ComboFix 08-06-12.2 - Paul 2008-06-14 23:24:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.190 [GMT 1:00]
Running from: C:\Documents and Settings\Paul\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Paul\Application Data\inst.exe
C:\Documents and Settings\Paul\Application Data\macromedia\Flash Player\#SharedObjects\EMVSTBWY\
www.broadcaster.com
C:\Documents and Settings\Paul\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#
www.broadcaster.com
C:\Documents and Settings\Paul\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#
www.broadcaster.com\settings.sol
C:\Program Files\internet explorer\svchost.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.
2008-06-13 15:09 . 2008-06-13 15:13 <DIR> d-------- C:\Program Files\Opera
2008-06-13 14:43 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-13 14:40 . 2008-06-13 14:40 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-12 18:49 . 2008-06-12 18:49 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-06-11 22:41 . 2008-06-11 22:50 <DIR> d-------- C:\Program Files\Opera 9
2008-06-11 22:06 . 2008-06-11 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-11 22:02 . 2008-06-13 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-11 18:40 . 2008-06-11 18:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-11 00:38 . 2008-04-14 12:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:38 . 2008-04-14 12:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 07:14 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-06-09 07:14 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-06-09 07:12 . 2008-06-09 07:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-09 03:15 . 2008-06-09 03:15 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-09 03:15 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-06-02 19:46 . 2008-06-02 19:47 <DIR> d-------- C:\Documents and Settings\Paul\Shared
2008-05-15 15:41 . 2008-05-15 15:41 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-05-15 15:41 . 2007-08-18 07:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-05-15 15:23 . 2008-05-15 15:31 <DIR> d-------- C:\Program Files\LD-Anime
2008-05-15 15:16 . 2008-05-15 15:16 <DIR> d-------- C:\Program Files\DirectVobSub
2008-05-15 15:11 . 2008-05-15 15:11 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-14 15:41 . 2008-05-14 15:41 <DIR> d-------- C:\Program Files\VSO
2008-05-14 15:41 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-05-14 15:41 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-05-14 15:41 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-05-14 15:41 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-14 05:19 --------- d-----w C:\Documents and Settings\Paul\Application Data\uTorrent
2008-06-13 13:42 --------- d-----w C:\Program Files\Java
2008-06-12 19:55 --------- d-----w C:\Documents and Settings\Paul\Application Data\Apple Computer
2008-06-09 06:54 --------- d-----w C:\Program Files\themexp
2008-06-09 06:12 --------- d-----w C:\Program Files\ESET
2008-05-18 18:23 --------- d-----w C:\Documents and Settings\Paul\Application Data\Vso
2008-05-17 03:32 --------- d-----w C:\Documents and Settings\Paul\Application Data\ImgBurn
2008-05-15 19:22 --------- d-----w C:\Documents and Settings\Paul\Application Data\LimeWire
2008-05-14 14:41 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-14 14:41 47,360 ----a-w C:\Documents and Settings\Paul\Application Data\pcouffin.sys
2008-05-14 14:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-13 20:33 --------- d-----w C:\Program Files\Avi2Dvd
2008-05-13 20:31 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-13 19:11 --------- d-----w C:\Program Files\ImgBurn
2008-05-13 19:05 --------- d-----w C:\Program Files\FAVC
2008-05-13 19:03 --------- d-----w C:\Program Files\ImgBurn(2)
2008-05-13 19:03 --------- d-----w C:\Documents and Settings\Paul\Application Data\ImgBurn(2)
2008-05-13 19:03 --------- d-----w C:\Documents and Settings\Paul\Application Data\dvdcss
2008-05-12 06:16 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-12 06:16 --------- d-----w C:\Program Files\MSBuild
2008-05-12 06:15 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-12 05:02 --------- d-----w C:\Documents and Settings\Paul\Application Data\Media Player Classic
2008-05-09 18:33 --------- d-----w C:\Program Files\uTorrent
2008-05-09 18:33 --------- d-----w C:\Program Files\Google
2008-05-09 18:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 18:23 --------- d-----w C:\Program Files\CyberLink
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 08:37 --------- d-----w C:\Documents and Settings\Paul\Application Data\CyberLink
2008-04-30 21:14 --------- d-----w C:\Program Files\Common Files\Real
2008-04-30 21:12 --------- d-----w C:\Program Files\TVUPlayer
2008-04-30 20:57 --------- d-----w C:\Program Files\Real
2008-04-30 20:33 --------- d-----w C:\Documents and Settings\Paul\Application Data\TVU Networks
2008-04-30 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-21 22:26 --------- d-----w C:\Program Files\Apple Software Update
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-20 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-20 11:25 505,392 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-20 11:25 353,840 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-14 13:55 --------- d-----w C:\Program Files\iArtwork
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E06398E-3017-467B-A399-18425A20F655}]
2008-02-17 04:11 36864 --a------ C:\WINDOWS\winhost_app.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31 1372160]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-05 14:09 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04 114741]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 01:01 155648]
"VirusScan"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06 7311360]
"nwiz"="nwiz.exe" [2005-12-10 03:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06 86016]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47 57344]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 14:23 81920]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 12:06 62760]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-16 19:20 91432]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Enable Wireless Keyboard Driver.lnk - C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe [2007-05-26 15:35:12 184320]
Enable Wireless Optical Mouse Driver.lnk - C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe [2007-05-26 15:35:12 221184]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-05 14:09:00 124400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Wireless Device\\Wireless Keyboard\\Magickey.exe"=
"C:\\Program Files\\Wireless Device\\Wireless Mouse\\MouseAp.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23293:TCP"= 23293:TCP:BitLord
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26205:TCP"= 26205:TCP:BitLord
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\
000.fcl [2008-01-30 12:28]
S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Drivers\mtk.sys []
S3 tap0801;Smarthide TAP driver;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2007-09-01 14:24]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 19:22:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-14 23:27:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\
000.fcl"
.
Completion time: 2008-06-14 23:28:37
ComboFix-quarantined-files.txt 2008-06-14 22:28:14
Pre-Run: 8,869,752,832 bytes free
Post-Run: 23,571,427,328 bytes free
178 --- E O F --- 2008-06-14 02:01:37