Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:12 AM, on 8/1/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS.0\System32\smss.exe
E:\WINDOWS.0\system32\winlogon.exe
E:\WINDOWS.0\system32\services.exe
E:\WINDOWS.0\system32\lsass.exe
E:\WINDOWS.0\system32\svchost.exe
E:\WINDOWS.0\System32\svchost.exe
E:\WINDOWS.0\system32\spoolsv.exe
E:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
E:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
E:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
E:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
E:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
E:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
E:\WINDOWS.0\system32\HPZipm12.exe
E:\WINDOWS.0\system32\svchost.exe
E:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
E:\WINDOWS.0\Explorer.EXE
E:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
E:\WINDOWS.0\AGRSMMSG.exe
E:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
E:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
E:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
E:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS.0\system32\ctfmon.exe
E:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
D:\Free Download Manager\Free Download Manager\fdm.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
E:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\mozilla\firefox.exe
E:\DOCUME~1\uuurbody\LOCALS~1\Temp\Rar$EX00.141\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Free Download Manager\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [cctray] "E:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "E:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "E:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] E:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] E:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] E:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] "D:\Free Download Manager\Free Download Manager\fdm.exe" -autorun
O4 - Global Startup: Mozilla Firefox
O8 - Extra context menu item: Download all with Free Download Manager -
file://D:\Free Download Manager\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -
file://D:\Free Download Manager\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager -
file://D:\Free Download Manager\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager -
file://D:\Free Download Manager\Free Download Manager\dllink.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cabO23 - Service: CaCCProvSP - CA, Inc. - E:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - E:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - E:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS.0\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - E:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - E:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - E:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - E:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - E:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - E:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
--
End of file - 6713 bytes
Fix 08-07-31.04 - uuurbody 2008-08-01 7:01:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.270 [GMT -4:00]
Running from: E:\Documents and Settings\uuurbody\Desktop\ComboFix.exe
Command switches used :: E:\Documents and Settings\uuurbody\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Documents and Settings\uuurbody\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
.
((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.
2008-08-01 06:19 . 2008-08-01 06:19 <DIR> d-------- E:\Program Files\HP
2008-08-01 06:19 . 2008-08-01 06:47 <DIR> d-------- E:\Documents and Settings\uuurbody\Application Data\Free Download Manager
2008-08-01 06:18 . 2008-08-01 06:18 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-07-31 17:45 . 2008-07-31 17:45 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-30 17:08 . 2008-07-30 17:08 1,233 --a------ E:\WINDOWS.0\mozver.dat
2008-07-30 17:04 . 2008-08-01 06:30 69 --a------ E:\WINDOWS.0\NeroDigital.ini
2008-07-30 17:03 . 2008-08-01 06:19 <DIR> d-------- E:\Documents and Settings\uuurbody\Application Data\Free Upload Manager
2008-07-30 16:40 . 2007-07-02 18:02 3,073,320 --a------ E:\WINDOWS.0\system32\AdvrCntr2D6E0B790.dll
2008-07-30 16:39 . 2007-07-02 18:02 996,648 --a------ E:\WINDOWS.0\system32\ShellManager10E2D762.dll
2008-07-30 16:39 . 2007-07-02 17:19 638,976 --a------ E:\WINDOWS.0\system32\NEROINSTAEC43759.DB
2008-07-30 15:33 . 2008-07-30 15:33 <DIR> d-------- E:\Documents and Settings\uuurbody\Application Data\Talkback
2008-07-30 15:32 . 2008-07-30 15:32 0 --a------ E:\WINDOWS.0\nsreg.dat
2008-07-29 16:29 . 2008-08-01 06:30 <DIR> d-------- E:\WINDOWS.0\CAVTemp
2008-07-29 16:29 . 2008-07-29 16:29 <DIR> d-------- E:\Program Files\Combined Community Codec Pack
2008-07-28 18:40 . 2003-03-04 13:56 145,408 --a------ E:\WINDOWS.0\system32\drivers\e100b325.sys
2008-07-28 18:40 . 2003-03-04 13:56 145,408 --a--c--- E:\WINDOWS.0\system32\dllcache\e100b325.sys
2008-07-28 18:40 . 2003-03-03 17:26 118,784 --a------ E:\WINDOWS.0\system32\Prounstl.exe
2008-07-28 18:40 . 2002-12-29 06:00 24,064 --a------ E:\WINDOWS.0\system32\IntelNic.dll
2008-07-28 18:40 . 2003-02-03 07:26 12,288 --a------ E:\WINDOWS.0\system32\e100bmsg.dll
2008-07-28 18:40 . 2002-06-27 07:53 5,110 --a------ E:\WINDOWS.0\system32\e100b325.din
2008-07-28 18:06 . 2008-04-23 00:16 6,066,176 -----c--- E:\WINDOWS.0\system32\dllcache\ieframe.dll
2008-07-28 18:06 . 2007-04-17 05:32 2,455,488 -----c--- E:\WINDOWS.0\system32\dllcache\ieapfltr.dat
2008-07-28 18:06 . 2007-03-08 01:10 991,232 -----c--- E:\WINDOWS.0\system32\dllcache\ieframe.dll.mui
2008-07-28 18:06 . 2008-04-23 00:16 459,264 -----c--- E:\WINDOWS.0\system32\dllcache\msfeeds.dll
2008-07-28 18:06 . 2008-04-23 00:16 383,488 -----c--- E:\WINDOWS.0\system32\dllcache\ieapfltr.dll
2008-07-28 18:06 . 2008-04-23 00:16 267,776 -----c--- E:\WINDOWS.0\system32\dllcache\iertutil.dll
2008-07-28 18:06 . 2008-04-23 00:16 63,488 -----c--- E:\WINDOWS.0\system32\dllcache\icardie.dll
2008-07-28 18:06 . 2008-04-23 00:16 52,224 -----c--- E:\WINDOWS.0\system32\dllcache\msfeedsbs.dll
2008-07-28 18:06 . 2008-04-22 03:39 13,824 -----c--- E:\WINDOWS.0\system32\dllcache\ieudinit.exe
2008-07-28 17:54 . 2008-07-31 20:53 66,838 --a------ E:\WINDOWS.0\system32\drivers\kmxcfg.u2k0
2008-07-28 17:54 . 2008-07-31 20:53 64 --a------ E:\WINDOWS.0\system32\drivers\kmxcfg.u2k7
2008-07-28 17:54 . 2008-07-31 20:53 64 --a------ E:\WINDOWS.0\system32\drivers\kmxcfg.u2k6
2008-07-28 17:54 . 2008-07-31 20:53 64 --a------ E:\WINDOWS.0\system32\drivers\kmxcfg.u2k5
2008-07-28 17:54 . 2008-07-31 20:53 64 --a------ E:\WINDOWS.0\system32\drivers\kmxcfg.u2k4
2008-07-28 17:54 . 2008-07-31 20:53 64 --a------ E:\WINDOWS.0\system32\drivers\kmxcfg.u2k3
2008-07-28 17:54 . 2008-07-31 20:53 64 --a------ E:\WINDOWS.0\system32\drivers\kmxcfg.u2k2
2008-07-28 17:54 . 2008-07-31 20:53 64 --a------ E:\WINDOWS.0\system32\drivers\kmxcfg.u2k1
2008-07-28 17:49 . 2008-07-28 17:49 <DIR> d-------- E:\Program Files\MSXML 4.0
2008-07-28 17:39 . 2008-06-13 07:05 272,128 --------- E:\WINDOWS.0\system32\drivers\bthport.sys
2008-07-28 17:39 . 2008-06-13 07:05 272,128 -----c--- E:\WINDOWS.0\system32\dllcache\bthport.sys
2008-07-28 17:34 . 2008-07-29 03:01 <DIR> d--h----- E:\WINDOWS.0\$hf_mig$
2008-07-28 17:34 . 2006-09-06 17:43 22,752 --a------ E:\WINDOWS.0\system32\spupdsvc.exe
2008-07-28 17:23 . 2003-05-23 14:44 1,171,648 --a------ E:\WINDOWS.0\system32\drivers\AGRSM.sys
2008-07-28 17:23 . 2003-05-23 14:43 88,363 --a------ E:\WINDOWS.0\AGRSMMSG.exe
2008-07-28 17:23 . 2003-03-25 21:27 59,392 --a------ E:\WINDOWS.0\agrsmdel.exe
2008-07-28 17:22 . 2008-02-12 06:19 26,368 --a--c--- E:\WINDOWS.0\system32\dllcache\usbstor.sys
2008-07-28 16:59 . 2001-09-19 15:32 720,896 --a--c--- E:\WINDOWS.0\system32\dllcache\a3d.dll
2008-07-28 16:32 . 2008-07-28 16:32 <DIR> d-------- E:\Program Files\Common Files\Hewlett-Packard
2008-07-28 16:31 . 2008-02-12 06:19 32,128 --a------ E:\WINDOWS.0\system32\drivers\usbccgp.sys
2008-07-28 16:31 . 2008-02-12 06:19 32,128 --a--c--- E:\WINDOWS.0\system32\dllcache\usbccgp.sys
2008-07-28 16:31 . 2008-02-12 06:33 25,856 --a------ E:\WINDOWS.0\system32\drivers\usbprint.sys
2008-07-28 16:31 . 2008-02-12 06:33 25,856 --a--c--- E:\WINDOWS.0\system32\dllcache\usbprint.sys
2008-07-28 16:31 . 2008-02-12 06:31 15,104 --a------ E:\WINDOWS.0\system32\drivers\usbscan.sys
2008-07-28 16:31 . 2008-02-12 06:31 15,104 --a--c--- E:\WINDOWS.0\system32\dllcache\usbscan.sys
2008-07-28 16:30 . 1998-10-29 19:45 306,688 --a------ E:\WINDOWS.0\IsUninst.exe
2008-07-28 16:30 . 2004-09-29 15:12 278,584 --a------ E:\WINDOWS.0\system32\HPZidr12.dll
2008-07-28 16:30 . 2004-09-29 15:15 204,800 --a------ E:\WINDOWS.0\system32\HPZipr12.dll
2008-07-28 16:30 . 2004-09-29 15:09 94,208 --a------ E:\WINDOWS.0\system32\HPZipt12.dll
2008-07-28 16:30 . 2004-09-29 15:14 69,632 --a------ E:\WINDOWS.0\system32\HPZipm12.exe
2008-07-28 16:30 . 2004-09-29 15:08 61,440 --a------ E:\WINDOWS.0\system32\HPZinw12.exe
2008-07-28 16:30 . 2004-09-29 15:09 57,344 --a------ E:\WINDOWS.0\system32\HPZisn12.dll
2008-07-28 16:06 . 2008-07-28 16:05 880,560 --a------ E:\WINDOWS.0\system32\drivers\vetefile.sys
2008-07-28 16:06 . 2008-07-28 16:05 108,368 --a------ E:\WINDOWS.0\system32\drivers\veteboot.sys
2008-07-28 16:05 . 2007-08-20 16:37 99,592 --a------ E:\WINDOWS.0\system32\isafeif.dll
2008-07-28 16:05 . 2007-08-20 16:26 79,424 --a------ E:\WINDOWS.0\system32\vetredir.dll
2008-07-28 16:05 . 2007-08-20 16:37 75,016 --a------ E:\WINDOWS.0\system32\isafprod.dll
2008-07-28 16:05 . 2007-08-20 16:38 32,264 --a------ E:\WINDOWS.0\system32\drivers\vetmonnt.sys
2008-07-28 16:05 . 2007-08-20 16:38 26,376 --a------ E:\WINDOWS.0\system32\drivers\vet-filt.sys
2008-07-28 16:05 . 2007-08-20 16:38 21,512 --a------ E:\WINDOWS.0\system32\drivers\vetfddnt.sys
2008-07-28 16:05 . 2007-08-20 16:38 21,128 --a------ E:\WINDOWS.0\system32\drivers\vet-rec.sys
2008-07-28 16:04 . 2008-07-28 16:04 <DIR> d-------- E:\Program Files\Common Files\Scanner
2008-07-28 16:04 . 2008-07-28 16:04 <DIR> d-------- E:\Program Files\CA
2008-07-28 16:04 . 2008-07-28 16:22 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\CA
2008-07-28 15:44 . 2008-07-28 15:44 <DIR> d-------- E:\Program Files\PartyGaming
2008-07-28 15:41 . 2008-07-28 15:41 <DIR> d--hs---- E:\Documents and Settings\uuurbody\UserData
2008-07-27 22:08 . 2008-07-30 17:05 <DIR> d-------- E:\Documents and Settings\uuurbody\Application Data\Ahead
2008-07-27 22:08 . 2008-07-27 22:08 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Ahead
2008-07-27 22:06 . 2008-07-27 22:06 <DIR> d-------- E:\Program Files\Nero
2008-07-27 22:06 . 2008-07-27 22:06 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Nero
2008-07-27 21:59 . 2008-07-27 22:07 <DIR> d-------- E:\Program Files\Common Files\Ahead
2008-07-27 21:35 . 2008-07-27 21:36 <DIR> d-------- E:\Program Files\Common Files\Adobe
2008-07-26 11:59 . 2008-07-26 12:01 <DIR> d-------- E:\WINDOWS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 00:43 --------- d-----w E:\Program Files\microsoft frontpage
2008-06-24 23:10 256,528 ----a-w E:\WINDOWS.0\system32\UmxSbxw.dll
2008-06-24 23:10 117,264 ----a-w E:\WINDOWS.0\system32\UmxSbxExw.dll
2008-06-24 23:08 93,712 ----a-w E:\WINDOWS.0\system32\drivers\KmxStart.sys
2008-06-24 23:08 88,816 ----a-w E:\WINDOWS.0\system32\drivers\KmxCfg.sys
2008-06-24 23:08 66,576 ----a-w E:\WINDOWS.0\system32\drivers\KmxSbx.sys
2008-06-24 23:08 63,504 ----a-w E:\WINDOWS.0\system32\drivers\KmxAgent.sys
2008-06-24 23:08 45,584 ----a-w E:\WINDOWS.0\system32\drivers\KmxFile.sys
2008-06-24 23:08 134,648 ----a-w E:\WINDOWS.0\system32\drivers\KmxCF.sys
2008-06-24 23:08 115,216 ----a-w E:\WINDOWS.0\system32\drivers\KmxFw.sys
2008-06-20 17:46 245,248 ----a-w E:\WINDOWS.0\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w E:\WINDOWS.0\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w E:\WINDOWS.0\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w E:\WINDOWS.0\system32\drivers\tcpip6.sys
2008-05-09 10:53 90,112 ----a-w E:\WINDOWS.0\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w E:\WINDOWS.0\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w E:\WINDOWS.0\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w E:\WINDOWS.0\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w E:\WINDOWS.0\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w E:\WINDOWS.0\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w E:\WINDOWS.0\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 22:03 152872]
"ctfmon.exe"="E:\WINDOWS.0\system32\ctfmon.exe" [2008-02-12 14:59 15360]
"Free Download Manager"="D:\Free Download Manager\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="E:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-17 01:19 177416]
"QOELOADER"="E:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-07-28 16:05 14088]
"CAVRID"="E:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 16:36 230664]
"cafwc"="E:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 15:49 1193200]
"capfasem"="E:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 15:49 173296]
"capfupgrade"="E:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 15:49 259312]
"NBKeyScan"="E:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-06-29 22:16 1373480]
"MSConfig"="E:\WINDOWS.0\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-02-12 14:59 169984]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 14:43 88363 E:\WINDOWS.0\AGRSMMSG.exe]
E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mozilla Firefox
Mozilla Firefox (Safe Mode).lnk - D:\mozilla\firefox.exe [2008-07-30 15:32:25 7667312]
Mozilla Firefox.lnk - D:\mozilla\firefox.exe [2008-07-30 15:32:25 7667312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 16:30 79368 E:\WINDOWS.0\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= E:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 18:57 153136 E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 KmxStart;KmxStart;E:\WINDOWS.0\system32\DRIVERS\kmxstart.sys [2008-06-24 19:08]
R1 KmxAgent;KmxAgent;E:\WINDOWS.0\system32\DRIVERS\kmxagent.sys [2008-06-24 19:08]
R1 KmxFile;KmxFile;E:\WINDOWS.0\system32\DRIVERS\KmxFile.sys [2008-06-24 19:08]
R1 KmxFw;KmxFw;E:\WINDOWS.0\system32\DRIVERS\kmxfw.sys [2008-06-24 19:08]
R2 KmxCF;KmxCF;E:\WINDOWS.0\system32\DRIVERS\KmxCF.sys [2008-06-24 19:08]
R2 KmxSbx;KmxSbx;E:\WINDOWS.0\system32\DRIVERS\KmxSbx.sys [2008-06-24 19:08]
R2 UmxAgent;HIPS Event Manager;E:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 13:24]
R2 UmxCfg;HIPS Configuration Interpreter;E:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 13:24]
R2 UmxPol;HIPS Policy Manager;E:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 19:10]
R3 KmxCfg;KmxCfg;E:\WINDOWS.0\system32\DRIVERS\kmxcfg.sys [2008-06-24 19:08]
R3 PPCtlPriv;PPCtlPriv;E:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-17 00:10]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f430e84-5f46-11dd-bdcc-000ea6706922}]
\Shell\AutoRun\command - H:\wd_windows_tools\WDSetup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-07-28 E:\WINDOWS.0\Tasks\CAAntiSpywareScan_Daily as uuurbody at 1 05 PM.job
- E:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 00:10]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-NWEReboot - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - E:\Documents and Settings\uuurbody\Application Data\Mozilla\Firefox\Profiles\8klvimkq.default\
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-01 07:12:32
Windows 5.1.2600 Service Pack 3, v.3311 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-01 7:16:24
ComboFix-quarantined-files.txt 2008-08-01 11:15:44
Pre-Run: 217,395,200 bytes free
Post-Run: 2,409,639,936 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
204 --- E O F --- 2008-07-29 07:02:36
I seem to have lost the Uninstall list