ComboFix 08-11-10.01 - Steph 2008-11-10 22:49:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.729 [GMT -6:00]
Running from: c:\documents and settings\Steph\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.
2008-11-10 19:02 . 2008-11-10 20:47 250 --a------ c:\windows\gmer.ini
2008-11-07 06:32 . 2008-11-07 06:32 4,050 --a------ c:\windows\system32\tmp.reg
2008-11-06 22:33 . 2008-11-06 22:33 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-06 22:32 . 2008-11-06 22:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2008-11-06 22:32 . 2008-11-06 22:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Simply Super Software
2008-11-06 22:29 . 2008-11-06 22:29 <DIR> d-------- c:\documents and settings\Steph\Application Data\Malwarebytes
2008-11-06 22:29 . 2008-11-06 22:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-04 22:20 . 2008-11-04 22:21 <DIR> d-------- c:\windows\system32\NtmsData
2008-10-23 11:02 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-14 17:27 . 2008-09-08 04:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-14 17:26 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 17:26 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 17:26 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 17:26 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-14 17:25 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 00:43 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-10 23:27 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-05 04:14 --------- d-----w c:\program files\HP
2008-11-05 04:13 --------- d-----w c:\program files\SUPERAntiSpyware
2008-11-05 04:13 --------- d-----w c:\documents and settings\Steph\Application Data\SUPERAntiSpyware.com
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-01-02 21:29 96,061 -c--a-w c:\documents and settings\Steph\Application Data\xpti.dat
2008-01-02 21:29 168,364 -c--a-w c:\documents and settings\Steph\Application Data\compreg.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-03-09 86016]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-10-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2004-02-19 147514]
"McAfeeFireTray"="c:\program files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe" [2005-04-12 655420]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-06 659456]
"nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Belkin Wireless Utility.lnk - c:\program files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe [2005-08-18 1388544]
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-05-28 241664]
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2006-04-15 708608]
Photo Loader supervisory.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2006-06-12 229376]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2006-04-15 954368]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\digital imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\hphmon06.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2006-01-12 102528]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2004-11-01 10368]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2004-07-16 14416]
R3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\DRIVERS\BLKWGD.sys [2005-06-01 463872]
S3 eyeonedp;eye-one display;c:\windows\system32\DRIVERS\eyeonedp.sys [2006-01-30 44344]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\System32\wlanndi5.SYS [2004-04-21 16384]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-11-11 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-06 22:53]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Steph\Application Data\Mozilla\Firefox\Profiles\grh5y4bb.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.techsupportforum.com/security-center/hijackthis-log-help/311570-ried-pc-2-a.html#post1796710
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-10 22:50:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-10 22:51:08
ComboFix-quarantined-files.txt 2008-11-11 04:51:03
Pre-Run: 20,062,470,144 bytes free
Post-Run: 20,049,661,952 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
123 --- E O F --- 2008-10-24 02:13:39