d-------- C:\Program Files\Apex 2007-07-25 22:03 <DIR> d-------- C:\Program Files\Any Video Converter 2007-07-17 22:09 <DIR> d-------- C:\Program Files\BuddyList Ops (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-07 18:33 --------- d-------- C:\Program Files\FlashFXP 2007-08-07 18:32 --------- d-------- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster 2007-08-05 20:34 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\Azureus 2007-08-04 17:25 --------- d-------- C:\Program Files\iTunes 2007-07-19 07:20 --------- d-------- C:\Program Files\Soulseek 2007-07-15 09:40 --------- d-------- C:\Program Files\Azureus 2007-06-17 22:15 --------- d-------- C:\DOCUME~1\Jason\APPLIC~1\Viewpoint 2007-06-17 15:18 --------- d-------- C:\Program Files\AIM6 2007-06-13 23:12 --------- d-------- C:\Program Files\Belarc 2007-05-16 11:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 11:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 11:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 11:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 11:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-10 16:30] "nwiz"="nwiz.exe" [2006-03-10 16:30 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-10 16:30] "SigmatelSysTrayApp"="sttray.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Documents and Settings\Jason\Start Menu\Programs\Startup\ start.exe [2007-06-26 10:57:28] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaPortal] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys R2 WMP54GSSVC;WMP54GSSVC;"C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe" R3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys R3 BlueletSCOAudio;Bluetooth SCO Audio Service;C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys R3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys R3 sfng32;Sonic Focus Plugin for Sigmatel HDA;C:\WINDOWS\system32\drivers\sfng32.sys R3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys R3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys R3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys S3 c34nb4c5;c34nb4c5;\??\C:\DOCUME~1\Jason\LOCALS~1\Temp\96QmL S3 ENUM1394;%1394\031887&040892.DeviceDesc%;C:\WINDOWS\system32\DRIVERS\enum1394.sys S3 HidIr;Microsoft Infrared HID Driver;C:\WINDOWS\system32\DRIVERS\hidir.sys S3 IrBus;Infrared bus filter driver for eHome remote controls;C:\WINDOWS\system32\DRIVERS\IrBus.sys S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\mxnic.sys Newly Created Service - GTNDIS5 Contents of the 'Scheduled Tasks' folder 2007-08-06 17:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-08 18:04:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-08 18:05:42 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-08 18:05 --- E O F ---