ComboFix 08-09-05.03 - unknown 2008-09-07 23:15:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.570 [GMT 1:00]
Running from: C:\Documents and Settings\unknown\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\unknown\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Privacy Policy.url
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Terms and Conditions.url
C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Website.url
C:\Documents and Settings\unknown\Application Data\inst.exe
C:\Documents and Settings\unknown\Favorites\Error Cleaner.url
C:\Documents and Settings\unknown\Favorites\Privacy Protector.url
C:\Documents and Settings\unknown\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\unknown\Local Settings\Application Data\kewis.dat
C:\Documents and Settings\unknown\Local Settings\Application Data\kewis_nav.dat
C:\Documents and Settings\unknown\Local Settings\Application Data\kewis_navps.dat
C:\Program Files\RichVideoCodec
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\elbf.exe
C:\WINDOWS\gksraemq.dll
C:\WINDOWS\msn.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\secure32.html
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\vanwxemgsal.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.
2008-09-07 20:28 . 2008-09-07 20:28 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-07 20:28 . 2008-09-07 20:28 <DIR> d-------- C:\Documents and Settings\unknown\Application Data\skypePM
2008-09-07 20:28 . 2008-09-07 20:28 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-07 13:58 . 2008-09-07 13:58 <DIR> d--hs---- C:\Documents and Settings\unknown\PrivacIE
2008-09-07 08:47 . 2008-09-07 08:47 <DIR> d-------- C:\d8e23c8845dfe8f93f
2008-09-06 23:01 . 2008-09-06 23:07 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-06 14:45 . 2008-09-06 14:45 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-06 14:40 . 2008-09-07 23:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-06 14:40 . 2008-09-06 14:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-06 14:33 . 2008-09-03 05:41 <DIR> d-------- C:\SDFix
2008-09-05 23:20 . 2008-09-05 23:20 <DIR> d-------- C:\Program Files\fixpolicies
2008-09-05 18:14 . 2008-09-05 18:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-05 18:14 . 2008-09-05 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-05 02:02 . 2006-10-27 16:07 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-09-05 01:14 . 2008-09-05 01:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\alot
2008-09-05 00:58 . 2008-09-05 01:04 <DIR> d-------- C:\Program Files\Perfect Uninstaller
2008-09-05 00:58 . 2008-09-05 00:58 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie
2008-09-05 00:31 . 2008-09-05 00:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Netscape
2008-09-05 00:23 . 2008-09-05 00:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MailFrontier
2008-09-05 00:20 . 2008-09-05 00:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-04 23:37 . 2008-09-04 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-04 23:35 . 2008-09-06 21:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-04 23:35 . 2008-09-06 21:43 <DIR> d-------- C:\Documents and Settings\unknown\Application Data\SUPERAntiSpyware.com
2008-09-04 23:32 . 2008-09-06 21:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-04 23:14 . 2008-09-04 23:14 <DIR> d-------- C:\Documents and Settings\unknown\Application Data\PC Tools
2008-09-04 23:14 . 2008-09-04 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 23:14 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-04 23:14 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-04 23:14 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-04 23:14 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-04 18:40 . 2004-08-04 13:00 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe.backup
2008-09-04 18:40 . 2004-08-04 13:00 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe.backup
2008-09-04 11:41 . 2008-09-04 11:41 36,864 -r-hs---- C:\WINDOWS\system32\Kcrnad1Drv.dll
2008-08-29 21:38 . 2008-08-29 21:38 <DIR> d-------- C:\Program Files\UltiDev
2008-08-29 21:37 . 2008-08-29 21:49 <DIR> d-------- C:\Program Files\InwiseDesktop
2008-08-29 21:37 . 2008-08-29 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\UltiDev
2008-08-28 11:41 . 2008-08-28 11:41 <DIR> d-------- C:\Documents and Settings\unknown\Application Data\vlc
2008-08-28 11:39 . 2008-08-28 11:39 <DIR> d-------- C:\Program Files\VideoLAN
2008-08-27 14:57 . 2008-08-27 18:27 <DIR> d-------- C:\Documents and Settings\unknown\Application Data\Winamp
2008-08-27 14:57 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-08-25 23:17 . 2008-09-05 16:21 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-22 03:15 . 2008-08-22 03:15 1,216,512 --------- C:\WINDOWS\system32\ieframe.dll.mui
2008-08-22 03:14 . 2008-08-22 03:14 10,240 --------- C:\WINDOWS\system32\advpack.dll.mui
2008-08-22 03:05 . 2008-08-22 03:05 48,640 --------- C:\WINDOWS\system32\PrivacIE.dll
2008-08-19 22:14 . 2008-09-07 23:22 <DIR> d-------- C:\Documents and Settings\unknown\Application Data\OpenOffice.org2
2008-08-19 22:07 . 2008-08-19 22:08 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-08-10 11:33 . 2008-08-10 11:39 <DIR> d-------- C:\Program Files\Free Saltwater Fish Screensaver
2008-08-10 11:33 . 2008-08-10 11:33 <DIR> d-------- C:\Program Files\Desktop XP
2008-08-09 14:24 . 2008-09-03 19:20 <DIR> d-------- C:\Program Files\GameSpy Arcade
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2090-01-01 01:43 2,686,464 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-09-07 22:27 48,258,592 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-07 22:21 647,348 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-07 22:21 251,756 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-07 22:21 2,674,208 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-07 21:28 --------- d-----w C:\Documents and Settings\unknown\Application Data\Skype
2008-09-07 19:29 512 ----a-w C:\ScanSectorLog.dat
2008-09-07 19:28 --------- d-----w C:\Program Files\Skype
2008-09-07 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-05 20:55 3,465,216 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-09-04 23:55 --------- d-----w C:\Program Files\Free Internet Window Washer
2008-09-04 22:14 --------- d-----w C:\Program Files\Spyware Doctor
2008-09-04 17:41 24,064 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-09-04 17:37 --------- d-----w C:\Program Files\Google
2008-09-04 10:06 94,208 ----a-w C:\WINDOWS\sxmaokgf.exe
2008-09-02 21:24 45,634 ----a-w C:\Documents and Settings\unknown\Application Data\wklnhst.dat
2008-08-26 17:21 --------- d-----w C:\Program Files\Magic Workstation
2008-08-25 12:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-22 02:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 02:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 02:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 02:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
2008-08-22 02:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-08-22 02:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-08-22 02:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-22 02:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-22 02:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 01:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-20 16:36 --------- d-----w C:\Program Files\Java
2008-08-06 13:14 --------- d-----w C:\Program Files\Majesty Gold
2008-08-05 16:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-08-02 15:36 --------- d-----w C:\Documents and Settings\unknown\Application Data\Image Zone Express
2008-07-29 19:57 --------- d-----w C:\Program Files\GIMP-2.0
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-12 11:13 --------- d-----w C:\Program Files\Ubi Soft
2008-07-12 09:38 --------- d-----w C:\Program Files\VIAudioi
2008-07-12 09:38 --------- d-----w C:\Program Files\Picasa2
2008-07-12 09:38 --------- d-----w C:\Program Files\Idigicon Ltd
2008-07-12 09:38 --------- d-----w C:\Program Files\EASY COMPUTING
2008-07-12 09:38 --------- d-----w C:\Program Files\Darkened Skye
2008-07-12 09:38 --------- d-----w C:\Program Files\Common Files\Apple
2008-07-12 09:38 --------- d-----w C:\Program Files\Apple Software Update
2008-07-12 09:38 --------- d-----w C:\Program Files\321Studios
2008-07-12 09:38 --------- d-----w C:\Documents and Settings\unknown\Application Data\alot
2008-07-12 09:37 --------- d-----w C:\Program Files\Website Builder
2008-07-12 09:37 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-07-12 09:37 --------- d-----w C:\Program Files\Microsoft Encarta
2008-07-12 09:37 --------- d-----w C:\Program Files\Microsoft AutoRoute
2008-07-12 09:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-07-12 09:33 --------- d-----w C:\Program Files\iTunes
2008-07-12 09:33 --------- d-----w C:\Program Files\iPod
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock(2)(2).dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dnsapi(2)(2).dll
2008-06-12 10:27 26,144 ----a-w C:\WINDOWS\system32\spupdsvc.exe
2008-06-12 10:27 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2008-06-12 10:27 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2008-06-12 10:27 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
2008-06-04 18:00 47,360 ----a-w C:\Documents and Settings\unknown\Application Data\pcouffin.sys
2008-04-21 17:13 108,784 ----a-w C:\Documents and Settings\unknown\Application Data\GDIPFONTCACHEV1.DAT
2007-01-05 17:56 3,282,340 ----a-w C:\Program Files\podutilsetup.exe
2006-09-16 08:49 24,192 ----a-w C:\Documents and Settings\unknown\usbsermptxp.sys
2006-09-16 08:49 22,768 ----a-w C:\Documents and Settings\unknown\usbsermpt.sys
2006-04-09 13:37 1,800 -c--a-w C:\Documents and Settings\unknown\RISK.DAT
1990-01-01 01:01 36,864 --sh--r C:\WINDOWS\system32\KcrnadDrv.dll
.
------- Sigcheck -------
2008-04-14 01:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2005-10-19 09:53 502272 6e8ca4fcb30282f216f5db9dd58a5f81 C:\WINDOWS\system32\winlogon.exe
2008-04-14 01:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2008-09-04 18:41 24064 c3a2915c71ae6f225eb906c25ccd29b5 C:\WINDOWS\system32\ctfmon.exe
2008-09-04 18:41 24064 c3a2915c71ae6f225eb906c25ccd29b5 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 5562368]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-08 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-09-04 24064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]
C:\Documents and Settings\unknown\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-09-04 18:41 24064 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-17 16:14 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC]
--a------ 2007-10-12 08:57 2435072 C:\Program Files\PC Tune-Up\PCTuneUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-04-14 16:56 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-04-01 16:16 5562368 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-04-01 16:16 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-04-08 17:35 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-01-13 10:19 757760 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-01-13 14:05 69632 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2003-12-31 17:39 40960 C:\WINDOWS\vsnpstd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-11 23:31 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-03-09 02:02 919280 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\SopCast\\SopServer.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9968:TCP"= 9968:TCP:BitComet 9968 TCP
"9968:UDP"= 9968:UDP:BitComet 9968 UDP
"62503:TCP"= 62503:TCP:utorrent
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2007-10-13 29696]
R3 uscbs109;uscbs109;C:\WINDOWS\system32\DRIVERS\uscbs109.sys [2005-03-22 8672]
R3 uscsc109;uscsc109;C:\WINDOWS\system32\DRIVERS\uscsc109.sys [2005-03-22 102336]
S3 firewall;firewall;C:\Program Files\Foxie Suite\firewall.sys [ ]
S3 RkHit;RkHit;C:\WINDOWS\system32\drivers\RKHit.sys [ ]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\unknown\Application Data\Mozilla\Firefox\Profiles\vhwmchw9.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-07 23:24:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-07 23:35:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 22:34:55
Pre-Run: 11,540,639,744 bytes free
Post-Run: 11,454,885,888 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff Windows XP Home Edition" /noexecute=optin /fastdetect
336 --- E O F --- 2008-09-05 19:02:29