|
Hi ther these are the logs as per your instructions. Cheers
Generated 09/04/2008 at 08:56 PM
Application Version : 4.20.1046
Core Rules Database Version : 3555
Trace Rules Database Version: 1543
Scan type : Complete Scan
Total Scan Time : 00:35:22
Memory items scanned : 586
Memory threats detected : 0
Registry items scanned : 7909
Registry threats detected : 5
File items scanned : 23148
File threats detected : 6
Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@indextools[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bs.serving-sys[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.euroclick[1].txt
Trojan.DNSChanger-Codec
HKU\S-1-5-21-1452386326-3175920199-1668023844-1008\Software\uninstall
Rogue.PC-Cleaner
HKU\S-1-5-21-1452386326-3175920199-1668023844-1008\Software\mwc
Trojan.FakeAlert/Desktop
HKU\S-1-5-21-1452386326-3175920199-1668023844-1008\CONTROL PANEL\DESKTOP#WALLPAPER
HKU\S-1-5-21-1452386326-3175920199-1668023844-1008\CONTROL PANEL\DESKTOP#ORIGINALWALLPAPER
HKU\S-1-5-21-1452386326-3175920199-1668023844-1008\CONTROL PANEL\DESKTOP#CONVERTEDWALLPAPER
NotHarmful.Sysinternals Bluescreen Screen Saver
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D34137C1-F216-4803-BF12-FAFE117CE9FA}\RP5\A0003368.SCR
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:05 PM, on 4/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\CF24200.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\My Documents\HJT\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q305&bd=presario&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60429R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60429R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {45E1A125-41A3-4253-A5EC-3354A4E7C56D} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\grab.html O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132445527968O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cabO16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{B50CACCD-44EB-4C85-BB85-703EED8E92EC}: NameServer = 192.168.1.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Remote HID Service (LvHidSvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe --
End of file - 16122 bytes
ComboFix 08-09-03.03 - Compaq_Owner 2008-09-04 21:16:39.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1887 [GMT 10:00]
Running from: C:\Documents and Settings\Compaq_Owner\My Documents\ComboFix2.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.
2008-09-04 16:17 . 2008-09-04 16:17 <DIR> d-------- C:\ComboFix1
2008-09-03 21:34 . 2008-09-03 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-03 21:33 . 2008-09-03 21:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-03 21:33 . 2008-09-03 21:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-03 21:33 . 2008-09-03 21:33 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-09-03 21:04 . 2008-09-03 21:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-03 20:59 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-01 21:13 . 2008-09-01 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-09-01 21:13 . 2008-09-01 21:12 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-09-01 21:12 . 2008-09-01 21:13 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-09-01 17:23 . 2008-09-01 17:23 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-09-01 17:17 . 2008-09-01 17:17 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-09-01 17:17 . 2008-09-01 17:17 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-09-01 17:00 . 2008-09-04 21:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-01 16:59 . 2008-09-04 21:21 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-09-01 16:59 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-01 16:59 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-01 16:59 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-01 16:59 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-01 16:31 . 2008-09-01 16:31 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-31 22:01 . 2008-09-04 21:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-31 20:31 . 2008-08-31 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-31 18:48 . 2008-09-04 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ngdghypi
2008-08-31 18:47 . 2008-09-01 05:36 <DIR> d-------- C:\Program Files\SAV
2008-08-31 11:41 . 2008-08-31 11:41 <DIR> d-------- C:\NVIDIA
2008-08-31 11:23 . 2008-08-31 11:29 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-31 11:22 . 2008-08-31 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-31 11:19 . 2008-08-31 11:19 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-08-31 11:16 . 2008-08-31 11:16 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-08-26 20:01 . 2008-08-26 20:01 <DIR> d-------- C:\Softpaq
2008-08-24 22:44 . 2008-08-24 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-08-24 22:39 . 2008-08-24 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-24 19:51 . 2008-08-24 19:51 <DIR> d-------- C:\Program Files\FrRefEng
2008-08-24 19:42 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-24 19:39 . 2008-08-24 19:39 <DIR> d-------- C:\Program Files\MSBuild
2008-08-24 19:31 . 2008-08-24 19:31 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-08-24 19:30 . 2008-08-27 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-24 19:17 . 2003-06-18 16:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-08-24 10:47 . 2008-08-24 10:47 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-24 10:46 . 2008-08-24 10:46 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-08-23 21:12 . 2007-08-28 01:59 124,376 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-08-23 21:08 . 2008-08-23 21:08 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-23 15:48 . 2008-08-23 15:48 <DIR> d-------- C:\Program Files\ESET
2008-08-23 15:48 . 2008-08-23 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-23 14:58 . 2008-08-23 14:58 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-08-23 14:57 . 2008-08-23 14:57 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Logitech
2008-08-23 12:23 . 2008-08-23 12:23 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-08-23 12:23 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-08-23 12:23 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-08-23 12:23 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-08-23 12:23 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-08-23 12:22 . 2008-08-23 12:22 <DIR> d-------- C:\Program Files\Logitech
2008-08-23 12:22 . 2008-08-23 12:22 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\InstallShield
2008-08-23 12:22 . 2008-08-23 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-08-23 12:06 . 2008-08-23 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-08-21 21:26 . 2008-08-21 21:27 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-20 20:16 . 2008-08-20 20:16 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-08-20 20:16 . 2008-08-20 20:20 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-20 20:16 . 2008-08-20 20:20 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-18 13:27 . 2008-08-18 13:27 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-08-18 13:19 . 2008-08-18 13:19 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-08-18 13:18 . 2008-08-18 13:18 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-08-09 19:40 . 2008-08-09 19:40 <DIR> d-------- C:\Program Files\iTunes
2008-08-09 19:40 . 2008-08-09 19:40 <DIR> d-------- C:\Program Files\iPod
2008-08-09 19:36 . 2008-08-09 19:36 <DIR> d-------- C:\Program Files\Bonjour
2008-08-09 19:31 . 2008-08-09 19:31 <DIR> d-------- C:\Program Files\Common Files\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 19:24 3,367,347 ----a-w C:\Program Files\stxp202.exe
2008-09-04 09:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-04 08:43 --------- d-----w C:\Program Files\LimeWire
2008-09-03 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-03 11:03 --------- d-----w C:\Program Files\Ultra PSP Movie Converter
2008-09-02 09:38 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-09-01 09:18 --------- d-----w C:\Program Files\MSN Messenger
2008-09-01 09:18 --------- d-----w C:\Program Files\iMesh Applications
2008-09-01 07:23 --------- d-----w C:\Program Files\Nokia
2008-09-01 07:23 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-01 07:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-08-31 12:05 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-31 11:01 300 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-08-31 10:43 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-31 01:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-29 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-28 13:03 --------- d-----w C:\Program Files\Lx_cats
2008-08-26 10:57 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-08-25 11:35 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Ahead
2008-08-24 12:42 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-24 09:39 --------- d-----w C:\Program Files\Microsoft Works
2008-08-24 09:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-23 11:07 --------- d-----w C:\Program Files\Common Files\Real
2008-08-23 11:06 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-23 08:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-23 07:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-23 05:37 2,004 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-08-22 23:41 --------- d-----w C:\Program Files\D-Link AirPlus
2008-08-22 02:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-20 10:42 29,366 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2008-08-09 09:36 --------- d-----w C:\Program Files\QuickTime
2008-08-09 09:32 --------- d-----w C:\Program Files\Apple Software Update
2008-08-09 06:33 --------- d-----w C:\Program Files\Incomplete
2008-08-02 23:22 --------- d-----w C:\Program Files\Sun
2008-08-02 23:21 --------- d-----w C:\Program Files\Java
2008-08-02 11:17 --------- d-----w C:\Program Files\Google
2008-07-20 10:50 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-20 08:22 --------- d-----w C:\Program Files\AVG
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 12:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 12:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 00:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-16 06:34 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2007-06-13 10:23 25,030 ---h--w C:\Documents and Settings\Compaq_Owner\Application Data\system.dat
2007-01-13 03:05 120,728 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-04-06 09:45 25,359 ----a-w C:\Program Files\quest.jar
2006-03-26 08:33 15,383,040 ----a-w C:\Program Files\Nokia_PC_Suite_67_rel_22_eng.msi
2006-02-11 05:21 476,200 ----a-w C:\Program Files\widgetsau.exe
2006-02-02 09:08 315,624 ----a-w C:\Program Files\dxwebsetup.exe
2006-01-31 09:45 404,992 ----a-w C:\Program Files\Thelargestindoorsnowparkint.pps
2006-01-26 08:45 4,048,984 ----a-w C:\Program Files\LimeWireWin.exe
2006-01-20 22:05 5,361,888 ----a-w C:\Program Files\kerio.exe
2006-01-12 20:57 26,112 ----a-w C:\Program Files\r8.xls
2006-01-05 21:21 628,576 ----a-w C:\Program Files\XviD_Install.exe
2006-01-05 21:19 3,382,528 ----a-w C:\Program Files\pqdvd_palm.pg.exe
2005-12-29 06:49 40,379,141 ----a-w C:\Program Files\Maestro-Win.exe
2005-12-29 06:29 8,441,568 ----a-w C:\Program Files\avinstall.exe
2005-12-12 20:36 22,910,088 ----a-w C:\Program Files\zaSuiteSetup_60_667_000.exe
2005-12-12 01:35 2,871,168 ----a-w C:\Program Files\setuppad.exe
2005-11-25 21:34 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2005-11-25 10:58 2,344,332 ----a-w C:\Program Files\iscreenEC14setup.exe
2005-11-19 23:52 5,591,480 ----a-w C:\Program Files\GameConsole-compaq.exe
2005-11-19 23:41 3,070,432 ----a-w C:\Program Files\Install_Webdriver.exe
2005-11-19 04:30 1,094,021 ----a-w C:\Program Files\dvdshrink32setup1.zip
2005-11-19 04:29 899,414 ----a-w C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
2005-11-19 03:34 11,593,624 ----a-w C:\Program Files\DivXPlay.exe
2005-11-18 21:31 3,636,512 ----a-w C:\Program Files\coolstreaming0.45.exe
2005-11-18 21:30 1,267,186 ----a-w C:\Program Files\Boiling_Point_fedian.exe
2005-11-17 05:52 938,080 ----a-w C:\Program Files\PPLiveSetup.EXE
2005-09-07 20:35 13,399,472 ----a-w C:\Program Files\avg70free_344a618.exe
2005-08-09 00:07 28,672 ----a-w C:\Program Files\Thank You for your Interest in Gasshead.doc
2003-08-16 16:56 579,584 --sha-r C:\WINDOWS\system32\cd.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-23 413775]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-04-20 169984]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-02-13 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-06 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-13 312240]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-23 185896]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-28 8466432]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"nwiz"="nwiz.exe" [2007-08-28 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-07-14 45056]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-08-23 692224]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-05-05 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-09-01 160792]
R2 CX88TS;WinFast BDA Transport Stream Capture (CX2388x);C:\WINDOWS\system32\drivers\cx88ts.sys [2005-06-28 13440]
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 537520]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R3 CXBDATUNE;WinFast CX2388x BDA DVB-T Tuner/Demod;C:\WINDOWS\system32\drivers\cxBDAtun.sys [2005-06-28 21376]
S3 Cap7134;V-Gear Global TV WDM Video Capture;C:\WINDOWS\system32\DRIVERS\TVCap.sys [2004-09-15 299904]
S3 PhTVTune;V-Gear Global TV TVTuner;C:\WINDOWS\system32\DRIVERS\Silicon.sys [2004-03-10 21504]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AB072FA3-300A-7D69-0336-3392B7DFCDF5}]
C:\WINDOWS\MSN\svchost.exe s
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-WebInfoMsg - C:\WINDOWS\system32\halkfapa.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\7xrq9czb.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-04 21:25:45 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
Completion time: 2008-09-04 21:29:04
ComboFix-quarantined-files.txt 2008-09-04 11:28:52
ComboFix2.txt 2008-09-03 20:11:48
Pre-Run: 81,714,851,840 bytes free
Post-Run: 81,710,743,552 bytes free
297 --- E O F --- 2008-08-27 09:21:39
| 
|