Joe
ComboFix 08-03-05.1 - Owner 2008-03-15 12:40:12.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.331 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.
2008-03-09 22:25 . 2008-03-09 22:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-09 22:25 . 2008-03-09 22:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-03-09 22:25 . 2008-03-09 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-09 21:50 . 2008-03-09 21:50 <DIR> d-------- C:\Program Files\CCleaner
2008-03-05 00:54 . 2008-03-05 00:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-04 22:53 . 2008-03-04 23:25 1,302,976 ---hs---- C:\WINDOWS\system32\xeoepbco.ini
2008-02-22 12:38 . 2008-02-28 18:09 143 --a------ C:\WINDOWS\BMffb48e05.xml
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 18:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-14 03:41 3,888 ----a-w C:\WINDOWS\viassary-hp.reg
2008-03-14 03:41 --------- d-----w C:\Program Files\Easy Internet signup
2008-03-08 05:07 --------- d-----w C:\Program Files\Yahoo!
2008-03-08 04:57 --------- d--h--r C:\Documents and Settings\Owner\Application Data\yahoo!
2008-03-07 00:45 --------- d-----w C:\Program Files\MSN Messenger
2008-03-07 00:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-06 01:42 --------- d-----w C:\Program Files\ThreatFire
2008-03-03 02:20 --------- d-----w C:\Program Files\SealedMedia
2008-03-01 16:39 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-02-15 17:21 41,280 ----a-w C:\WINDOWS\system32\drivers\TfSysMon.sys
2008-02-15 17:21 33,088 ----a-w C:\WINDOWS\system32\drivers\TfNetMon.sys
2008-02-15 17:21 12,608 ----a-w C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-02-15 17:20 51,520 ----a-w C:\WINDOWS\system32\drivers\TfFsMon.sys
2008-02-14 05:33 --------- d-----w C:\Program Files\Common Files\RuleSpace
2008-02-14 05:32 --------- d-----w C:\Program Files\Common Files\Aluria
2008-02-14 05:24 --------- d-----w C:\Program Files\Common Files\Authentium Shared
2008-02-14 05:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-14 05:20 --------- d-----w C:\Program Files\McAfee
2008-02-14 05:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-08 06:14 --------- d-----w C:\Program Files\Google
2008-01-26 19:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\SealedMedia
2008-01-26 03:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\PoivY
2008-01-26 03:42 --------- d-----w C:\Program Files\PoivY.com
2008-01-22 06:53 --------- d-----w C:\Program Files\a-squared Free
2008-01-21 03:11 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe
2008-01-21 03:11 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-01-18 03:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-01-18 03:54 --------- d-----w C:\Program Files\Lavasoft
2008-01-18 03:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-17 05:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-16 14:12 103,936 ----a-w C:\WINDOWS\system32\HFX2C5A.tmp
2008-01-15 23:25 81,920 ----a-w C:\WINDOWS\system32\ps2.exe
2008-01-15 23:25 483,328 ----a-w C:\WINDOWS\system32\hphmon05.exe
2008-01-15 03:25 --------- d-----w C:\Program Files\Microsoft Picture It! 7
2008-01-11 04:11 10 ----a-w C:\Program Files\.autoreg
2007-07-07 02:10 456,192 --sh--r C:\WINDOWS\cnetmgr.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-05_19.49.52.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-13 00:23:58 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-03-12 06:33:57 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-02-13 00:23:57 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-03-12 06:33:57 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-02-13 00:23:58 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-03-12 06:33:57 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-02-13 00:23:58 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-03-12 06:33:57 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-02-13 00:23:58 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-03-12 06:33:57 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-02-13 00:23:58 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-03-12 06:33:58 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-02-13 00:23:58 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-03-12 06:33:57 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-02-13 00:23:58 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-03-12 06:33:58 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-02-13 00:23:57 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-03-12 06:33:57 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-02-13 00:23:57 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-03-12 06:33:57 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-01-15 03:23:14 22,798 ----a-r C:\WINDOWS\Installer\{ABEB838C-A1A7-4C5D-B7E1-8B4314B00544}\MsblIco.Exe
+ 2008-03-07 00:54:30 22,798 ----a-r C:\WINDOWS\Installer\{ABEB838C-A1A7-4C5D-B7E1-8B4314B00544}\MsblIco.Exe
+ 2008-01-15 23:25:21 212,992 ----a-w C:\WINDOWS\SMINST\RECGUARD.EXE
+ 2008-01-15 23:25:18 52,736 ----a-w C:\WINDOWS\system\hpsysdrv.exe
+ 2004-08-04 07:56:57 13,824 -c--a-w C:\WINDOWS\system32\dllcache\wscntfy.exe
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-15 23:25:23 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"Router"="C:\Program Files\Router\Router.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-15 17:25 2185800]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-05 19:23 171448]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2008-01-15 17:25 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2008-01-20 21:11 118784]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2008-01-12 12:56 90112]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-01-15 17:25 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2008-01-12 12:56 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-12 12:56 45056]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-12 12:57 151597]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2008-01-15 17:25 212992]
"VTTimer"="VTTimer.exe" []
"LTMSG"="LTMSG.exe" [2003-07-14 18:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2008-01-15 17:25 81920]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2008-01-15 17:25 196608]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2008-01-20 21:11 155648]
"ESP"="c:\Program Files\Cox\Applications\app\start.exe" [ ]
"sealmon"="C:\Program Files\SealedMedia\sealmon.exe" [ ]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 17:37 53248]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 07:35:01 557056]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R0 GRFILTER;Authentium NDIS Driver;C:\WINDOWS\system32\drivers\GRFILTER.sys [2007-05-09 13:41]
R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-02-15 11:20]
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-02-15 11:21]
R2 GRTdiMon;Authentium TDI Mon;C:\WINDOWS\system32\Drivers\GRTdiMon.sys [2007-05-09 13:41]
R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
R3 TfNetMon;TfNetMon;C:\WINDOWS\System32\drivers\TfNetMon.sys [2008-02-15 11:21]
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-07-30 03:15]
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-07-30 03:15]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-11 04:36:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-14 03:41:40 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2003-10-14 13:32:36 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 12:45:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-15 12:48:51
ComboFix-quarantined-files.txt 2008-03-15 18:48:43
ComboFix2.txt 2008-03-15 18:32:29
ComboFix3.txt 2008-03-07 00:59:44
ComboFix4.txt 2008-03-06 01:51:01
.
2008-03-12 06:35:25 --- E O F ---