Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3326.2948 [GMT -4:00]
Running from: c:\documents and settings\Milan\Desktop\Combo-Fix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\quadraserv.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxtxinardd.dll
c:\windows\system32\tmp.reg
c:\windows\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_QUADRASERV.SYS
-------\Legacy_QUADRASERV.SYS
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.
2009-03-08 16:30 . 2009-03-08 17:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-08 16:30 . 2009-03-08 16:30 <DIR> d-------- c:\documents and settings\Milan\Application Data\Malwarebytes
2009-03-08 16:30 . 2009-03-08 16:30 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-03-08 16:30 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-08 16:30 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-08 01:13 . 2009-03-08 01:13 <DIR> d-------- c:\program files\Trend Micro
2009-03-07 00:30 . 2009-03-08 00:13 <DIR> d-------- C:\spywarebegone
2009-03-07 00:30 . 2009-03-07 00:29 737,280 --a------ c:\windows\iun6002.exe
2009-03-07 00:30 . 2009-03-07 00:30 170 --a------ c:\windows\spywarebegone-fullversion-installed.html
2009-02-25 23:55 . 2009-02-25 23:55 <DIR> d-------- c:\windows\Cache
2009-02-25 23:55 . 2009-02-25 23:55 <DIR> d-------- c:\program files\Coupons
2009-02-25 23:55 . 2009-02-25 23:55 202,072 -ra------ c:\windows\system32\cpnprt2.cid
2009-02-20 14:30 . 2009-02-20 14:30 <DIR> d-------- c:\documents and settings\Milan\Application Data\HP
2009-02-20 14:28 . 2009-02-20 14:28 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\HPSSUPPLY
2009-02-20 14:27 . 2009-03-08 17:14 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\HP
2009-02-20 14:26 . 2009-02-20 14:26 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-02-20 14:25 . 2009-02-20 14:25 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Hewlett-Packard
2009-02-20 14:25 . 2007-10-25 11:38 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2009-02-20 14:25 . 2007-10-25 11:38 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2009-02-20 14:24 . 2007-10-25 11:38 675,840 -ra------ c:\windows\system32\hpowiax4.dll
2009-02-20 14:24 . 2007-10-25 11:38 569,344 -ra------ c:\windows\system32\hpotscl4.dll
2009-02-20 14:24 . 2007-10-25 11:38 364,544 -ra------ c:\windows\system32\hppldcoi.dll
2009-02-20 14:24 . 2007-10-25 11:38 309,760 -ra------ c:\windows\system32\difxapi.dll
2009-02-20 14:24 . 2007-10-25 11:38 294,912 -ra------ c:\windows\system32\hpovst11.dll
2009-02-20 14:24 . 2007-10-25 11:35 258,048 -ra------ c:\windows\system32\hpzids01.dll
2009-02-20 14:24 . 2007-10-29 18:14 117,760 --a------ c:\windows\system32\hpzll4xl.dll
2009-02-20 14:24 . 2007-10-25 11:38 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2009-02-20 14:22 . 2009-02-20 14:22 <DIR> d-------- c:\windows\zhenghe2
2009-02-20 14:22 . 2009-03-09 16:40 <DIR> d-------- c:\program files\HP
2009-02-20 14:20 . 2009-02-20 14:10 144,011 --------- c:\windows\hpwins16.dat.temp
2009-02-20 14:20 . 2007-10-24 23:00 1,162 --------- c:\windows\hpwmdl16.dat.temp
2009-02-20 14:10 . 2009-02-20 14:10 <DIR> d-------- C:\a95b406f714086ff71e7
2009-02-19 18:51 . 2009-02-19 18:51 25 --a------ c:\windows\cdplayer.ini
2009-02-19 08:26 . 2009-02-19 08:26 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-19 08:26 . 2009-02-19 08:26 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-18 18:56 . 2009-02-18 18:57 <DIR> d-------- c:\documents and settings\Milan\Application Data\Roxio
2009-02-18 17:36 . 2009-02-18 17:37 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-02-18 16:03 . 2009-02-18 16:03 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\InstallShield
2009-02-18 16:02 . 2009-02-18 16:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Sonic
2009-02-18 16:00 . 2006-07-21 12:21 99,176 --a------ c:\windows\system32\drivers\DRVMCDB.SYS
2009-02-18 16:00 . 2006-08-18 14:17 92,920 --a------ c:\windows\DLA.EXE
2009-02-18 16:00 . 2006-08-18 14:17 56,056 --a------ c:\windows\system32\DLAAPI_W.DLL
2009-02-18 16:00 . 2006-08-11 12:05 51,768 --a------ c:\windows\system32\drivers\DRVNDDM.SYS
2009-02-18 16:00 . 2006-08-11 11:35 28,184 --a------ c:\windows\system32\drivers\DLARTL_M.SYS
2009-02-18 16:00 . 2006-08-11 11:35 12,920 --a------ c:\windows\system32\drivers\DLACDBHM.SYS
2009-02-18 16:00 . 2009-02-18 16:07 166 --a------ c:\windows\wininit.ini
2009-02-18 11:56 . 2009-02-18 11:56 400,569,600 --a------ c:\windows\system32\xa3963906.exe
2009-02-18 11:56 . 2009-02-18 11:56 400,569,600 --a------ c:\windows\system32\xa3932828.exe
2009-02-18 11:43 . 2009-02-18 11:43 400,569,600 --a------ c:\windows\system32\xa3198234.exe
2009-02-18 11:43 . 2009-02-18 11:43 400,569,600 --a------ c:\windows\system32\xa3165953.exe
2009-02-18 11:32 . 2009-02-18 13:28 <DIR> d-------- c:\program files\Nero 9
2009-02-18 11:28 . 2009-02-18 11:28 400,569,600 --a------ c:\windows\system32\xa2257796.exe
2009-02-18 11:27 . 2009-02-18 11:28 400,569,600 --a------ c:\windows\system32\xa2222406.exe
2009-02-17 23:34 . 2009-02-17 23:34 400,569,600 --a------ c:\windows\system32\xa844265.exe
2009-02-17 23:34 . 2009-02-17 23:34 400,569,600 --a------ c:\windows\system32\xa805437.exe
2009-02-17 23:25 . 2009-02-17 23:25 400,569,600 --a------ c:\windows\system32\xa287484.exe
2009-02-17 23:24 . 2009-02-17 23:25 400,569,600 --a------ c:\windows\system32\xa247468.exe
2009-02-17 23:10 . 2009-02-17 23:10 400,569,600 --a------ c:\windows\system32\xa56818296.exe
2009-02-17 23:08 . 2009-02-17 23:10 400,569,600 --a------ c:\windows\system32\xa56668609.exe
2009-02-13 22:01 . 2009-02-13 22:01 376 --a------ c:\windows\ODBC.INI
2009-02-13 20:03 . 2009-02-13 20:03 344,064 --a------ C:\dfggdft.exe
2009-02-13 00:12 . 2009-02-13 00:12 400,569,600 --a------ c:\windows\system32\xa103680593.exe
2009-02-13 00:11 . 2009-02-13 00:12 400,569,600 --a------ c:\windows\system32\xa103643125.exe
2009-02-12 21:51 . 2009-02-12 21:54 <DIR> d-------- c:\documents and settings\Milan\Application Data\vlc
2009-02-12 21:48 . 2009-02-12 21:48 <DIR> d-------- c:\program files\VideoLAN
2009-02-12 21:10 . 2009-02-12 21:10 400,569,600 --a------ c:\windows\system32\xa92755890.exe
2009-02-12 21:09 . 2009-02-12 21:10 400,569,600 --a------ c:\windows\system32\xa92717984.exe
2009-02-11 22:57 . 2009-02-11 22:57 400,569,600 --a------ c:\windows\system32\xa12831265.exe
2009-02-11 22:57 . 2009-02-11 22:57 400,569,600 --a------ c:\windows\system32\xa12810187.exe
2009-02-11 22:41 . 2009-02-11 22:41 400,569,600 --a------ c:\windows\system32\xa11863468.exe
2009-02-11 22:40 . 2009-02-11 22:40 400,569,600 --a------ c:\windows\system32\xa11773843.exe
2009-02-11 22:39 . 2009-02-11 22:41 400,569,600 --a------ c:\windows\system32\xa11694703.exe
2009-02-11 22:37 . 2009-02-11 22:40 400,569,600 --a------ c:\windows\system32\xa11598328.exe
2009-02-11 22:37 . 2009-02-11 22:37 400,569,600 --a------ c:\windows\system32\xa11581765.exe
2009-02-11 22:37 . 2009-02-11 22:36 400,569,600 --a------ c:\windows\system32\xa11573828.exe
2009-02-11 22:36 . 2009-02-11 22:37 400,569,600 --a------ c:\windows\system32\xa11542468.exe
2009-02-11 22:36 . 2009-02-11 22:36 400,569,600 --a------ c:\windows\system32\xa11541687.exe
2009-02-11 22:03 . 2009-02-11 22:03 400,569,600 --a------ c:\windows\system32\xa9587968.exe
2009-02-11 22:03 . 2009-02-11 22:03 400,569,600 --a------ c:\windows\system32\xa9577062.exe
2009-02-11 21:49 . 2009-02-11 21:49 400,569,600 --a------ c:\windows\system32\xa8752765.exe
2009-02-11 21:49 . 2009-02-11 21:49 400,569,600 --a------ c:\windows\system32\xa8728687.exe
2009-02-11 21:48 . 2009-02-11 21:48 400,569,600 --a------ c:\windows\system32\xa8674671.exe
2009-02-11 21:48 . 2009-02-11 21:48 400,569,600 --a------ c:\windows\system32\xa8662000.exe
2009-02-11 21:15 . 2009-02-11 21:15 400,569,600 --a------ c:\windows\system32\xa6674828.exe
2009-02-11 21:15 . 2009-02-11 21:15 400,569,600 --a------ c:\windows\system32\xa6661171.exe
2009-02-11 18:53 . 2009-02-16 23:12 <DIR> d-------- c:\documents and settings\Milan\Application Data\Tunebite
2009-02-11 17:39 . 2009-02-11 17:39 <DIR> d-------- c:\program files\PixiePack Codec Pack
2009-02-11 17:37 . 2009-02-11 17:37 <DIR> d-------- c:\program files\RapidSolution
2009-02-11 17:37 . 2009-02-11 19:31 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\RapidSolution
2009-02-11 16:59 . 2009-02-11 17:02 <DIR> d-------- c:\documents and settings\Milan\Application Data\Media Player Classic
2009-02-11 16:50 . 2009-02-11 16:50 <DIR> d-------- C:\AgoodOutput
2009-02-11 16:48 . 2009-02-11 17:15 <DIR> d-------- c:\program files\Agood All to AVI MPEG WMV MOV DVD Converter Free
2009-02-11 16:48 . 2009-02-11 16:48 34 --ah----- c:\windows\system32\Converter_sysquict.dat
2009-02-10 17:59 . 2009-02-10 17:59 <DIR> d-------- c:\documents and settings\Milan\Application Data\NeroDigital(TM)
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 22:19 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2009-03-10 22:19 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2009-03-10 22:19 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2009-03-10 22:19 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2009-03-10 22:19 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2009-03-10 22:19 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2009-03-10 22:19 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2009-03-10 22:19 104,980 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2009-03-10 12:35 --------- d-----w c:\documents and settings\Milan\Application Data\CallingID
2009-03-06 01:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-02-19 12:26 --------- d-----w c:\program files\Java
2009-02-18 21:36 --------- d-----w c:\program files\NOS
2009-02-18 20:02 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-02-18 20:01 --------- d-----w c:\program files\Common Files\SureThing Shared
2009-02-18 16:04 241,665 ---ha-w c:\windows\Cursors\NOGOOD.exe
2009-02-17 02:54 --------- d-----w c:\program files\DVD Shrink
2009-02-15 00:28 --------- d-----w c:\program files\uTorrent
2009-02-14 04:58 --------- d-----w c:\documents and settings\Milan\Application Data\uTorrent
2009-02-12 03:07 --------- d-----w c:\program files\Nero
2009-02-09 17:56 --------- d-----w c:\documents and settings\Milan\Application Data\GlarySoft
2009-02-09 17:53 --------- d-----w c:\program files\Glary Utilities
2009-02-09 17:12 --------- d-----w c:\documents and settings\Milan\Application Data\Uniblue
2009-02-09 02:09 --------- d-----w c:\documents and settings\Milan\Application Data\Nero
2009-02-09 00:57 --------- d-----w c:\program files\Common Files\Nero
2009-02-09 00:52 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-09 00:36 --------- d-----w c:\program files\Windows Sidebar
2009-02-09 00:29 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Nero
2009-02-09 00:26 --------- d-----w c:\documents and settings\Milan\Application Data\Winamp
2009-02-09 00:19 --------- d-----w c:\program files\Common Files\Adobe
2009-02-09 00:11 --------- d-----w c:\program files\Winamp
2009-02-08 23:18 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2009-02-08 22:51 --------- d-----w c:\program files\Common Files\AVSMedia
2009-02-08 22:49 --------- d-----w c:\documents and settings\Milan\Application Data\AVS4YOU
2009-02-08 22:48 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AVS4YOU
2009-02-08 03:49 --------- d-----w c:\documents and settings\Milan\Application Data\CyberLink
2009-02-08 03:44 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\CyberLink
2009-02-08 03:08 --------- d-----w c:\program files\MSI
2009-02-08 03:07 --------- d-----w c:\documents and settings\Milan\Application Data\InterTrust
2009-02-08 02:54 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 02:53 --------- d-----w c:\program files\CyberLink
2009-02-08 02:50 --------- d-----w c:\program files\Lexmark X5100 Series
2009-02-08 02:48 --------- d-----w c:\program files\ABBYY FineReader 5.0 Sprint
2009-02-08 02:47 --------- d-----w c:\program files\FaxTools
2009-02-08 02:47 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\BVRP Software
2009-02-08 01:56 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2009-02-08 00:59 --------- d-----w c:\program files\LIVEUPDATE
2009-02-08 00:54 --------- d-----w c:\program files\AMT
2009-02-07 22:34 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-02-07 22:02 315,392 ----a-w c:\windows\HideWin.exe
2009-02-07 22:02 --------- d-----w c:\program files\Realtek
2009-02-07 21:44 880,560 ----a-w c:\windows\system32\drivers\vetefile.sys
2009-02-07 21:44 108,368 ----a-w c:\windows\system32\drivers\veteboot.sys
2009-02-07 21:44 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\CA
2009-02-07 21:42 --------- d-----w c:\program files\Common Files\Scanner
2009-02-07 21:38 --------- d-----w c:\documents and settings\Milan\Application Data\GetRightToGo
2009-02-07 21:22 --------- d-----w c:\program files\Intel
2009-02-07 21:07 --------- d-----w c:\program files\Dell
2009-02-07 18:43 --------- d-----w c:\program files\Google
2009-02-07 06:30 --------- d-----w c:\documents and settings\Milan Knezevic\Application Data\GetRightToGo
2009-02-07 06:02 --------- d-----w c:\documents and settings\Milan Knezevic\Application Data\AVGTOOLBAR
2009-02-07 03:27 --------- d-----w c:\documents and settings\Milan Knezevic\Application Data\uTorrent
2009-02-07 02:46 23,040 ----a-w C:\xxweksc.exe
2009-02-07 02:46 22,016 ----a-w C:\wskrote.exe
2009-02-07 02:46 22,016 ----a-w C:\jwfmld.exe
2009-02-06 01:25 --------- d-----w c:\program files\AOL Toolbar
2009-02-04 05:20 --------- d-----w c:\documents and settings\Milan Knezevic\Application Data\mIRC
2009-02-04 04:48 --------- d-----w c:\program files\mIRC
2009-02-04 04:33 --------- d-----w c:\program files\Common Files\xing shared
2009-02-04 04:33 --------- d-----w c:\program files\Common Files\Real
2009-02-04 00:33 --------- d-----w c:\program files\Microsoft.NET
2009-01-26 02:40 --------- d-----w c:\documents and settings\Milan Knezevic\Application Data\NCH Software
2009-01-25 06:38 --------- d-----w c:\program files\Video Convert Master
2009-01-25 03:38 --------- d-----w c:\documents and settings\Milan Knezevic\Application Data\Apple Computer
2009-01-17 03:30 --------- d-----w c:\program files\DivX
2009-01-12 05:16 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-19 03:48 86,016 ----a-w c:\documents and settings\Milan Knezevic\Application Data\ezpinst.exe
2008-12-19 03:48 47,360 ----a-w c:\documents and settings\Milan Knezevic\Application Data\pcouffin.sys
2008-10-26 00:13 36,296 ----a-w c:\documents and settings\Milan Knezevic\Application Data\GDIPFONTCACHEV1.DAT
2008-07-19 17:56 61,224 ----a-w c:\documents and settings\Milan Knezevic\GoToAssistDownloadHelper.exe
2008-03-27 23:57 578 ----a-w c:\documents and settings\Milan Knezevic\Application Data\wklnhst.dat
2004-08-04 10:00 360,448 --sh--r c:\windows\system32\iafhch.exe
2004-08-04 10:00 360,448 --sh--r c:\windows\system32\judwpo.exe
2004-08-04 10:00 360,448 --sh--r c:\windows\system32\wzjixo.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Spyware Begone"="c:\spywarebegone\SpywareBeGone.exe" [2008-08-05 1236992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-02-07 181488]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-08-30 234736]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2009-02-07 14088]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-28 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-28 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-28 259312]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 225280]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 c:\windows\RTHDCPL.exe]
"NVCLOCK"="nvclock.dll" [2002-05-14 c:\windows\system32\nvclock.dll]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
c:\documents and settings\Milan Knezevic\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-06-24 41824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-06-23 1373624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 15:30 79368 c:\windows\system32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
--a------ 2003-03-04 08:49 86100 c:\program files\Lexmark X5100 Series\lxbabmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"LexBceS"=2 (0x2)
"stllssvr"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-03-19 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-03-21 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-03-21 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-03-19 115216]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-06-04 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-03-21 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-05-30 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2009-02-07 185584]
R3 VGAUTI;VGAUTI;c:\windows\system32\drivers\vgauti.sys [2009-02-07 37684]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-18 33752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2009-02-08 c:\windows\Tasks\CAAntiSpywareScan_Daily as Milan at 4 42 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2008-08-27 19:44]
2009-03-10 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-18 12:08]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: microsoft.com\download
Trusted Zone: optimum.net\www
Trusted Zone: safer-networking.org\www
Trusted Zone: stopzilla.com\www
FF - ProfilePath - c:\documents and settings\Milan\Application Data\Mozilla\Firefox\Profiles\txtd7tsx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.optimum.net/optonline
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components\CIDDomFx3.dll
FF - plugin: c:\documents and settings\Milan\Application Data\Mozilla\Firefox\Profiles\txtd7tsx.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 18:21:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\windows\system32\rundll32.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
.
**************************************************************************
.
Completion time: 2009-03-10 18:24:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-10 22:24:39
Pre-Run: 104,618,283,008 bytes free
Post-Run: 104,583,753,728 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
341 --- E O F --- 2009-02-26 08:00:32