ComboFix 08-12-18.01 - Owner 2008-12-18 22:49:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.311 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.
2008-12-18 18:19 . 2008-12-18 18:19 0 --a------ C:\__tmp_rar_sfx_access_check_24878781
2008-12-18 08:10 . 2008-12-18 08:10 <DIR> d-------- c:\windows\ie8updates
2008-12-17 18:31 . 2008-12-17 18:31 <DIR> d-------- c:\program files\ERUNT
2008-12-17 11:43 . 2008-12-17 11:44 <DIR> d-------- C:\Regsearch
2008-12-14 14:30 . 2008-12-14 14:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 14:30 . 2008-12-14 14:30 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-14 14:30 . 2008-12-14 14:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-14 14:30 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 14:30 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 11:39 . 2008-12-10 11:40 <DIR> d-------- C:\rsit
2008-12-03 17:48 . 2008-12-03 17:47 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-03 17:48 . 2008-12-03 17:47 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-02 10:24 . 2008-12-02 10:24 166,064 --a------ C:\FixVundo.exe
2008-12-01 23:02 . 2008-12-01 23:02 <DIR> d--hs---- c:\documents and settings\Owner\PrivacIE
2008-12-01 22:54 . 2008-12-10 22:23 1,393 --a------ c:\windows\imsins.BAK
2008-12-01 22:51 . 2008-12-01 22:53 <DIR> d--h-c--- c:\windows\ie8
2008-11-27 14:47 . 2008-11-27 14:48 <DIR> d-------- c:\documents and settings\Owner\Application Data\vlc
2008-11-25 21:43 . 2008-12-01 18:04 <DIR> d-------- c:\documents and settings\Owner\Application Data\Uniblue
2008-11-25 21:43 . 2008-12-01 18:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-11-25 20:46 . 2008-11-25 20:46 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-25 20:46 . 2008-11-25 20:46 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-25 20:46 . 2008-11-25 20:46 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-25 20:46 . 2008-11-25 20:46 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-25 19:30 . 2008-10-31 19:36 873,374 --a------ c:\windows\system32\oem68.inf
2008-11-24 22:14 . 2008-04-30 17:32 107,596 --a------ C:\toolkit_widget.gif
2008-11-22 21:39 . 2008-11-22 21:39 <DIR> d-------- c:\windows\SWImport Xtra Cache
2008-11-22 21:38 . 2008-11-22 21:38 <DIR> d-------- c:\program files\Shockwave.com
2008-11-22 21:38 . 2008-11-22 21:38 24 --a------ c:\windows\SWImport Xtra.PRF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 03:49 --------- d-----w c:\documents and settings\Owner\Application Data\WeatherWatcherLive
2008-12-19 03:36 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-18 22:59 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2008-12-18 02:51 --------- d-----w c:\program files\PokerStars.NET
2008-12-14 13:59 5,699,584 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-03 22:47 --------- d-----w c:\program files\Java
2008-12-03 01:14 20 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2008-12-01 23:01 --------- d-----w c:\program files\palmOne
2008-12-01 22:57 --------- d-----w c:\program files\BitPim
2008-12-01 22:47 --------- d-----w c:\program files\Free Window Registry Repair
2008-12-01 22:46 --------- d-----w c:\program files\Lavasoft
2008-11-26 16:50 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-26 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-11 23:00 --------- d-----w c:\program files\Common Files\Adobe
2008-10-27 02:53 --------- d-----w c:\documents and settings\Owner\Application Data\OpenOffice.org
2008-10-27 02:48 --------- d-----w c:\program files\OpenOffice.org 3
2008-10-27 02:48 --------- d-----w c:\program files\JRE
2008-10-24 15:21 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-23 06:58 87,280 ----a-w c:\windows\system32\bcmwlcoi.dll
2008-10-23 06:58 1,391,104 ----a-w c:\windows\system32\drivers\BCMWL5.SYS
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-09 03:05 270,128 ----a-w c:\windows\Web\utorrent.exe
2008-10-06 00:15 425,984 -c--a-w c:\windows\Web\WContig\WinContig.exe
2008-10-06 00:15 324,096 ----a-w c:\windows\Web\WContig.zip
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2007-05-11 15:34 0 -c--a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2004-09-18 19:28 20,480 -c--a-w c:\windows\inf\WtUninst.exe
2007-09-08 16:07 8 --sh--r c:\windows\system32\5735E2392C.dll
2008-08-18 02:43 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081720080818\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
"MtdAcq"="c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2005-09-14 229466]
"WeatherWatcherLive"="c:\program files\Weather Watcher Live\ww.exe" [2008-05-23 1097728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 316728]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2006-07-04 233472]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-16 65588]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Picaboo.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Picaboo.lnk
backup=c:\windows\pss\Picaboo.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2005-03-22 23:05 339968 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a--c--- 2005-02-17 16:01 233534 c:\program files\HPQ\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-12-03 15:24 290816 c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-02-17 01:11 49152 c:\program files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a--c--- 2005-04-11 17:21 794624 c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a--c--- 2004-10-14 15:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-09-15 02:27 1015808 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-02-02 07:12 102492 c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\Web\\utorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-01 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-01 20560]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
S3 2b14a715-fe10-4bf0-b718-bf530c41e220;2b14a715-fe10-4bf0-b718-bf530c41e220;\??\d:\player\cds300.dll []
S3 cur_bus;Curitel USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\cur_bus.sys [2006-07-10 51040]
S3 cur_mdfl;Curitel Packet Service Filter;c:\windows\system32\DRIVERS\cur_mdfl.sys [2006-07-10 6064]
S3 cur_mdm;Curitel Packet Service Drivers;c:\windows\system32\DRIVERS\cur_mdm.sys [2006-07-10 82640]
S3 cur_serd;Curitel Packet Service Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\cur_serd.sys [2006-07-10 64096]
.
Contents of the 'Scheduled Tasks' folder
2006-08-31 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 13:04]
2008-12-19 c:\windows\Tasks\User_Feed_Synchronization-{C6D446F2-60A6-42E4-B023-13169E69588D}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]
2008-12-16 c:\windows\Tasks\wrSpySweeper_410F6D95944D49A9BAEBCF7753C38B1E.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-12-16 c:\windows\Tasks\wrSpySweeper_410F6D95944D49A9BAEBCF7753C38B1E.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-12-16 c:\windows\Tasks\wrSpySweeper_410F6D95944D49A9BAEBCF7753C38B1E.job
- D:\ []
2008-12-16 c:\windows\Tasks\wrSpySweeper_67782FF0FD12491DA282CCA1E463E844.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-12-16 c:\windows\Tasks\wrSpySweeper_67782FF0FD12491DA282CCA1E463E844.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-12-16 c:\windows\Tasks\wrSpySweeper_67782FF0FD12491DA282CCA1E463E844.job
- D:\ []
2008-12-16 c:\windows\Tasks\wrSpySweeper_FEEC59B6AF0D460A9AD833971F5B94E6.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-12-16 c:\windows\Tasks\wrSpySweeper_FEEC59B6AF0D460A9AD833971F5B94E6.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-12-16 c:\windows\Tasks\wrSpySweeper_FEEC59B6AF0D460A9AD833971F5B94E6.job
- D:\ []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_02\bin\jusched.exe
MSConfigStartUp-URLLSTCK - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 22:53:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WRLogonNTF.dll
.
Completion time: 2008-12-18 22:55:34
ComboFix-quarantined-files.txt 2008-12-19 03:54:21
Pre-Run: 30,712,832,000 bytes free
Post-Run: 30,698,651,648 bytes free
232 --- E O F --- 2008-12-11 22:55:41