Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.643 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
FILE ::
"c:\program files\Incomplete\T-14865015-mature taboo mom sucks son zip.mpe"
"c:\program files\Incomplete\T-15292365-asian taboo yr school girls.mpe"
"c:\program files\Incomplete\T-15610740-Kn Japanese Mothers Milk Jav.avi"
"c:\program files\Incomplete\T-15763761-Jav Korean Naughty Little Kim.avi"
"c:\program files\Incomplete\T-15828776-ama10 tv korea taboo special.mpe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\kb913800.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.
2009-06-07 14:05 . 2009-06-07 14:05 -------- d-----w- c:\program files\ESET
2009-06-07 00:33 . 2009-06-07 00:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
2009-06-06 12:49 . 2009-06-06 12:50 -------- d-----w- C:\rsit
2009-06-06 12:34 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-06-06 12:34 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2009-06-01 17:43 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-01 17:43 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-22 10:58 . 2009-05-22 10:58 -------- d-----w- c:\documents and settings\HP_Administrator\Incomplete
2009-05-22 04:01 . 2009-05-22 04:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-05-21 04:41 . 2009-06-01 17:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-21 04:41 . 2009-05-21 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-20 06:28 . 2009-05-20 06:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-05-19 18:17 . 2009-05-19 18:17 -------- d-----w- c:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 03:55 . 2006-07-10 17:06 -------- d-----w- c:\program files\Steam
2009-06-07 01:33 . 2006-03-08 04:32 2526 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-06-07 00:47 . 2007-04-24 01:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Command & Conquer 3 Tiberium Wars
2009-06-07 00:47 . 2006-12-14 19:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2009-06-07 00:47 . 2006-09-17 12:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-06-07 00:47 . 2006-02-19 22:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Atari
2009-06-07 00:47 . 2006-03-05 00:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2009-06-06 12:34 . 2004-08-10 12:00 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-06 00:01 . 2006-03-07 01:57 -------- d-----w- c:\program files\LimeWire
2009-04-29 03:02 . 2008-02-11 01:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-04-18 23:11 . 2005-11-11 00:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-14 04:09 . 2009-04-14 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-14 04:09 . 2006-09-17 12:39 -------- d-----w- c:\program files\iTunes
2009-04-14 04:08 . 2006-09-17 12:37 -------- d-----w- c:\program files\iPod
2009-04-14 04:08 . 2008-01-26 21:57 -------- d-----w- c:\program files\Common Files\Apple
2009-04-14 04:05 . 2009-04-14 04:05 75048 ----a-r- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-25 22:59 . 2009-03-25 22:59 68276 ---ha-w- c:\windows\system32\mlfcache.dat
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Incomplete ----
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944]
"Steam"="c:\program files\steam\steam.exe" [2009-05-19 1217784]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VerizonServicepoint.exe"="c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 1880064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-02-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"FLMOFFICE4DMOUSE"="c:\program files\Micro Innovations\Wireless Laser Mouse\moffice.exe" [2006-11-09 806912]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-11 180269]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-02-14 1519616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-10 27136]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2007-6-26 256000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Guild Wars\\Gw.exe"=
[HKLM\~\Services\\_common\\RWVoice.exe"=]
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\solidus_fear\\counter-strike source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\ntvo85\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tovo94\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\solidus_fear\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\solidus_fear\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tuand89\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
R2 WMP54GXSVC;WMP54GXSVC;c:\program files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe [6/8/2006 9:19 PM 41025]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 11:11 AM 10664]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - gtndis5
.
Contents of the 'Scheduled Tasks' folder
2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 23:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1864948983-3403158405-3752575299-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,19,11,50,09,91,9b,38,d3,d0,0e,84,64,44,b4,43,e3,99,e5,ca,12,d2,3d,
f8,d8,3a,ce,8d,63,e0,17,f7,ae,49,54,96,9a,4b,75,8f,9e,35,fc,6c,33,44,4b,47,\
"??"=hex:32,6d,17,bd,ce,bc,fe,c7,b0,58,a8,8f,4a,f8,bf,a3
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3580)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Micro Innovations\Wireless Laser Mouse\MOUDL32A.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
c:\program files\Micro Innovations\Wireless Laser Mouse\mouse32a.dat
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Linksys Wireless-G PCI Adapter with SRX\WMP54GX.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-06-09 0:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-09 04:00
ComboFix2.txt 2009-06-08 17:21
ComboFix3.txt 2009-06-08 16:40
ComboFix4.txt 2009-06-08 16:20
ComboFix5.txt 2009-06-09 03:47
Pre-Run: 75,266,875,392 bytes free
Post-Run: 75,255,984,128 bytes free
212 --- E O F --- 2009-05-14 02:02