Thread: Another Redirect
View Single Post
Old 12-07-2008, 09:38 AM   #6 (permalink)
facial26
Registered User
 
Join Date: Dec 2008
Posts: 10
OS: Vista Home Premium


Re: Another Redirect
this is the combofix log


ComboFix 08-12-06.06 - Sam Harris 2008-12-07 16:24:55.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1621 [GMT 0:00]
Running from: c:\users\Sam Harris\Desktop\ComboFix.exe
Command switches used :: c:\users\Sam Harris\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 16:26 --------- d-----w c:\programdata\Kontiki
2008-12-03 12:13 --------- d-----w c:\program files\Alwil Software
2008-12-03 12:08 --------- d-----w c:\program files\Sophos
2008-12-02 12:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 12:28 --------- d-----w c:\program files\Activision
2008-12-02 00:49 --------- d-----w c:\users\Sam Harris\AppData\Roaming\Apple Computer
2008-12-02 00:32 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-02 00:32 --------- d-----w c:\program files\iTunes
2008-12-02 00:32 --------- d-----w c:\program files\iPod
2008-12-02 00:32 --------- d-----w c:\program files\Common Files\Apple
2008-12-02 00:30 --------- d-----w c:\program files\QuickTime
2008-12-02 00:19 --------- d-----w c:\program files\Safari
2008-12-01 22:19 --------- d-----w c:\users\Sam Harris\AppData\Roaming\HP
2008-12-01 21:17 --------- d-----w c:\programdata\WEBREG
2008-12-01 21:16 --------- d-----w c:\programdata\HP
2008-12-01 21:04 --------- d-----w c:\programdata\HPSSUPPLY
2008-12-01 21:04 --------- d-----w c:\program files\HP
2008-12-01 21:02 --------- d-----w c:\program files\Common Files\HP
2008-11-28 17:46 --------- d-----w c:\users\Sam Harris\AppData\Roaming\uTorrent
2008-11-28 17:25 1,228,579 ----a-w c:\windows\LightWave 3D 9 Uninstaller.exe
2008-11-28 17:25 --------- d-----w c:\program files\NewTek
2008-11-26 16:57 --------- d-----w c:\users\Sam Harris\AppData\Roaming\PeerNetworking
2008-11-26 13:19 --------- d-----w c:\program files\Panda Security
2008-11-21 16:31 --------- d-----w c:\program files\Free iPod Video Converter
2008-11-21 02:18 --------- d-----w c:\program files\Wisdom-soft
2008-11-20 14:41 --------- d-----w c:\users\Sam Harris\AppData\Roaming\Red Alert 3
2008-11-20 13:49 --------- d-----w c:\program files\Electronic Arts
2008-11-20 13:22 29,192 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-20 13:22 --------- d-----w c:\program files\homeview
2008-11-19 16:06 --------- d-----w c:\programdata\Microsoft Help
2008-11-18 15:13 --------- d-----w c:\program files\InterCasino £££
2008-11-16 14:15 --------- d-----w c:\users\Sam Harris\AppData\Roaming\Sports Interactive
2008-11-16 14:14 --------- d-----w c:\programdata\Sports Interactive
2008-11-16 14:09 --------- d--h--w c:\program files\Zero G Registry
2008-11-16 14:07 --------- d-----w c:\program files\Sports Interactive
2008-11-15 14:29 19,588,096 ----a-w c:\windows\System32\imageres.dll
2008-11-15 14:28 --------- d-----w c:\programdata\Stardock
2008-11-15 14:28 --------- d-----w c:\program files\Stardock
2008-11-14 19:13 --------- d-----w c:\program files\EA SPORTS
2008-11-14 14:32 444,952 ----a-w c:\windows\System32\wrap_oal.dll
2008-11-14 14:32 109,080 ----a-w c:\windows\System32\OpenAL32.dll
2008-11-14 14:32 --------- d-----w c:\programdata\Codemasters
2008-11-14 14:32 --------- d-----w c:\program files\OpenAL
2008-11-14 02:54 --------- d-----w c:\program files\Kontiki
2008-11-13 21:54 --------- d--h--r c:\users\Sam Harris\AppData\Roaming\SecuROM
2008-11-07 00:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-27 10:04 70,992 ----a-w c:\windows\System32\XAPOFX1_2.dll
2008-10-27 10:04 514,384 ----a-w c:\windows\System32\XAudio2_3.dll
2008-10-27 10:04 235,856 ----a-w c:\windows\System32\xactengine3_3.dll
2008-10-27 10:04 23,376 ----a-w c:\windows\System32\X3DAudio1_5.dll
2008-10-24 00:33 --------- d-----w c:\program files\TryMedia
2008-10-24 00:19 --------- d-----w c:\users\Sam Harris\AppData\Roaming\Activision
2008-10-24 00:19 --------- d-----w c:\programdata\Activision
2008-10-24 00:15 --------- d-----w c:\program files\Team17
2008-10-21 14:24 --------- d-----w c:\program files\Sun
2008-10-21 14:09 --------- d-----w c:\program files\Java
2008-10-20 16:46 --------- d-----w c:\program files\Samsung
2008-10-20 16:44 --------- d-----w c:\users\Sam Harris\AppData\Roaming\InstallShield
2008-10-20 14:41 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-10-20 14:25 --------- d-----w c:\programdata\KONAMI
2008-10-20 14:17 --------- d-----w c:\program files\KONAMI
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 14:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 13:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-15 20:52 --------- d-----w c:\users\Sam Harris\AppData\Roaming\Skype
2008-10-15 20:34 --------- d-----w c:\users\Sam Harris\AppData\Roaming\skypePM
2008-10-14 20:48 --------- d-----w c:\users\Sam Harris\AppData\Roaming\Blender Foundation
2008-10-14 20:48 --------- d-----w c:\program files\Blender Foundation
2008-10-10 04:52 452,440 ----a-w c:\windows\System32\d3dx10_40.dll
2008-10-10 04:52 4,379,984 ----a-w c:\windows\System32\D3DX9_40.dll
2008-10-10 04:52 2,036,576 ----a-w c:\windows\System32\D3DCompiler_40.dll
2008-10-08 22:53 --------- d-----w c:\programdata\Office Genuine Advantage
2008-10-08 19:51 --------- d-----w c:\program files\Microsoft.NET
2008-10-08 19:48 --------- d-----w c:\users\Sam Harris\AppData\Roaming\GetRightToGo
2008-08-02 03:00 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-12-07_16.06.42.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-07 16:24:07 6,262,784 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2008-12-07 16:02:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-07 16:02:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-07 16:02:21 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-07 16:27:02 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-07 16:27:02 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-18 21:08:20 72,256 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2008-10-16 14:08:00 70,416 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
- 2008-12-07 16:02:54 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-07 16:24:15 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-07 16:02:54 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-07 16:24:15 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-07 16:02:54 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-07 16:24:15 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-03 18:32:55 108,122 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-07 1651 108,122 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-03 18:32:55 622,906 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-07 1651 622,906 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-01 20:47:07 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-12-07 16:23:25 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-12-01 21:16:00 70,126 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 16:04:48 70,730 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-01 20:47:22 141,243,717 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-12-07 16:22:16 141,536,421 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-10-16 21:12:19 561,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wuapi.dll
+ 2008-10-16 20:55:59 83,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wudriver.dll
+ 2008-10-16 21:08:57 34,328 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wups.dll
+ 2008-10-16 13:56:04 31,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuapp.exe
+ 2008-10-16 14:08:00 162,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuwebv.dll
+ 2008-10-16 21:09:43 51,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuauclt.exe
+ 2008-10-16 21:13:38 1,809,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuaueng.dll
+ 2008-10-16 21:09:43 43,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wups2.dll
+ 2008-10-16 20:56:28 1,524,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.2.6001.788_none_a8125d5406872725\wucltux.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-14 1232896]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-01-19 942080]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8473120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2008-06-10 54672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BizChecker.lnk - c:\program files\Samsung\Samsung Biz Reader\BizChecker.exe [2008-10-20 32768]
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-07-30 1064960]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1795595B-3BEB-430F-9C75-C6602604CEF0}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"TCP Query User{8B7F9270-BB7F-4ACF-81CA-8F3DA65D3467}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{6E95B784-6D67-40DA-8EE1-F85703677238}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{DE098A60-B9E2-4D44-B81E-04DDD179FB84}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B060D85D-3191-4F3C-8C55-C5135680BF84}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{1C87D4BA-371B-489E-83DA-061FE9A3BA0C}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{281340B1-5E0B-4D0A-AE8A-FCC6D8D3F577}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F0209C38-50E0-4CFF-AD5A-9D3319A2401C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3023391C-D3D3-46E4-BCDA-4D94DE537013}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{489C6517-B152-4A7F-890A-9E6E46BC3704}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{B4C54CAD-1D0D-49E3-B923-56455DAE9A07}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{D8CE6956-6B00-46D8-83CD-97B5D51EA151}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{B291CA01-BF58-4894-A51D-B050E6651FF0}"= UDP:64130:UT
"{678E56FB-69C0-4552-A7E4-3831C05796D6}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{352E111F-30F1-4502-808B-7976281DAA86}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{3D1D24BB-B0C7-4696-B02E-C48C717EBA4B}"= UDP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{7A9B53EB-4642-44B9-9D02-2E289F6C32BA}"= TCP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{73F81B5B-E118-4583-87CE-AB5963EAD65E}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{8EB35804-AAE3-4944-8869-EAA13B375EDF}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{ADB49839-6977-4194-B635-BF4811D585E7}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{F1630344-458B-4149-9A83-70EA292CA76F}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{89C2C653-7112-4D9A-BA40-445D8D263A4B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CD89DD03-3027-497D-B292-74A2FA74826D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{620399A6-7F47-4F81-AA04-0B75A1AFB64F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{317EFCBB-A3C3-49C1-87DB-925E1E0C627B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EE13EE6C-846C-480F-AD9C-7CF8E869B072}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E5A3E577-DD5C-4B3F-93DA-9863B5B6CC18}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{722F15C3-F22D-4491-8A90-D5FC792AE98B}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{B2ED0B58-E361-4BC1-A985-6CA288757C66}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{40D2C4D0-80A2-4ED8-B08E-1AB6690701F6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DFBC21F2-2E0B-4C7F-B090-3AE70ACCE1C2}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{877B6F74-C22B-4880-8585-8A06B1427921}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{D5598EF3-673A-4A37-9E97-5842928925A3}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{DA384D9E-8FA5-4390-AD90-DAFD007F5FDB}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{05778F7C-6F7A-42D9-8C99-BC01AB8DB62D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{13484D03-728C-4AE4-A9CD-B49AB985406B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-26 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-03 78416]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080926.005\IDSvix86.sys [2008-09-29 270384]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-03 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-12-03 51280]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2008-04-14 198240]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-11-06 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-14 99376]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-04-14 1176064]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-04-14 464384]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 LGDDCDevice;LGDDCDevice;\??\c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-07-30 14336]
S3 LGII2CDevice;LGII2CDevice;\??\c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-07-30 13312]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-20 29192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23b8caeb-411e-11dd-a100-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75a322c7-92d6-11dd-bc12-f913e9b18959}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL f:\resycled\boot.com f:
\shell\Open\command - f:\resycled\boot.com f:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75a322cd-92d6-11dd-bc12-f913e9b18959}]
\shell\AutoRun\command - wd_windows_tools\setup.exe

*Newly Created Service* - ASWFSBLK
*Newly Created Service* - ASWMONFLT
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWSP
*Newly Created Service* - ASWTDI
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Sam Harris.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 11:19]

2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{EB29FF8B-EE09-4EBB-8AC0-732263DBBF8F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>;*.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\users\Sam Harris\AppData\Roaming\Mozilla\Firefox\Profiles\4dxe9ed0.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 16:27:06
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-07 16:28:27
ComboFix-quarantined-files.txt 2008-12-07 16:28:24
ComboFix2.txt 2008-12-07 16:07:21

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 434,276,851,712 bytes free

297 --- E O F --- 2008-09-26 12:52:30
Attached Files
File Type: txt ComboFix.txt (22.9 KB, 2 views)
Last edited by sUBs; 12-07-2008 at 02:53 PM.
facial26 is offline