Thread: Rootkit and Multiple problems
View Single Post
Old 06-25-2009, 06:10 PM   #6 (permalink)
brian14
Registered User
 
Join Date: Jun 2009
Posts: 9
OS: Win Xp SP2


Re: Rootkit and Multiple problems
Hi CatByte,

Here is the output from the VirSCAN.org FREE on-line scan service:

VirSCAN.org Scanned Report :
Scanned time : 2009/06/25 18:52:05 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : sys_drv.dat
File Size : 1004 byte
File Type : data
MD5 : a71242329585199b732ddbadc71fb17e
SHA1 : c98f76220b917520ec9e945e5bc5373d914d7bf6
Online report : http://virscan.org/report/3bb0309306...52bafd973.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.1 20090625155834 2009-06-25 2.69 -
AhnLab V3 2009.06.26.00 2009.06.26 2009-06-26 0.71 -
AntiVir 8.2.0.196 7.1.4.139 2009-06-25 0.40 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.12 -
Arcavir 2009 200906251650 2009-06-25 0.02 -
Authentium 5.1.1 200906251518 2009-06-25 1.18 -
AVAST! 4.7.4 090625-0 2009-06-25 0.00 -
AVG 8.5.286 270.12.92/2202 2009-06-26 3.43 -
BitDefender 7.81008.3544230 7.26178 2009-06-26 3.19 -
CA (VET) 9.0.0.143 31.6.6579 2009-06-26 6.86 -
ClamAV 0.95.1 9505 2009-06-25 0.00 -
Comodo 3.9 1421 2009-06-25 0.72 -
CP Secure 1.1.0.715 2009.06.25 2009-06-25 10.54 -
Dr.Web 4.44.0.9170 2009.06.25 2009-06-25 4.79 -
F-Prot 4.4.4.56 20090625 2009-06-25 1.15 -
F-Secure 5.51.6100 2009.06.25.15 2009-06-25 5.89 -
Fortinet 2.81-3.117 10.533 2009-06-25 0.14 -
GData 19.6068/19.376 20090626 2009-06-26 4.29 -
ViRobot 20090625 2009.06.25 2009-06-25 0.41 -
Ikarus T3.1.01.59 2009.06.25.72922 2009-06-25 3.38 -
JiangMin 11.0.800 2009.06.25 2009-06-25 3.24 -
Kaspersky 5.5.10 2009.06.25 2009-06-25 0.02 -
KingSoft 2009.2.5.15 2009.6.25.18 2009-06-25 0.45 -
McAfee 5.3.00 5657 2009-06-25 3.04 -
Microsoft 1.4803 2009.06.25 2009-06-25 5.43 -
mks_vir 2.01 2009.06.24 2009-06-24 3.23 -
Norman 6.01.09 6.01.00 2009-06-03 2.00 -
Panda 9.05.01 2009.06.25 2009-06-25 1.62 -
Trend Micro 8.700-1004 6.228.04 2009-06-25 0.02 -
Quick Heal 10.00 2009.06.25 2009-06-25 0.96 -
Rising 20.0 21.35.34.00 2009-06-25 0.32 -
Sophos 2.88.0 4.43 2009-06-26 2.44 -
Sunbelt 5210 5210 2009-06-25 0.82 -
Symantec 1.3.0.24 20090625.007 2009-06-25 0.21 -
nProtect 20090625.03 4443437 2009-06-25 5.52 -
The Hacker 6.3.4.3 v00354 2009-06-25 0.58 -
VBA32 3.12.10.7 20090624.1526 2009-06-24 1.88 -
VirusBuster 4.5.11.10 10.107.25/1673774 2009-06-25 2.02 -


The Next log ComboFix:

ComboFix 09-06-24.05 - Administrator 06/25/2009 19:01.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2756 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\19506874
c:\documents and settings\All Users\Application Data\99516866
c:\documents and settings\All Users\Application Data\19506874\19506874.glu
c:\documents and settings\All Users\Application Data\19506874\pc19506874cnf
c:\documents and settings\All Users\Application Data\19506874\pc19506874ins

.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-25 18:09 . 2009-06-25 18:09 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-25 17:38 . 2009-06-25 17:39 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-25 12:32 . 2009-06-25 12:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2009-06-24 03:11 . 2009-06-24 03:37 -------- d-----w- C:\HijackThis
2009-06-23 12:42 . 2009-06-23 12:42 0 ----a-w- c:\windows\system32\cd.dat
2009-06-21 04:54 . 2009-06-21 04:54 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2009-06-21 04:52 . 2009-06-21 04:54 -------- d-----w- C:\Inetpub
2009-06-21 03:17 . 2009-06-21 03:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-06-21 01:43 . 2009-06-21 01:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2009-06-21 01:29 . 2009-06-21 01:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-21 01:21 . 2009-06-21 01:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-21 01:21 . 2009-06-25 23:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2009-06-21 00:56 . 2009-06-21 16:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-20 04:06 . 2009-06-24 01:34 -------- d-----w- c:\program files\Hotspot Shield
2009-06-15 03:06 . 2008-07-10 07:49 50200 ----a-w- c:\windows\system32\perf-ReportServer-rsctr.dll
2009-06-15 03:05 . 2009-06-15 03:05 397664 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
2009-06-15 03:05 . 2009-06-15 03:05 397664 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
2009-06-15 03:03 . 2008-07-10 09:49 50200 ----a-w- c:\windows\system32\perf-SQLSERVERAGENT-sqlagtctr10.0.1600.22.dll
2009-06-15 03:03 . 2008-07-10 09:49 79896 ----a-w- c:\windows\system32\perf-MSSQLSERVER-sqlctr10.0.1600.22.dll
2009-06-15 02:58 . 2009-06-15 02:58 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-06-15 02:58 . 2009-06-15 03:00 121728 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-06-15 02:51 . 2009-06-15 02:51 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-06-15 02:49 . 2009-06-15 02:49 -------- d-----w- c:\program files\Microsoft SDKs
2009-06-15 02:48 . 2009-06-15 02:48 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-06-15 02:47 . 2009-06-15 02:47 -------- d-----w- c:\program files\Microsoft Analysis Services
2009-06-15 02:44 . 2009-06-15 02:44 -------- d-----w- c:\windows\system32\RsFx
2009-06-15 02:44 . 2009-06-15 02:44 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-15 02:42 . 2009-06-15 02:42 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-15 02:41 . 2009-06-15 02:55 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-06-14 22:11 . 2009-06-15 05:16 88016 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-14 22:11 . 2009-06-14 22:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-14 22:11 . 2009-06-14 22:11 -------- d-----w- c:\program files\Reference Assemblies
2009-06-14 22:10 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-14 22:10 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-14 22:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-14 22:10 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-14 22:10 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-14 22:10 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-14 22:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-14 22:10 . 2009-06-14 22:26 -------- d-----w- c:\windows\SxsCaPendDel
2009-06-14 22:07 . 2009-06-14 22:07 -------- d-----w- c:\program files\MSXML 6.0
2009-06-11 02:30 . 2009-06-11 02:30 -------- d-----w- c:\program files\iPod
2009-06-11 02:30 . 2009-06-11 02:30 -------- d-----w- c:\program files\iTunes
2009-06-11 02:29 . 2009-06-11 02:29 -------- d-----w- c:\program files\QuickTime
2009-06-11 02:23 . 2009-06-11 02:23 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-06 22:31 . 2009-06-06 22:31 -------- d-----w- C:\spoolerlogs
2009-05-29 23:12 . 2009-05-29 23:12 -------- d-----w- c:\program files\TechSmith
2009-05-29 23:11 . 2009-06-25 01:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 23:32 . 2008-10-25 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-21 16:14 . 2008-05-14 01:31 -------- d-----w- c:\program files\lx_cats
2009-06-21 04:43 . 2009-05-09 20:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-21 00:45 . 2009-03-31 02:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 16:27 . 2009-03-31 02:18 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 16:27 . 2009-03-31 02:18 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 18:29 . 2008-05-09 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-15 02:48 . 2008-05-09 01:55 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-15 02:40 . 2008-05-04 02:47 -------- d-----w- c:\program files\Microsoft.NET
2009-06-14 01:09 . 2009-01-06 03:21 -------- d-----w- c:\program files\SimpleCenter
2009-06-11 02:38 . 2009-03-04 02:20 141 ----a-w- c:\windows\system32\09wutili.sys
2009-06-11 02:30 . 2008-05-04 18:58 -------- d-----w- c:\program files\Common Files\Apple
2009-06-03 01:43 . 2009-05-25 21:14 -------- d-----w- c:\program files\Veoh Networks
2009-05-28 02:15 . 2009-05-25 02:11 -------- d-----w- c:\program files\Mozilla Sunbird
2009-05-25 21:51 . 2009-05-25 21:51 -------- d-----w- c:\program files\FLV Player
2009-05-25 03:09 . 2009-05-25 03:09 -------- d-----w- c:\program files\GtkSharp
2009-05-25 03:08 . 2009-05-25 03:06 -------- d-----w- c:\program files\Mono-2.4
2009-05-25 01:49 . 2009-05-25 01:24 -------- d-----w- c:\program files\Notepad++
2009-05-25 00:18 . 2009-05-25 00:18 -------- d-----w- c:\program files\Simplify Media
2009-05-19 16:23 . 2008-05-28 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-19 04:34 . 2009-05-19 04:34 -------- d-----w- c:\program files\Monsters
2009-05-19 04:25 . 2009-05-19 04:25 2317122 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\516F50703CB54254A8091825E1EAFE03\OneekoSetup.exe
2009-05-19 04:25 . 2009-05-19 04:25 16384 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\516F50703CB54254A8091825E1EAFE03\UninstallOneeko.exe
2009-05-19 04:25 . 2009-05-19 04:25 1532928 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\516F50703CB54254A8091825E1EAFE03\OneekoSkypeExtra.exe
2009-05-18 20:58 . 2008-05-04 04:59 -------- d-----w- c:\program files\Google
2009-05-18 15:28 . 2009-05-18 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-18 15:27 . 2009-05-18 15:27 -------- d-----w- c:\program files\Bonjour
2009-05-16 14:50 . 2009-05-16 14:50 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-16 14:50 . 2009-05-16 14:50 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-16 14:50 . 2009-05-15 01:22 -------- d-----w- c:\program files\Nokia
2009-05-16 14:49 . 2009-05-16 14:49 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-16 14:48 . 2009-05-16 14:48 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-16 14:48 . 2009-05-16 14:48 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-16 14:48 . 2009-05-16 14:48 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-16 14:47 . 2009-05-16 14:48 34396584 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
2009-05-16 14:47 . 2009-05-15 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-15 01:23 . 2009-05-15 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-15 01:21 . 2009-05-15 01:21 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-15 01:21 . 2009-05-15 01:21 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-15 01:21 . 2009-05-15 01:21 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-15 01:21 . 2009-05-15 01:22 33642704 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_web.exe
2009-05-11 13:36 . 2009-05-11 13:36 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-05-11 13:30 . 2009-05-09 19:59 -------- d-----w- c:\program files\McAfee
2009-05-10 17:04 . 2009-05-10 17:04 286720 ------w- c:\windows\Setup1.exe
2009-05-10 17:03 . 2009-05-10 17:03 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-10 16:26 . 2009-05-10 16:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-09 20:04 . 2009-05-09 20:02 -------- d-----w- c:\program files\SiteAdvisor
2009-05-09 20:03 . 2008-05-04 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-09 20:02 . 2009-05-09 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-09 20:00 . 2009-05-09 19:59 -------- d-----w- c:\program files\Common Files\McAfee
2009-05-09 19:59 . 2009-05-09 19:59 -------- d-----w- c:\program files\McAfee.com
2009-05-07 15:44 . 2001-08-23 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 02:59 . 2009-05-06 02:59 -------- d--h--w- c:\program files\Zero G Registry
2009-05-02 06:45 . 2008-05-14 01:28 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-05-02 06:41 . 2009-05-02 06:41 -------- d-----w- c:\program files\Alky for Applications
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-30 19:45 . 2009-04-30 03:56 -------- d-----w- c:\program files\Oracle
2009-04-29 04:56 . 2001-08-23 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 17:18 . 2008-06-10 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-28 02:02 . 2008-06-10 17:07 -------- d-----w- c:\program files\Yahoo!
2009-04-17 09:58 . 2001-08-23 12:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2001-08-23 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-11 00:52 . 2009-04-11 00:52 1563688 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\827568A28AD44457A81ABC08309D7D62\YugmaSE-Installer.exe
2009-04-10 20:12 . 2009-01-25 21:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2008-10-23 18:44 . 2008-10-23 18:44 76502424 ----a-w- c:\program files\jdk-6u10-windows-i586-p.exe
2008-10-23 18:18 . 2008-10-23 18:18 16156056 ----a-w- c:\program files\jre-6u10-windows-i586-p.exe
2009-03-15 00:15 . 2009-03-15 00:15 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-10-26 05:03 . 2008-05-05 01:14 900 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-02-14 23:23 . 2009-02-14 23:16 1004 --sha-w- c:\windows\system32\sys_drv.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\suchitra ----

2009-05-26 18:46 . 2005-09-23 11:56 5632 ----a-w- c:\suchitra\Projects\ConsoleApplication3\bin\Debug\ConsoleApplication3.vshost.exe
2009-05-26 18:46 . 2009-05-26 18:46 926 ----a-w- c:\suchitra\Projects\ConsoleApplication3\ConsoleApplication3.sln
2009-05-26 18:46 . 2009-05-26 18:53 9728 ---ha-w- c:\suchitra\Projects\ConsoleApplication3\ConsoleApplication3.suo
2009-05-26 18:46 . 2009-05-26 18:46 1972 ----a-w- c:\suchitra\Projects\ConsoleApplication3\ConsoleApplication3.csproj
2009-05-26 18:46 . 2009-05-26 18:46 205 ----a-w- c:\suchitra\Projects\ConsoleApplication3\Program.cs
2009-05-26 18:46 . 2009-05-26 18:46 1298 ----a-w- c:\suchitra\Projects\ConsoleApplication3\Properties\AssemblyInfo.cs
2009-05-26 18:42 . 2005-09-23 11:56 5632 ----a-w- c:\suchitra\Projects\ConsoleApplication1\bin\Debug\ConsoleApplication1.vshost.exe
2009-05-26 18:42 . 2009-05-26 18:42 926 ----a-w- c:\suchitra\Projects\ConsoleApplication1\ConsoleApplication1.sln
2009-05-26 18:42 . 2009-05-26 18:43 8704 ---ha-w- c:\suchitra\Projects\ConsoleApplication1\ConsoleApplication1.suo
2009-05-26 18:42 . 2009-05-26 18:42 1972 ----a-w- c:\suchitra\Projects\ConsoleApplication1\ConsoleApplication1.csproj
2009-05-26 18:42 . 2009-05-26 18:42 205 ----a-w- c:\suchitra\Projects\ConsoleApplication1\Program.cs
2009-05-26 18:42 . 2009-05-26 18:42 1298 ----a-w- c:\suchitra\Projects\ConsoleApplication1\Properties\AssemblyInfo.cs


((((((((((((((((((((((((((((( SnapShot@2009-06-25_18.07.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-25 18:09 . 2008-10-16 20:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-25 18:09 . 2004-08-04 07:56 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-25 18:09 . 2004-08-04 07:56 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-25 18:09 . 2004-08-04 07:56 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-25 18:09 . 2005-06-10 23:53 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-25 18:09 . 2004-08-04 07:56 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-25 18:09 . 2004-08-04 07:56 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-25 18:09 . 2004-08-04 05:58 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-25 18:09 . 2004-08-04 06:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-25 18:09 . 2004-08-04 07:56 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-25 18:09 . 2004-08-04 07:56 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-25 18:09 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-25 18:09 . 2007-03-08 15:36 577536 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-25 18:09 . 2004-08-04 07:56 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-25 18:09 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-25 18:09 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-25 18:09 . 2004-08-04 06:14 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-25 18:09 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-25 18:09 . 2004-08-04 07:56 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-25 18:09 . 2004-08-04 07:56 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-25 18:09 . 2004-08-04 07:56 1580544 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-25 18:09 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-25 18:09 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-25 18:09 . 2007-06-13 10:23 1033216 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="c:\program files\Common Files\Ahead\Lib\NMFirstStart.exe" [2005-10-28 10752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 291504]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-02-26 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-07 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-07 81920]
"SunJavaUpdateSched"="c:\javajre\bin\jusched.exe" [2008-10-23 136600]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-01 68592]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-07 1626112]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-25 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=3 (0x3)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [3/15/2009 11:07 PM 40464]
S2 gupdate1c98d81f432108;Google Update Service (gupdate1c98d81f432108);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 9:16 PM 133104]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/9/2009 3:01 PM 210216]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [7/10/2008 1:22 AM 218136]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [7/10/2008 2:22 AM 1106968]
S3 ABIT-IO;ABIT-IO;c:\program files\U-ABIT\abitEQ\ABIT-IO.sys [5/25/2008 5:18 PM 4608]
S3 ALLOW-IO;ALLOW-IO;\??\d:\allow-io.sys --> d:\ALLOW-IO.sys [?]
S3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 12:31 PM 42000]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [5/24/2008 9:21 PM 185183]
S4 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/14/2009 7:15 PM 30192]
S4 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [7/10/2008 1:15 AM 31256]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 4:49 AM 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;i:\microsoft visual studio\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [7/21/2008 7:01 PM 57344]
.
Contents of the 'Scheduled Tasks' folder

2009-06-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-04 23:49]

2009-06-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 02:16]

2009-05-09 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-09 15:53]

2009-05-09 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-09 15:53]
.
- - - - ORPHANS REMOVED - - - -

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)


.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.pctools.com/en/spyware-doctor/purchase/?src=b13/?product=Spyware%20Doctor&subproduct=NRM&version=6%2E0%2E1%2E445&code=0%2D0%2D0%2D0&suversion=6%2E1%2E0%2E48&osversion=5%2E1%2E2600%2E2&osspack=Service%20Pack%202&sulang=en&platform=32
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {2A25946B-1BBA-4584-B0EC-DB1802D4378C} = 208.67.220.220,208.67.222.222
TCP: {74C6452B-2DE4-488B-99D5-5AA0DAFDA6C1} = 208.67.220.220,208.67.222.222
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 19:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-26 19:06
ComboFix-quarantined-files.txt 2009-06-26 00:06
ComboFix2.txt 2009-06-25 18:09

Pre-Run: 17,431,101,440 bytes free
Post-Run: 17,403,674,624 bytes free

325 --- E O F --- 2009-06-22 04:06
brian14 is offline