Tech Support Forum - View Single Post

seadoo1992 · 11-17-2008, 07:09 PM

ComboFix 08-11-16.05 - MyPC 2008-11-17 20:59:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.873 [GMT -5:00]
Running from: c:\documents and settings\KTMiller\Desktop\New Folder\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\KTMiller\Application Data\Adobe\crc.dat
c:\documents and settings\KTMiller\Application Data\Adobe\Manager.exe
c:\documents and settings\KTMiller\Application Data\inst.exe
d:\my documents\SSTEM~1

----- BITS: Possible infected sites -----

hxxp://lovelypornovideo.net
hxxp://pornotube30.net
.
((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 )))))))))))))))))))))))))))))))
.

2008-11-17 20:06 . 2008-11-17 20:06 250 --a------ c:\windows\gmer.ini
2008-11-15 02:28 . 2008-11-15 02:28 <DIR> d-------- c:\program files\DVDFab 5
2008-11-15 01:59 . 2008-11-15 02:11 <DIR> d-------- c:\documents and settings\KTMiller\Application Data\1ClickDVDCopy
2008-11-15 01:57 . 2008-11-15 01:57 <DIR> d-------- c:\program files\LG Software Innovations
2008-11-15 01:57 . 2008-11-15 08:45 <DIR> d-------- c:\documents and settings\KTMiller\Application Data\Vso
2008-11-15 01:57 . 2008-11-15 01:57 81,920 --a------ c:\documents and settings\KTMiller\Application Data\ezpinst.exe
2008-11-15 01:57 . 2008-11-15 02:28 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-11-15 01:57 . 2008-11-15 02:28 47,360 --a------ c:\documents and settings\KTMiller\Application Data\pcouffin.sys
2008-11-11 23:31 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-09 08:54 . 2008-11-09 08:54 1,725 --ah----- C:\hpothb07.tif
2008-11-09 08:54 . 2008-11-09 08:54 910 --ah----- C:\hpothb07.dat
2008-11-09 08:44 . 2008-11-09 08:44 <DIR> d-------- c:\documents and settings\KTMiller\Application Data\ArcSoft
2008-11-03 23:03 . 2008-11-03 23:03 <DIR> d-------- c:\program files\Viewpoint
2008-11-03 23:03 . 2008-11-03 23:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-03 23:03 . 2008-11-03 23:03 37,027 --a------ c:\windows\atmoUn.exe
2008-10-29 16:32 . 2008-10-29 16:33 <DIR> d-------- C:\USMT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 02:03 --------- d-----w c:\program files\Symantec AntiVirus
2008-11-17 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-15 07:40 --------- d-----w c:\program files\DVD Region+CSS Free
2008-11-04 04:03 --------- d-----w c:\documents and settings\KTMiller\Application Data\AdobeUM
2008-10-29 21:31 --------- d-----w c:\documents and settings\KTMiller\Application Data\Tunebite
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-27 20:30 --------- d-----w c:\documents and settings\KTMiller\Application Data\Creative Memories Photo Center
2008-09-18 00:48 --------- d-----w c:\documents and settings\KTMiller\Application Data\Saba
2008-09-18 00:41 --------- d-----w c:\program files\Centra
2008-09-18 00:41 --------- d-----w c:\documents and settings\KTMiller\Application Data\Centra
2008-09-18 00:31 --------- d-----w c:\program files\SoftForum
2008-09-18 00:31 --------- d-----w c:\program files\NPKI
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-14 04:02 85 ----a-w C:\755.bat
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-05 21:57 695,834 ----a-w c:\windows\system32\unins000.exe
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-03 21:41 119,296 ----a-w c:\windows\system32\libmpeg2_ff.dll
2008-09-03 21:35 3,571,712 ----a-w c:\windows\system32\libavcodec.dll
2008-08-30 18:24 695,808 ----a-w c:\windows\system32\ff_x264.dll
2008-08-26 19:11 987,136 ----a-w c:\windows\system32\VSFilter.dll
2008-08-23 21:24 178,176 ----a-w c:\windows\system32\ff_theora.dll
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll
2008-06-12 00:51 32 ----a-r c:\documents and settings\All Users\hash.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2005-02-21 1482752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"TLogonPath"="c:\program files\timbuktu pro\minitb2.exe" [2001-11-02 61440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 1620480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 1050112]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-09 28672]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 212992]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-22 483328]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"HP Lamp"="c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" [2001-04-27 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-07-08 925696]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-09-29 976085]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-09-29 118784]

c:\documents and settings\KTMiller\Start Menu\Programs\Startup\
Outlook Express.lnk - c:\program files\Outlook Express\msimn.exe [2008-08-10 60416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-08-10 209016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\timbuktu pro\\minitb2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\timbuktu pro\\tb2pro.exe"=

R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-10 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#140#CN35V120V46P.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-08 11:45]

2008-11-17 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2003-05-22 08:03]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\KTMiller\Application Data\Mozilla\Firefox\Profiles\hiqar151.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://sympatico.msn.ca/
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 21:02:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\timbuktu pro\tb2launch.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-11-17 21:05:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-18 02:05:01

Pre-Run: 68,674,088,960 bytes free
Post-Run: 69,586,030,592 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

204 --- E O F --- 2008-11-12 10:57:56

11-17-2008, 07:09 PM	#5 (permalink)
seadoo1992 Registered User Join Date: Nov 2008 Posts: 7 OS: xp home	Re: hijackthis log ComboFix 08-11-16.05 - MyPC 2008-11-17 20:59:18.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.873 [GMT -5:00] Running from: c:\documents and settings\KTMiller\Desktop\New Folder\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\KTMiller\Application Data\Adobe\crc.dat c:\documents and settings\KTMiller\Application Data\Adobe\Manager.exe c:\documents and settings\KTMiller\Application Data\inst.exe d:\my documents\SSTEM~1 ----- BITS: Possible infected sites ----- hxxp://lovelypornovideo.net hxxp://pornotube30.net . ((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 ))))))))))))))))))))))))))))))) . 2008-11-17 20:06 . 2008-11-17 20:06 250 --a------ c:\windows\gmer.ini 2008-11-15 02:28 . 2008-11-15 02:28 <DIR> d-------- c:\program files\DVDFab 5 2008-11-15 01:59 . 2008-11-15 02:11 <DIR> d-------- c:\documents and settings\KTMiller\Application Data\1ClickDVDCopy 2008-11-15 01:57 . 2008-11-15 01:57 <DIR> d-------- c:\program files\LG Software Innovations 2008-11-15 01:57 . 2008-11-15 08:45 <DIR> d-------- c:\documents and settings\KTMiller\Application Data\Vso 2008-11-15 01:57 . 2008-11-15 01:57 81,920 --a------ c:\documents and settings\KTMiller\Application Data\ezpinst.exe 2008-11-15 01:57 . 2008-11-15 02:28 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys 2008-11-15 01:57 . 2008-11-15 02:28 47,360 --a------ c:\documents and settings\KTMiller\Application Data\pcouffin.sys 2008-11-11 23:31 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-09 08:54 . 2008-11-09 08:54 1,725 --ah----- C:\hpothb07.tif 2008-11-09 08:54 . 2008-11-09 08:54 910 --ah----- C:\hpothb07.dat 2008-11-09 08:44 . 2008-11-09 08:44 <DIR> d-------- c:\documents and settings\KTMiller\Application Data\ArcSoft 2008-11-03 23:03 . 2008-11-03 23:03 <DIR> d-------- c:\program files\Viewpoint 2008-11-03 23:03 . 2008-11-03 23:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint 2008-11-03 23:03 . 2008-11-03 23:03 37,027 --a------ c:\windows\atmoUn.exe 2008-10-29 16:32 . 2008-10-29 16:33 <DIR> d-------- C:\USMT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-18 02:03 --------- d-----w c:\program files\Symantec AntiVirus 2008-11-17 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-15 07:40 --------- d-----w c:\program files\DVD Region+CSS Free 2008-11-04 04:03 --------- d-----w c:\documents and settings\KTMiller\Application Data\AdobeUM 2008-10-29 21:31 --------- d-----w c:\documents and settings\KTMiller\Application Data\Tunebite 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-27 20:30 --------- d-----w c:\documents and settings\KTMiller\Application Data\Creative Memories Photo Center 2008-09-18 00:48 --------- d-----w c:\documents and settings\KTMiller\Application Data\Saba 2008-09-18 00:41 --------- d-----w c:\program files\Centra 2008-09-18 00:41 --------- d-----w c:\documents and settings\KTMiller\Application Data\Centra 2008-09-18 00:31 --------- d-----w c:\program files\SoftForum 2008-09-18 00:31 --------- d-----w c:\program files\NPKI 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-14 04:02 85 ----a-w C:\755.bat 2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll 2008-09-05 21:57 695,834 ----a-w c:\windows\system32\unins000.exe 2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-09-03 21:41 119,296 ----a-w c:\windows\system32\libmpeg2_ff.dll 2008-09-03 21:35 3,571,712 ----a-w c:\windows\system32\libavcodec.dll 2008-08-30 18:24 695,808 ----a-w c:\windows\system32\ff_x264.dll 2008-08-26 19:11 987,136 ----a-w c:\windows\system32\VSFilter.dll 2008-08-23 21:24 178,176 ----a-w c:\windows\system32\ff_theora.dll 2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll 2008-06-12 00:51 32 ----a-r c:\documents and settings\All Users\hash.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2005-02-21 1482752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824] "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168] "TLogonPath"="c:\program files\timbuktu pro\minitb2.exe" [2001-11-02 61440] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 1620480] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 1050112] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-09 28672] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416] "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 212992] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152] "HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-22 483328] "EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304] "HP Lamp"="c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" [2001-04-27 53248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-07-08 925696] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-09-29 976085] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-09-29 118784] c:\documents and settings\KTMiller\Start Menu\Programs\Startup\ Outlook Express.lnk - c:\program files\Outlook Express\msimn.exe [2008-08-10 60416] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194] APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-08-10 209016] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "msacm.avis"= ff_acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\timbuktu pro\\minitb2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\timbuktu pro\\tb2pro.exe"= R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2008-11-10 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#140#CN35V120V46P.job - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-08 11:45] 2008-11-17 c:\windows\Tasks\HP Usg Daily.job - c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2003-05-22 08:03] . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\KTMiller\Application Data\Mozilla\Firefox\Profiles\hiqar151.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://sympatico.msn.ca/ FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Acrobat\browser\nppdf32.dll FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-17 21:02:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\wdfmgr.exe c:\program files\timbuktu pro\tb2launch.exe c:\windows\system32\HPZipm12.exe c:\program files\Symantec AntiVirus\DoScan.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe c:\windows\system32\verclsid.exe . ************************************************************************ . Completion time: 2008-11-17 21:05:06 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-18 02:05:01 Pre-Run: 68,674,088,960 bytes free Post-Run: 69,586,030,592 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 204 --- E O F --- 2008-11-12 10:57:56