Thread: Blue "Spyware detected on your computer!" desktop
View Single Post
Old 08-20-2008, 07:12 PM   #10 (permalink)
ddelaiarro
Registered User
 
Join Date: Aug 2008
Posts: 11
OS: XP


Re: Blue "Spyware detected on your computer!" desktop
===============
CFScript.txt Log File
===============

ComboFix 08-08-19.06 - dDeLaiarro 2008-08-20 21:03:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2456 [GMT -4:00]
Running from: C:\Documents and Settings\ddelaiarro\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ddelaiarro\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\khmkzlf\DscSrvMsg.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
.

2008-08-20 12:47 . 2008-08-20 12:47 284,876 --a------ C:\WINDOWS\system32\setup.inx
2008-08-20 10:43 . 2004-08-04 09:00 19,456 --a------ C:\WINDOWS\system32\dllcache\agt040d.dll
2008-08-20 10:43 . 2004-08-04 09:00 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2008-08-20 10:43 . 2004-08-04 09:00 5,632 --a------ C:\WINDOWS\system32\dllcache\kbdusa.dll
2008-08-20 10:42 . 2004-08-04 09:00 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2008-08-20 10:42 . 2004-08-04 09:00 6,144 --a------ C:\WINDOWS\system32\dllcache\ftlx041e.dll
2008-08-14 12:01 . 2008-08-14 12:01 276 --a------ C:\WINDOWS\system32\MRT.INI
2008-08-13 17:05 . 2008-08-14 12:02 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-13 14:53 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 11:23 . 2008-08-13 11:23 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-08-13 11:23 . 2008-08-13 11:23 <DIR> d-------- C:\Program Files\Common Files\Kaspersky Lab
2008-08-13 11:23 . 2008-08-13 11:23 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-08-12 20:28 . 2008-08-12 20:37 <DIR> dr-h----- C:\$VAULT$.AVG
2008-08-12 19:00 . 2008-08-12 19:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 19:00 . 2008-08-12 19:00 <DIR> d-------- C:\Documents and Settings\ddelaiarro\Application Data\Malwarebytes
2008-08-12 19:00 . 2008-08-12 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 19:00 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 19:00 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-11 23:49 . 2008-08-11 23:49 <DIR> d-------- C:\ie-spyad_zo
2008-08-11 23:44 . 2008-08-11 23:46 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-11 23:37 . 2008-08-11 23:37 <DIR> d-------- C:\Program Files\Panda Security
2008-08-11 23:37 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-11 23:22 . 2008-08-11 23:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-11 22:53 . 2008-08-11 22:53 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-11 22:24 . 2008-08-14 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\qhmxoxkh
2008-08-11 21:43 . 2008-08-20 21:04 <DIR> d-------- C:\Program Files\khmkzlf
2008-08-11 21:42 . 2008-08-11 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\knmtknoh
2008-08-05 11:07 . 2008-08-05 11:07 <DIR> d-------- C:\Program Files\OutSync
2008-08-02 12:05 . 2008-08-02 12:05 <DIR> d-------- C:\Program Files\iTunes
2008-08-02 12:05 . 2008-08-02 12:05 <DIR> d-------- C:\Program Files\iPod
2008-08-02 12:03 . 2008-08-02 12:04 <DIR> d-------- C:\Program Files\QuickTime
2008-08-02 11:59 . 2008-08-02 11:59 <DIR> d-------- C:\Program Files\Safari
2008-07-23 15:55 . 2008-07-23 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Actify
2008-07-23 15:53 . 2008-07-23 15:54 <DIR> d-------- C:\Program Files\Actify

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 00:56 --------- d-----w C:\Documents and Settings\ddelaiarro\Application Data\IM
2008-08-20 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-20 12:24 --------- d-----w C:\Documents and Settings\ddelaiarro\Application Data\SolidWorks
2008-08-13 15:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-13 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-12 17:30 --------- d-----w C:\Documents and Settings\ddelaiarro\Application Data\AVG7
2008-08-12 03:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-05 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-02 17:12 --------- d-----w C:\Documents and Settings\ddelaiarro\Application Data\Apple Computer
2008-08-02 13:41 --------- d-----w C:\Program Files\Google
2008-07-25 17:58 --------- d-----w C:\Program Files\Java
2008-07-16 20:12 --------- d-----w C:\Program Files\FreeMind
2008-07-15 20:15 --------- d-----w C:\Program Files\SolidWorks
2008-07-15 20:15 --------- d-----w C:\Program Files\Common Files\SolidWorks Shared
2008-07-15 20:13 --------- d-----w C:\Program Files\DWGeditor
2008-07-15 20:12 --------- d-----w C:\Program Files\Common Files\eDrawings2008
2008-07-15 20:09 --------- d-----w C:\Program Files\AGEIA Technologies
2008-07-15 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidWorks
2008-07-15 12:19 --------- d-----w C:\Program Files\Common Files\SolidWorks Installation Manager
2008-07-15 12:06 --------- d-----w C:\Program Files\Samurize
2008-07-11 13:09 --------- d-----w C:\Program Files\Microsoft Money 2007
2008-07-11 12:29 --------- d-----w C:\Program Files\WD
2008-07-11 12:29 --------- d-----w C:\Program Files\Common Files\eSellerate
2008-07-11 12:29 --------- d-----w C:\Documents and Settings\ddelaiarro\Application Data\WD
2008-07-11 12:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\MemeoCommon
2008-07-11 12:24 --------- d-----w C:\Program Files\Microsoft Money
2008-07-11 12:15 --------- d-----w C:\Documents and Settings\ddelaiarro\Application Data\GetRightToGo
2008-07-10 23:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Memeo
2008-07-10 23:06 --------- d-----w C:\Program Files\Western Digital Technologies
2008-07-10 23:05 --------- d-----w C:\Program Files\Western Digital
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-02 17:34 --------- d-----w C:\Program Files\Defraggler
2008-07-02 17:33 --------- d-----w C:\Program Files\CCleaner
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:57 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\All Users\Application Data\knmtknoh ----


---- Directory of C:\Documents and Settings\All Users\Application Data\qhmxoxkh ----


---- Directory of C:\Program Files\khmkzlf ----

2008-08-11 21:43 126976 --a------ C:\Program Files\khmkzlf\DscSrvMsg.dll


((((((((((((((((((((((((((((( snapshot@2008-08-20_ 8.05.52.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-13 15:24:00 49,152 ----a-r C:\WINDOWS\Installer\{7C72AAB5-8A7D-4882-950C-A1F26A949DA3}\ARPPRODUCTICON.exe
+ 2008-08-20 16:47:44 49,152 ----a-r C:\WINDOWS\Installer\{7C72AAB5-8A7D-4882-950C-A1F26A949DA3}\ARPPRODUCTICON.exe
+ 2004-08-04 13:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0401.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbda1.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbda2.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbda3.dll
+ 2004-08-04 13:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\kbdarme.dll
+ 2004-08-04 13:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\kbdarmw.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbddiv1.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbddiv2.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdfa.dll
+ 2004-08-04 13:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\kbdgeo.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdheb.dll
+ 2004-08-04 13:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdinbe1.dll
+ 2004-08-04 13:00:00 6,656 ----a-w C:\WINDOWS\system32\dllcache\kbdinben.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdindev.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinguj.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinhin.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinkan.dll
+ 2004-08-04 13:00:00 6,656 ----a-w C:\WINDOWS\system32\dllcache\kbdinmal.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinmar.dll
+ 2004-08-04 13:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdinpun.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdintam.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdintel.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdsyr1.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdsyr2.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdth0.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdth1.dll
+ 2004-08-04 13:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdth2.dll
+ 2004-08-04 13:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdth3.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdurdu.dll
+ 2004-08-04 13:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdvntc.dll
+ 2004-08-04 13:00:00 185,344 ----a-w C:\WINDOWS\system32\dllcache\thawbrkr.dll
- 2008-07-15 20:28:20 410,288 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-08-20 14:47:31 337,056 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-08-04 08:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdinbe1.dll
+ 2004-08-04 13:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdinbe1.dll
- 2004-08-04 08:00:00 6,656 ----a-w C:\WINDOWS\system32\kbdinben.dll
+ 2004-08-04 13:00:00 6,656 ----a-w C:\WINDOWS\system32\kbdinben.dll
- 2004-08-04 08:00:00 6,656 ----a-w C:\WINDOWS\system32\kbdinmal.dll
+ 2004-08-04 13:00:00 6,656 ----a-w C:\WINDOWS\system32\kbdinmal.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 17:26 484904]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-25 08:07 8429568]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-25 08:07 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 12:36 872448]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 19:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 09:36 827392]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 13:12 17920]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 20:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 21:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-09 15:23 697976]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 10:52 57344]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 09:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 09:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 09:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 09:00 455168]
"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 14:28 124928]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 11:00 192512]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22 3739648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30 45632]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SolidWorks_CheckForUpdates"="C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-06-14 04:55 6862104]
"WD Drive Manager"="C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 04:50 438272]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]
"nwiz"="nwiz.exe" [2007-05-25 08:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2007-07-06 08:46 177152 C:\WINDOWS\system32\mqrt.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

C:\Documents and Settings\mvanflorcke\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe [2008-06-13 23:54:30 488728]

C:\Documents and Settings\ddelaiarro\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe [2008-06-13 23:54:30 488728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-03-14 22:08:19 192512]
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-05-27 12:48:52 542192]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-17 10:07:28 125624]
WD Anywhere Backup Launcher.lnk - C:\WINDOWS\Installer\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2008-07-11 08:29:15 9662]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 12:19 49152 C:\WINDOWS\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4183542209-2861882432-1107640191-6138\Scripts\Logon\0\0]
"Script"=\\tactronics.com\SysVol\tactronics.com\scripts\Map.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4183542209-2861882432-1107640191-6189\Scripts\Logon\0\0]
"Script"=\\tactronics.com\SysVol\tactronics.com\scripts\Map.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"15000:UDP"= 15000:UDP:Kaspersky Administration Kit

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-04-26 23:23]
R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys [2006-10-09 17:31]
R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys [2007-03-29 20:54]
R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-04-26 23:23]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:00]
R2 HpFkCryptService;Drive Encryption Service;c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-27 14:58]
R2 klnagent;Kaspersky Network Agent;C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe [2008-03-17 17:19]
R2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007;C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe [2008-06-04 16:23]
R2 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe [2008-06-04 16:23]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 04:52]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 16:13]
R3 rismc32;RICOH Smart Card Reader;C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-19 21:08]
S3 DAMDrv;DAMDrv;C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-04-23 17:13]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\WINDOWS\system32\flcdlock.exe [2007-04-30 12:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a793d6a0-4ed4-11dd-8002-001f3b32b7cb}]
\Shell\AutoRun\command - F:\wd_windows_tools\WDEULA.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-08-20 C:\WINDOWS\Tasks\2008 AL East Season.job
- C:\Data Files\docs\Personal\Sports\MLB\2008 MLB Season\2008 AL East Season.xlsx [2008-08-20 10:44]

2008-08-15 C:\WINDOWS\Tasks\Accomplishments.job
- C:\Data Files\docs\Tactronics\Accomplishments.doc [2008-08-15 17:31]

2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-20 C:\WINDOWS\Tasks\Junkdrawer_janitor.job
- C:\Data Files\scripts\Junkdrawer_janitor.vbs [2007-11-20 23:52]

2008-08-20 C:\WINDOWS\Tasks\Mozilla Firefox.job
- C:\PROGRA~1\MOZILL~1\firefox.exe [2008-07-17 16:46]

2008-08-20 C:\WINDOWS\Tasks\Personal_email-file-backups.job
- C:\blat262\full\Personal_email-file-backups.bat [2008-03-29 10:54]

2008-08-20 C:\WINDOWS\Tasks\Personal_Fitness_email-file-backups.job
- C:\blat262\full\Personal_Fitness_email-file-backups.bat [2008-03-29 10:54]

2008-08-20 C:\WINDOWS\Tasks\Personal_Sports_email-file-backups.job
- C:\blat262\full\Personal_Sports_email-file-backups.bat [2008-03-29 10:54]

2008-08-20 C:\WINDOWS\Tasks\Personal_Timesheets_email-file-backups.job
- C:\blat262\full\Personal_Timesheets_email-file-backups.bat [2008-03-29 10:54]

2008-08-20 C:\WINDOWS\Tasks\Personal_Visio_Files_email-file-backups.job
- C:\blat262\full\Personal_Visio_Files_email-file-backups.bat [2008-03-29 10:54]

2008-08-20 C:\WINDOWS\Tasks\Projects_archive.job
- C:\Data Files\scripts\Projects_archive.bat [2007-11-20 23:46]

2008-08-20 C:\WINDOWS\Tasks\Projects_janitor.job
- C:\Data Files\scripts\Projects_janitor.vbs [2008-03-24 16:31]

2008-08-20 C:\WINDOWS\Tasks\Sports_archive.job
- C:\Data Files\scripts\Sports_archive.bat [2007-11-20 23:53]

2008-08-20 C:\WINDOWS\Tasks\Sports_janitor.job
- C:\Data Files\scripts\Sports_janitor.vbs [2007-11-20 23:54]

2008-08-15 C:\WINDOWS\Tasks\Water Temp.job
- C:\Data Files\docs\Personal\MS Excel Files\Water Temp.xls [2008-08-15 17:40]

2008-08-20 C:\WINDOWS\Tasks\WeightLogger.job
- C:\Data Files\scripts\WeightLogger.vbs [2008-01-30 11:57]

2008-08-20 C:\WINDOWS\Tasks\Work_5382_file-backups.job
- C:\blat262\full\Work_5382_file-backups.bat [2008-03-29 11:30]

2008-08-20 C:\WINDOWS\Tasks\Work_5390_file-backups.job
- C:\blat262\full\Work_5390_file-backups.bat [2008-03-29 11:37]

2008-08-20 C:\WINDOWS\Tasks\Work_5429-file-backups.job
- C:\blat262\full\Work_5429-file-backups.bat [2008-03-29 10:55]

2008-08-20 C:\WINDOWS\Tasks\Work_Misc-file-backups.job
- C:\blat262\full\Work_Misc-file-backups.bat [2008-03-29 10:55]

2008-08-20 C:\WINDOWS\Tasks\Work_TCx_file-backups.job
- C:\blat262\full\Work_TCx_file-backups.bat [2008-03-29 10:55]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 2146
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-20 21:07:59
ComboFix-quarantined-files.txt 2008-08-21 01:07:45
ComboFix2.txt 2008-08-20 1211

Pre-Run: 53,711,810,560 bytes free
Post-Run: 53,724,639,232 bytes free

311 --- E O F --- 2008-08-14 16:02:08
ddelaiarro is offline