Tech Support Forum - View Single Post

krosia · 08-11-2008, 05:15 PM

ComboFix 08-08-10.06 - Owner 2008-08-11 18:57:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1618 [GMT -4:00]
Running from: C:\Documents and Settings\Owner.Glenn\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner.Glenn\Application Data\macromedia\Flash Player\#SharedObjects\2LTK3NTM\interclick.com
C:\Documents and Settings\Owner.Glenn\Application Data\macromedia\Flash Player\#SharedObjects\2LTK3NTM\interclick.com\ud.sol
C:\Documents and Settings\Owner.Glenn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner.Glenn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Owner.Glenn\Application Data\Microsoft\dtsc
C:\Documents and Settings\Owner.Glenn\Application Data\Microsoft\dtsc\29970.exe
C:\Documents and Settings\Owner.Glenn\Application Data\rhc57mj0e33r
C:\WINDOWS\system32\blphc17mj0e33r.scr
C:\WINDOWS\system32\lphc17mj0e33r.exe
C:\WINDOWS\system32\phc17mj0e33r.bmp
C:\WINDOWS\system32\pphc17mj0e33r.exe
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat

.
((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.

2008-08-03 17:40 . 2008-08-03 17:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-21 16:05 . 2008-07-21 16:22 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 16:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 21:31 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-03 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-07-15 17:24 --------- d-----w C:\Program Files\World of Warcraft
2008-07-11 06:56 --------- d-----w C:\Program Files\Google
2008-07-08 16:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-08 16:16 --------- d-----w C:\Documents and Settings\Owner.Glenn\Application Data\AdobeUM
2008-07-02 16:52 --------- d-----w C:\Documents and Settings\Owner.Glenn\Application Data\.ABC
2008-06-26 15:29 --------- d-----w C:\Program Files\DivX
2008-06-26 15:25 --------- d-----w C:\Program Files\BearShare
2008-06-22 16:27 --------- d-----w C:\Program Files\Picasa2
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-03 01:56 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-25 18:48 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-05-25 18:48 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-05-25 18:48 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-05-25 17:48 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-05-25 17:48 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2005-02-25 20:24 966656]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 01:42 212992]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 21:44 139264]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 19:16 1121792]
"HostManager"="C:\Program Files\Common Files\AOL\1188627185\EE\AOLHostManager.exe" [2004-11-03 17:03 125528]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2007-09-01 02:05:12 2168360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1188627185\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\My Backup -- 07-08-31 1035PM\\Program Files\\Steam\\steamapps\\fireflycss\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Flagship Studios\\Mythos\\bin\\Mythos.exe"=
"C:\\My Backup -- 07-08-31 1035PM\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\My Backup -- 07-08-31 1035PM\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Owner.Glenn\\Desktop\\Steam\\steamapps\\fireflycss\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\My Backup -- 07-08-31 1035PM\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-04-12 06:46]
S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2857270-7ce4-11dc-9b94-0015583e1376}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-ares - C:\Documents and Settings\Owner.Glenn\Desktop\Ares\Ares.exe
HKLM-Run-VSOCheckTask - C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
HKLM-Run-VirusScan Online - c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
HKLM-Run-OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe
HKLM-Run-MSKAGENTEXE - C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
HKLM-Run-MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
HKLM-Run-MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
HKLM-Run-MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe
HKLM-Run-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
HKLM-Run-BearShare - C:\Program Files\BearShare\BearShare.exe
HKLM-Run-AOL Spyware Protection - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner.Glenn\Application Data\Mozilla\Firefox\Profiles\ttyysiv4.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 19:00:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\tdssserv]

.
Completion time: 2008-08-11 19

15
ComboFix-quarantined-files.txt 2008-08-11 23

13

Pre-Run: 214,266,269,696 bytes free
Post-Run: 214,251,925,504 bytes free

164 --- E O F --- 2008-07-10 07:01:12

08-11-2008, 05:15 PM	#9 (permalink)
krosia Registered User Join Date: Apr 2008 Posts: 18 OS: Windows XP	Re: Blue Screen of Death! ComboFix 08-08-10.06 - Owner 2008-08-11 18:57:22.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1618 [GMT -4:00] Running from: C:\Documents and Settings\Owner.Glenn\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Owner.Glenn\Application Data\macromedia\Flash Player\#SharedObjects\2LTK3NTM\interclick.com C:\Documents and Settings\Owner.Glenn\Application Data\macromedia\Flash Player\#SharedObjects\2LTK3NTM\interclick.com\ud.sol C:\Documents and Settings\Owner.Glenn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Owner.Glenn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Owner.Glenn\Application Data\Microsoft\dtsc C:\Documents and Settings\Owner.Glenn\Application Data\Microsoft\dtsc\29970.exe C:\Documents and Settings\Owner.Glenn\Application Data\rhc57mj0e33r C:\WINDOWS\system32\blphc17mj0e33r.scr C:\WINDOWS\system32\lphc17mj0e33r.exe C:\WINDOWS\system32\phc17mj0e33r.bmp C:\WINDOWS\system32\pphc17mj0e33r.exe C:\WINDOWS\system32\tdssadw.dll C:\WINDOWS\system32\tdssinit.dll C:\WINDOWS\system32\tdssl.dll C:\WINDOWS\system32\tdssmain.dll C:\WINDOWS\system32\tdssservers.dat . ((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 ))))))))))))))))))))))))))))))) . 2008-08-03 17:40 . 2008-08-03 17:40 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-21 16:05 . 2008-07-21 16:22 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-04 16:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-03 21:31 --------- d-----w C:\Program Files\Common Files\AOL 2008-08-03 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-07-15 17:24 --------- d-----w C:\Program Files\World of Warcraft 2008-07-11 06:56 --------- d-----w C:\Program Files\Google 2008-07-08 16:17 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-08 16:16 --------- d-----w C:\Documents and Settings\Owner.Glenn\Application Data\AdobeUM 2008-07-02 16:52 --------- d-----w C:\Documents and Settings\Owner.Glenn\Application Data\.ABC 2008-06-26 15:29 --------- d-----w C:\Program Files\DivX 2008-06-26 15:25 --------- d-----w C:\Program Files\BearShare 2008-06-22 16:27 --------- d-----w C:\Program Files\Picasa2 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-03 01:56 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-05-25 18:48 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-05-25 18:48 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-05-25 18:48 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-05-25 17:48 94,208 ----a-w C:\WINDOWS\DIIUnin.exe 2008-05-25 17:48 2,829 ----a-w C:\WINDOWS\DIIUnin.pif 2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2005-02-25 20:24 966656] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 01:42 212992] "readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 21:44 139264] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 19:16 1121792] "HostManager"="C:\Program Files\Common Files\AOL\1188627185\EE\AOLHostManager.exe" [2004-11-03 17:03 125528] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe] "nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2007-09-01 02:05:12 2168360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\America Online 9.0\\waol.exe"= "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "C:\\Program Files\\Common Files\\AOL\\1188627185\\EE\\AOLServiceHost.exe"= "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\Program Files\\Starcraft\\StarCraft.exe"= "C:\\My Backup -- 07-08-31 1035PM\\Program Files\\Steam\\steamapps\\fireflycss\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Flagship Studios\\Mythos\\bin\\Mythos.exe"= "C:\\My Backup -- 07-08-31 1035PM\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\My Backup -- 07-08-31 1035PM\\Program Files\\iTunes\\iTunes.exe"= "C:\\Documents and Settings\\Owner.Glenn\\Desktop\\Steam\\steamapps\\fireflycss\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\ABC\\abc.exe"= "C:\\My Backup -- 07-08-31 1035PM\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39] R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56] R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-04-12 06:46] S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys [] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2857270-7ce4-11dc-9b94-0015583e1376}] \Shell\AutoRun\command - K:\LaunchU3.exe -a Newly Created Service - CATCHME . - - - - ORPHANS REMOVED - - - - HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKCU-Run-ares - C:\Documents and Settings\Owner.Glenn\Desktop\Ares\Ares.exe HKLM-Run-VSOCheckTask - C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe HKLM-Run-VirusScan Online - c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe HKLM-Run-OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe HKLM-Run-MSKAGENTEXE - C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe HKLM-Run-MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe HKLM-Run-MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\McUpdate.exe HKLM-Run-MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe HKLM-Run-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe HKLM-Run-BearShare - C:\Program Files\BearShare\BearShare.exe HKLM-Run-AOL Spyware Protection - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Owner.Glenn\Application Data\Mozilla\Firefox\Profiles\ttyysiv4.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-11 19:00:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\tdssserv] . Completion time: 2008-08-11 1915 ComboFix-quarantined-files.txt 2008-08-11 2313 Pre-Run: 214,266,269,696 bytes free Post-Run: 214,251,925,504 bytes free 164 --- E O F --- 2008-07-10 07:01:12