ComboFix 08-11-05.02 - ken 2008-11-06 8:05:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.604 [GMT -7:00]
Running from: c:\documents and settings\ken\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ken\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ken\Application Data\inst.exe
c:\windows\admintxt.txt
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\blcwtwtx.ini
c:\windows\system32\jnxqrwsl.ini
c:\windows\system32\lswrqxnj.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\okuunt.dll
c:\windows\system32\oukhbh.dll
c:\windows\system32\pdkektyw.dll
c:\windows\system32\rbaafoer.dll
c:\windows\system32\ucrxxhsj.dll
c:\windows\system32\wbrrghtu.ini
c:\windows\system32\XGMnUvut.ini
c:\windows\system32\XGMnUvut.ini2
.
((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\documents and settings\ken\Application Data\SUPERAntiSpyware.com
2008-11-02 10:17 . 2008-11-02 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-29 15:00 . 2008-10-29 15:00 <DIR> d-------- C:\rsit
2008-10-29 14:38 . 2008-10-29 15:43 250 --a------ c:\windows\gmer.ini
2008-10-29 13:29 . 2008-10-29 14:00 <DIR> d-------- c:\windows\BDOSCAN8
2008-10-29 12:44 . 2008-10-29 13:26 <DIR> d-------- c:\documents and settings\ken\.housecall6.6
2008-10-29 05:35 . 2008-10-29 06:05 596 --a------ C:\register.bat
2008-10-28 14:12 . 2008-10-28 14:12 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-10-28 14:12 . 2008-10-28 14:12 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-10-28 13:59 . 2008-10-28 14:12 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-10-28 13:59 . 2008-10-28 14:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-20 19:39 . 2008-10-20 19:39 <DIR> d-------- c:\documents and settings\ken\Application Data\dvdcss
2008-10-18 11:00 . 2008-10-20 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2008-10-17 14:26 . 2008-10-17 14:26 <DIR> d-------- c:\documents and settings\ken\Application Data\Creative
2008-10-16 11:19 . 2008-10-19 16:13 <DIR> d-------- c:\documents and settings\ken\Application Data\U3
2008-10-16 05:48 . 2008-08-14 02:57 2,185,984 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 05:48 . 2008-08-14 02:55 2,142,720 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 05:48 . 2008-08-14 02:18 2,062,976 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 05:48 . 2008-08-14 02:18 2,020,864 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-12 13:04 . 1999-03-25 23:00 101,888 --a------ c:\windows\system32\Vb6stkit.dll
2008-10-12 13:04 . 2000-07-17 13:41 70,088 --a------ c:\windows\system32\Project2-1.ocx
2008-10-12 13:04 . 2000-03-21 15:37 1,760 --a------ c:\windows\system32\objsafe.tlb
2008-10-12 13:04 . 2000-04-06 14:58 1,453 --a------ c:\windows\system32\Project2.INF
2008-10-12 13:03 . 2008-10-12 13:04 <DIR> d-------- c:\program files\eGames
2008-10-12 12:40 . 2008-10-19 14:10 <DIR> d-------- c:\documents and settings\ken\Application Data\LimeWire
2008-10-12 12:39 . 2008-11-02 09:49 <DIR> d-------- c:\program files\LimeWire
2008-10-12 10:32 . 2008-10-12 10:32 <DIR> d-------- c:\documents and settings\ken\Application Data\vlc
2008-10-12 10:31 . 2008-10-12 10:31 <DIR> d-------- c:\program files\VideoLAN
2008-10-12 10:23 . 2008-10-20 18:24 <DIR> d-------- c:\program files\DVDFab 5
2008-10-12 08:13 . 2008-10-12 08:13 <DIR> d-------- c:\program files\VSO
2008-10-12 08:13 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-10-12 08:13 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-10-12 08:13 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-10-12 08:13 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-10-12 08:13 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-10-12 08:13 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-10-12 08:13 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-10-12 07:16 . 2008-10-29 06:35 <DIR> d-------- c:\documents and settings\ken\Application Data\Vso
2008-10-12 07:16 . 2008-10-12 08:13 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-10-12 07:16 . 2008-10-12 08:13 47,360 --a------ c:\documents and settings\ken\Application Data\pcouffin.sys
2008-10-11 11:46 . 2008-10-11 11:47 <DIR> d-------- c:\documents and settings\ken\Application Data\Smart Panel
2008-10-11 11:46 . 2008-10-11 11:46 29 --a------ c:\windows\DEBUGSM.INI
2008-10-11 11:29 . 2008-10-11 11:29 <DIR> d-------- c:\documents and settings\ken\Application Data\Corel
2008-10-11 11:22 . 2008-10-11 11:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-10-11 11:22 . 2008-10-11 11:22 543 --a------ c:\windows\system32\mapisvc.inf
2008-10-11 11:21 . 2008-10-11 11:21 <DIR> d-------- c:\windows\ShellNew
2008-10-11 11:20 . 2008-10-11 11:22 <DIR> d-------- c:\program files\WordPerfect Office 12
2008-10-11 11:20 . 2008-10-11 11:20 <DIR> d-------- c:\program files\Common Files\Corel
2008-10-11 11:20 . 2008-10-11 11:20 <DIR> d-------- c:\program files\Common Files\Borland Shared
2008-10-11 10:48 . 2008-10-11 10:48 <DIR> d-------- c:\documents and settings\ken\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-11 10:42 . 2008-10-11 10:42 <DIR> d-------- C:\EPSONREG
2008-10-11 10:42 . 2008-10-11 10:42 <DIR> d-------- c:\documents and settings\ken\Application Data\Leadertech
2008-10-11 10:37 . 2004-02-01 00:00 413,696 --a------ c:\windows\system32\PICSDK.dll
2008-10-11 10:37 . 2002-11-14 23:00 45,056 --------- c:\windows\system32\EpPicPrt.dll
2008-10-11 10:37 . 2002-11-14 23:00 45,056 --------- c:\windows\system32\EpPicMgr.dll
2008-10-11 10:37 . 2004-02-01 00:00 29,521 --a------ c:\windows\system32\EPPICPrinterDB.dat
2008-10-11 10:37 . 2004-02-01 00:00 20,910 --a------ c:\windows\system32\EPPICPattern2.dat
2008-10-11 10:37 . 2004-02-01 00:00 20,869 --a------ c:\windows\system32\EPPICPattern1.dat
2008-10-11 10:37 . 2004-02-01 00:00 12,585 --a------ c:\windows\system32\EPPICLocal_EN.cfg
2008-10-11 10:37 . 2004-02-01 00:00 22 --------- c:\windows\system32\PICSDK.ini
2008-10-11 10:36 . 2008-10-11 10:37 <DIR> d-------- c:\program files\Smart Panel
2008-10-11 10:36 . 1999-06-15 10:31 96,768 --a------ c:\windows\SlantAdj.dll
2008-10-11 10:36 . 1999-12-07 01:03 73,216 --a------ c:\windows\ADE.DLL
2008-10-11 10:36 . 1999-04-26 23:17 3,136 --a------ c:\windows\Ade001.bin
2008-10-11 10:36 . 1999-08-09 22:50 72 --------- c:\windows\system32\epDPE.ini
2008-10-11 10:35 . 2004-08-03 21:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-10-11 10:35 . 2004-08-03 21:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-10-11 10:34 . 2008-10-11 10:34 <DIR> d-------- c:\windows\EPSON PhotoStarter Essential
2008-10-11 10:34 . 2008-10-11 10:34 <DIR> d-------- c:\windows\EPSON CardMonitor Essential
2008-10-11 10:34 . 2003-07-02 00:00 131,072 --a------ c:\windows\system32\Epcmlib.dll
2008-10-11 10:34 . 2003-06-30 23:00 46,080 --a------ c:\windows\system32\escimgd.dll
2008-10-11 10:34 . 2003-08-05 23:00 29,184 --a------ c:\windows\system32\escwiadn.dll
2008-10-11 10:34 . 2003-06-30 23:00 22,528 --a------ c:\windows\system32\esccmd.dll
2008-10-11 10:34 . 2008-10-11 10:42 44 --a------ c:\windows\EPCX4600.ini
2008-10-10 12:25 . 2008-10-11 10:37 <DIR> d-------- c:\program files\epson
2008-10-10 11:13 . 2008-10-10 11:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-10-10 11:10 . 2008-10-10 11:58 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-10-10 11:10 . 2008-10-10 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-10-10 11:10 . 2008-04-24 15:52 12,608 --a------ c:\windows\system32\drivers\TfKbMon.sys
2008-10-10 10:59 . 2008-10-10 10:59 <DIR> d-------- c:\program files\uTorrent
2008-10-10 10:59 . 2008-11-03 05:28 <DIR> d-------- c:\documents and settings\ken\Application Data\uTorrent
2008-10-10 10:25 . 2008-10-10 10:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\IM
2008-10-10 10:24 . 2008-10-10 10:25 <DIR> d-------- c:\program files\IncrediMail
2008-10-10 10:24 . 2008-10-10 10:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
2008-10-10 08:08 . 2008-10-10 08:08 <DIR> d-------- c:\windows\Sun
2008-10-10 08:08 . 2008-10-10 08:08 <DIR> d-------- c:\program files\Java
2008-10-10 08:08 . 2008-06-10 01:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-10 08:06 . 2008-10-10 08:06 <DIR> d-------- c:\program files\Common Files\Java
2008-10-10 06:19 . 2004-08-03 22:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-10 06:19 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-10 06:19 . 2004-08-03 22:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-09 15:12 . 1999-10-10 18:00 41,984 --------- c:\windows\Ctregrun.exe
2008-10-09 15:09 . 2008-10-09 15:09 <DIR> d-------- c:\windows\CtDrvInstall
2008-10-09 15:08 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe
2008-10-09 15:07 . 2008-10-09 15:12 <DIR> d-------- c:\program files\Creative
2008-10-09 15:01 . 2008-10-09 15:01 <DIR> d-------- c:\program files\Yahoo!
2008-10-09 15:01 . 2008-10-09 15:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-09 08:21 . 2008-10-09 08:21 268 --ah----- C:\sqmdata06.sqm
2008-10-09 08:21 . 2008-10-09 08:21 244 --ah----- C:\sqmnoopt06.sqm
2008-10-09 08:00 . 2008-10-09 08:00 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-10-09 07:59 . 2008-10-09 08:00 <DIR> d-------- c:\program files\Common Files\Adobe
2008-10-09 07:17 . 2008-10-09 07:17 268 --ah----- C:\sqmdata05.sqm
2008-10-09 07:17 . 2008-10-09 07:17 244 --ah----- C:\sqmnoopt05.sqm
2008-10-09 06:54 . 2008-10-03 10:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-09 06:54 . 2007-04-17 02:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-09 06:54 . 2007-03-07 22:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-09 06:54 . 2008-08-26 00:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-09 06:54 . 2008-08-26 00:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-09 06:54 . 2008-08-26 00:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-09 06:54 . 2008-08-26 00:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-10-09 06:54 . 2008-08-26 00:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-09 06:54 . 2008-08-25 01:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-09 06:48 . 2008-10-09 06:48 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-09 06:26 . 2008-10-09 06:43 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-10-09 06:24 . 2008-06-13 06:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-10-09 06:24 . 2008-06-13 06:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-09 06:23 . 2006-03-20 20:23 23,040 --------- c:\windows\kb913800.exe
2008-10-09 06:18 . 2008-07-18 21:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-10-09 06:18 . 2008-07-18 21:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 15:04 --------- d-----w c:\program files\Symantec AntiVirus
2008-11-02 16:49 --------- d-----w c:\program files\RGB
2008-11-02 16:49 --------- d-----w c:\program files\EnglishOtto
2008-10-11 18:20 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-11 17:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-06 02:26 --------- d-----w c:\program files\Windows Live
2008-10-06 02:24 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-06 02:23 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-06 01:46 --------- d-----w c:\program files\CCleaner
2008-10-06 01:42 --------- d-----w c:\documents and settings\ken\Application Data\Talkback
2008-10-06 01:36 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-06 01:31 --------- d-----w c:\program files\Symantec
2008-10-06 01:31 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-06 00:54 5 ----a-w c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK
2008-10-06 00:54 5 ----a-w c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK
2008-10-06 00:52 --------- d-----w c:\program files\SigmaTel
2008-10-06 00:52 --------- d-----w c:\program files\Intel
2008-10-06 00:49 --------- d-----w c:\program files\Dell
2008-10-06 00:09 --------- d-----w c:\program files\microsoft frontpage
2008-10-06 00:04 --------- d-----w c:\program files\Windows Plus
2008-09-28 10:21 15,975,328 ----a-w c:\windows\61510.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qkultd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\61510]
--a------ 2008-09-28 03:21 15975328 c:\windows\61510.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-04-08 14:52 48752 c:\program files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 04:00 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 12:56 64512 c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
--a------ 2004-03-04 02:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATI9AA.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 05:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 05:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-09-19 16:34 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-29 91830]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [ ]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [ ]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [ ]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [ ]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-5ce33f2c - c:\windows\system32\lswrqxnj.dll
MSConfigStartUp-Messenger Service - service.exe
MSConfigStartUp-Windows Service - service.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\ken\Application Data\Mozilla\Firefox\Profiles\k8hx0ldq.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE -
www.google.com
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-06 08:09:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-06 8:10:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-06 15:10:55
Pre-Run: 226,981,277,696 bytes free
Post-Run: 226,927,276,032 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
287 --- E O F --- 2008-10-25 23:32:05