Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:42 PM, on 3/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\LEXBCES.EXE
J:\WINDOWS\system32\LEXPPS.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Common Files\LightScribe\LSSrvc.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Norton Ghost\Agent\VProSvc.exe
J:\WINDOWS\system32\nvsvc32.exe
J:\WINDOWS\System32\snmp.exe
J:\WINDOWS\system32\RunDLL32.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\dllhost.exe
J:\Program Files\Griffin Technology\PowerMate\PowerMate.exe
J:\WINDOWS\system32\fxssvc.exe
J:\WINDOWS\RTHDCPL.EXE
J:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
J:\Program Files\Canon\CAL\CALMAIN.exe
J:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
J:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
J:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
J:\WINDOWS\system32\wscntfy.exe
J:\WINDOWS\System32\dllhost.exe
J:\Program Files\Trend Micro\HijackThis\HijackThis.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
J:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.defaulthomepage.infoR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.defaulthomepage.infoR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - J:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - J:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [PowerMate] J:\Program Files\Griffin Technology\PowerMate\PowerMate.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "J:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark 3100 Series] "J:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] J:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [000000af] rundll32.exe "J:\WINDOWS\system32\idihdrog.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] J:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: SATARaid.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://J:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - J:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - J:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: dkdklc.dll qmukun.dll
O20 - Winlogon Notify: !SASWinLogon - J:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcArSMd - J:\WINDOWS\
O20 - Winlogon Notify: wvUlmKeB - J:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - J:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - J:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - J:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - J:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - J:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - J:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SymSnapService - Symantec - J:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
--
End of file - 6518 bytes
*******************************************************************************************************************************************
*******************************************************************************************************************************************
ComboFix 09-03-06.02 - Matt 2009-03-09 17:30:26.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.538 [GMT -5:00]
Running from: j:\documents and settings\Matt\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.
2009-03-09 16:46 . 2009-03-09 16:46 <DIR> d-------- j:\program files\Trend Micro
2009-03-08 16:34 . 2009-03-08 16:35 <DIR> d-------- j:\program files\Malwarebytes' Anti-Malware
2009-03-08 16:34 . 2009-03-08 16:34 <DIR> d-------- j:\documents and settings\Matt\Application Data\Malwarebytes
2009-03-08 16:34 . 2009-03-08 16:34 <DIR> d-------- j:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-08 16:34 . 2009-02-11 10:19 38,496 --a------ j:\windows\system32\drivers\mbamswissarmy.sys
2009-03-08 16:34 . 2009-02-11 10:19 15,504 --a------ j:\windows\system32\drivers\mbam.sys
2009-03-08 14:32 . 2009-03-08 14:32 <DIR> d-------- j:\program files\SUPERAntiSpyware
2009-03-08 14:32 . 2009-03-08 14:32 <DIR> d-------- j:\documents and settings\Matt\Application Data\SUPERAntiSpyware.com
2009-03-08 14:32 . 2009-03-08 14:32 <DIR> d-------- j:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-08 14:19 . 2009-03-08 14:19 <DIR> d-------- j:\program files\EAGLE-5.4.0
2009-03-08 14:19 . 2009-03-08 14:19 <DIR> d-------- j:\documents and settings\Matt\Application Data\CadSoft
2009-03-07 15:51 . 2009-03-08 20:38 <DIR> d--hs---- J:\Renamed for testingConfigDotMsi
2009-03-07 15:49 . 2009-03-07 15:49 <DIR> d-------- j:\documents and settings\All Users\Application Data\ScanSoft
2009-03-07 15:33 . 2009-03-07 15:55 <DIR> d-------- j:\documents and settings\All Users\Application Data\NeatReceipts Professional
2009-03-07 15:21 . 2009-03-07 15:55 <DIR> d-------- j:\program files\NeatReceipts Professional
2009-03-07 15:21 . 2009-03-07 15:53 <DIR> d-------- j:\program files\Common Files\NeatReceipts
2009-03-03 14:20 . 2009-03-03 14:20 <DIR> d-------- j:\documents and settings\Matt\Application Data\Intuit
2009-03-03 14:20 . 2009-03-03 14:20 <DIR> d-------- j:\documents and settings\All Users\Application Data\Intuit
2009-03-03 14:20 . 2009-03-04 13:39 31 --a------ j:\windows\QUICKEN.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 22:24 --------- d-----w j:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-08 19:32 --------- d-----w j:\documents and settings\Matt\Application Data\Skype
2009-03-08 19:31 --------- d-----w j:\program files\Common Files\Wise Installation Wizard
2009-03-08 19:31 --------- d-----w j:\documents and settings\Matt\Application Data\uTorrent
2009-03-08 19:16 --------- d-----w j:\program files\EAGLE-4.16r2
2009-03-08 19:15 --------- d-----w j:\program files\CCleaner
2009-03-08 13:04 --------- d-----w j:\documents and settings\Matt\Application Data\skypePM
2009-03-07 20:31 --------- d-----w j:\program files\Microsoft SQL Server
2009-03-07 20:18 --------- d--h--r j:\documents and settings\Matt\Application Data\Microchip
2009-03-05 04:48 --------- d-----w j:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-03 19:21 --------- d--h--w j:\program files\InstallShield Installation Information
2009-03-02 17:25 --------- d-----w j:\documents and settings\Matt\Application Data\FileZilla
2009-01-20 17:58 --------- d-----w j:\documents and settings\Matt\Application Data\Vso
2009-01-13 00:14 --------- d-----w j:\program files\Common Files\Skype
2009-01-09 02:46 --------- d-----w j:\program files\Microsoft ActiveSync
2009-01-09 02:46 --------- d-----w j:\program files\Common Files\Symantec Shared
2009-01-09 02:41 --------- d-----w j:\documents and settings\Matt\Application Data\Ahead
2008-12-20 23:15 826,368 ----a-w j:\windows\system32\wininet.dll
2008-09-26 02:19 479,232 --sha-w j:\documents and settings\Matt\Rename_css.exe
2008-03-19 01:18 47,360 ----a-w j:\documents and settings\Matt\Application Data\pcouffin.sys
2008-04-18 15:56 118,784 ----a-w j:\program files\mozilla firefox\plugins\MyCamera.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-03-09_10.04.40.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-09 17:26:36 16,384 ------w j:\windows\Temp\Perflib_Perfdata_104.dat
+ 2009-03-09 17:26:53 16,384 ------w j:\windows\Temp\Perflib_Perfdata_258.dat
+ 2009-03-09 17:26:46 16,384 ------w j:\windows\Temp\Perflib_Perfdata_bc0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="j:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="j:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SUPERAntiSpyware"="j:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerMate"="j:\program files\Griffin Technology\PowerMate\PowerMate.exe" [2004-03-23 73728]
"Adobe Reader Speed Launcher"="j:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Lexmark 3100 Series"="j:\program files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-03 106496]
"LXBRKsk"="j:\progra~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 294912]
"NvCplDaemon"="j:\windows\system32\NvCpl.dll" [2006-04-05 7561216]
"000000af"="j:\windows\system32\idihdrog.dll" [BU]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 j:\windows\system32\P0620Pin.dll]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 j:\windows\RTHDCPL.exe]
j:\documents and settings\Nikki\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - j:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
j:\documents and settings\All Users\Start Menu\Programs\Startup\
SATARaid.lnk - j:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2008-03-09 1019961]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "j:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 j:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcArSMd]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUlmKeB]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=dkdklc.dll qmukun.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
[HKLM\~\startupfolder\J:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=j:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=j:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\J:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=j:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=j:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 j:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-07-18 18:55 451872 j:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 j:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 j:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 15:31 21633320 j:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 j:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 00:56 110592 j:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2007-08-03 00:22 1826816 j:\windows\SkyTel.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="j:\program files\Microsoft ActiveSync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Css"=j:\documents and settings\Matt\css.exe
"Norton Ghost 14.0"="j:\program files\Norton Ghost\Agent\VProTray.exe"
"GrooveMonitor"="j:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"iTunesHelper"="j:\program files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=j:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE j:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE j:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"j:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"j:\\WINDOWS\\system32\\LEXPPS.EXE"=
"j:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"j:\\Program Files\\uTorrent\\uTorrent.exe"=
"j:\\WINDOWS\\system32\\fxsclnt.exe"=
"j:\\Program Files\\iTunes\\iTunes.exe"=
"j:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"j:\\Program Files\\Messenger\\msmsgs.exe"=
"j:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"j:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"j:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"j:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"j:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 si3112r;ATI-437A Serial ATA Controller;j:\windows\system32\drivers\SI3112r.sys [2007-10-07 102528]
R0 SiWinAcc;SiWinAcc;j:\windows\system32\drivers\SiWinAcc.sys [2003-10-15 10240]
R1 Ext2fs;Ext2fs;j:\windows\system32\drivers\ext2fs.sys [2008-05-18 179584]
R1 IfsMount;IfsMount;j:\windows\system32\drivers\ifsmount.sys [2008-05-18 49536]
R1 SASDIFSV;SASDIFSV;j:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;j:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;j:\windows\system32\dllhost.exe [2001-08-23 5120]
R3 SASENUM;SASENUM;j:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R3 SymSnapService;SymSnapService;j:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1553896]
S3 BTCOMM;BTCOMM;j:\windows\system32\drivers\Btcomm.sys [2008-01-08 55344]
S3 BTKRNBDG;AmbiCom Bluetooth COM Bridge;j:\windows\system32\drivers\BtKrnBdg.sys [2008-01-08 15908]
S3 usbsnoop;USB Snoopy Filter Driver Service;j:\windows\system32\drivers\USBSnoop.sys [2008-02-13 72588]
S3 usbsnpys;USB Snoopy Driver Exposer Service;j:\windows\system32\drivers\USBSnpys.sys [2008-02-13 92544]
S3 utdrv;utdrv;j:\windows\system32\drivers\utdrv.sys [2008-11-18 12288]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;j:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ad9a9a6-8a72-11dd-9fdf-001d7d0013cf}]
\Shell\AutoRun\command - C:\WDSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"j:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-03-09 j:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- j:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 14:45]
2009-03-09 j:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- j:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-08-14 13:39]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.defaulthomepage.infoIE: E&xport to Microsoft Excel - j:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - j:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\52601g5e.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.com/FF - plugin: j:\program files\Mozilla Firefox\plugins\NPCIG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-09 17:32:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(732)
j:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-09 17:35:19
ComboFix-quarantined-files.txt 2009-03-09 22:35:15
ComboFix2.txt 2009-03-09 15:06:06
Pre-Run: 87,083,667,456 bytes free
Post-Run: 87,060,942,848 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
198 --- E O F --- 2009-02-25 09:00:30
***************************************************************************************************************************
***************************************************************************************************************************