ComboFix 09-05-02.4 - Jeff 05/03/2009 19:36.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.661 [GMT -5:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeff\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FILE ::
c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-6918d4c8.zip
c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-44f8f638.zip
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-6918d4c8.zip
c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-44f8f638.zip
.
((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.
2009-05-02 22:40 . 2009-05-02 22:42 -------- d-----w c:\program files\GCFScape
2009-04-30 02:06 . 2009-04-30 02:06 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-29 04:40 . 2009-04-29 04:43 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-29 04:40 . 2009-04-29 04:40 -------- d-----w c:\program files\Avira
2009-04-29 04:40 . 2009-04-29 04:40 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-27 05:26 . 2009-04-27 05:26 -------- d-----w c:\program files\Trend Micro
2009-04-27 05:21 . 2008-10-22 01:04 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-27 04:51 . 2009-04-27 04:51 -------- d-----w C:\VundoFix Backups
2009-04-04 20:34 . 2009-04-04 20:34 -------- d-----w c:\documents and settings\Jeff\Local Settings\Application Data\Intuit
2009-04-04 20:33 . 2009-04-04 20:33 -------- d-----w c:\program files\Common Files\AnswerWorks 5.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 00:36 . 2006-10-31 03:16 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 20:06 . 2006-10-31 03:13 295424 ----a-w c:\windows\system32\termsrv.dll
2009-04-30 04:32 . 2007-07-04 16:29 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-30 02:09 . 2006-10-31 05:44 -------- d-----w c:\program files\Java
2009-04-28 02:18 . 2007-12-01 02:00 -------- d-----w c:\program files\Steam
2009-04-28 01:50 . 2009-04-28 01:50 0 ----a-w c:\documents and settings\Jeff\ntuser.tmp
2009-04-27 02:44 . 2008-10-22 05:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 20:32 . 2008-10-22 05:52 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 . 2008-10-22 05:53 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 20:33 . 2006-10-31 04:53 72880 ----a-w c:\documents and settings\Jeff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 20:31 . 2007-04-14 16:34 -------- d-----w c:\program files\Common Files\Intuit
2009-04-04 20:29 . 2007-04-14 16:33 -------- d-----w c:\program files\TurboTax
2009-03-19 03:35 . 2008-07-03 03:42 -------- d-----w c:\program files\ICQ6
2009-03-17 17:09 . 2009-03-17 17:09 6 ----a-w c:\windows\Fonts\wfonts.key
2009-02-09 01:01 . 2007-05-18 03:33 140216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-09 01:01 . 2007-05-18 03:33 201352 ----a-w c:\windows\system32\PnkBstrB.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-05-01_21.42.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-03 04:17 . 2009-05-03 04:17 16384 c:\windows\temp\Perflib_Perfdata_70.dat
+ 2006-10-31 03:13 . 2009-05-02 20:06 295424 c:\windows\system32\dllcache\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-30 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-06-21 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave7"= Echo3GWrap.dll
"Midi1"= usbmn4x4.dll
"midi2"= ma_cmidn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Unreal Anthology\\UT2004\\System\\UT2004.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fletch_101\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fletch_101\\counter-strike source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\BZFlag2.0.10\\bzfs.exe"=
"c:\\Program Files\\BZFlag2.0.10\\bzflag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"41952:TCP"= 41952:TCP:TVersity 01
"41952:UDP"= 41952:UDP:TVersity 02
"6112:TCP"= 6112:TCP:Blizzard Downloader: 6112
R0 FGXSCSI;FGXSCSI; [x]
R3 USB44LDR;M-Audio USB MIDISPORT 4x4 Loader;c:\windows\system32\drivers\usb44ldr.sys [2007-11-14 23080]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-29 108289]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-02-25 13088]
S3 echo3g;Echo3G Service;c:\windows\system32\drivers\echo3g.sys [2006-08-17 221696]
S3 USBMN4X4;M-Audio USB MidiSport 4x4;c:\windows\system32\drivers\usbmn4x4.sys [2008-01-06 22304]
.
Contents of the 'Scheduled Tasks' folder
2009-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.commStart Page =
hxxp://www.google.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\dtklt8bm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-03 19:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-05-04 19:39
ComboFix-quarantined-files.txt 2009-05-04 00:39
ComboFix2.txt 2009-05-02 22:15
ComboFix3.txt 2009-05-02 20:14
ComboFix4.txt 2009-05-01 21:43
ComboFix5.txt 2009-05-04 00:34
Pre-Run: 12,761,071,616 bytes free
Post-Run: 12,884,905,984 bytes free
150 --- E O F --- 2008-07-09 08:00