parallelepipeds
2008-01-15, 03:52
I've read this thread http://forums.spybot.info/showthread.php?t=22346 , but I'm unsure of how to proceed without some help from an expert. Can anyone help me?
If this helps, here's my combfix report:
ComboFix 08-01-15.3 - Matt 2008-01-14 21:18:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.265 [GMT -5:00]
Running from: C:\Documents and Settings\Matt\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NPF
-------\LEGACY_SROSA
-------\NPF
-------\srosa
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.
2008-01-14 21:06 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 21:04 . 2008-01-14 21:04 250 --a------ C:\WINDOWS\gmer.ini
2008-01-14 21:01 . 2008-01-14 21:01 <DIR> d-------- C:\WINDOWS\D8C0E918991E44508AC6D29FBBDF8D6A.TMP
2008-01-14 21:01 . 2008-01-14 21:02 <DIR> d-------- C:\Program Files\Prevx Home
2008-01-14 17:32 . 2008-01-14 17:35 <DIR> d-------- C:\Documents and Settings\Matt\.housecall6.6
2008-01-14 17:14 . 2008-01-14 17:16 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\PrevxCSI
2008-01-14 17:14 . 2008-01-14 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-14 17:14 . 2008-01-14 17:15 10,624 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-01-14 16:54 . 2008-01-14 16:54 93,188 --a------ C:\WINDOWS\system32\mdelk.exe
2008-01-14 16:33 . 2008-01-14 17:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-14 16:31 . 2008-01-14 16:55 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-01-14 16:31 . 2008-01-14 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-14 16:04 . 2008-01-14 16:35 88,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-14 16:04 . 2008-01-14 16:35 2,848 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-14 16:04 . 2008-01-14 16:04 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-14 16:04 . 2008-01-14 16:04 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-14 16:01 . 2008-01-14 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-13 20:36 . 2008-01-13 20:37 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2008-01-13 20:36 . 2008-01-13 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-13 11:04 . 2008-01-13 11:04 <DIR> d--h----- C:\Documents and Settings\Matt\Application Data\m
2008-01-12 10:17 . 2008-01-12 10:17 66 --a------ C:\WINDOWS\SCap.INI
2008-01-12 10:14 . 2008-01-12 10:14 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\ACASystems
2008-01-12 10:14 . 2008-01-12 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACASystems
2008-01-12 10:13 . 2008-01-12 10:13 <DIR> d-------- C:\Program Files\ACASystems
2008-01-12 10:12 . 2008-01-14 16:57 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2007-12-26 10:16 . 2007-12-26 10:17 <DIR> d-------- C:\Program Files\FileBoss
2007-12-25 21:41 . 2004-08-03 23:08 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2007-12-25 21:41 . 2004-08-03 23:08 26,624 --a--c--- C:\WINDOWS\system32\dllcache\usbehci.sys
2007-12-25 21:41 . 2004-08-04 00:56 7,168 --a------ C:\WINDOWS\system32\hccoin.dll
2007-12-25 21:41 . 2004-08-04 00:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\hccoin.dll
2007-12-25 21:40 . 2004-08-03 23:08 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2007-12-25 21:40 . 2004-08-03 23:08 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys
2007-12-25 18:36 . 2008-01-14 17:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-25 18:36 . 2007-12-25 18:36 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\PC Tools
2007-12-25 18:36 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-25 18:36 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-25 18:36 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-25 18:36 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-25 18:36 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-12-25 18:36 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-20 15:50 . 2007-12-29 17:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-20 15:50 . 2007-12-20 15:50 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 02:29 --------- d-----w C:\Documents and Settings\Matt\Application Data\WTablet
2008-01-15 02:05 --------- d-----w C:\Program Files\PeerGuardian2
2008-01-15 01:18 --------- d-----w C:\Program Files\eMule
2008-01-14 21:39 --------- d-----w C:\Documents and Settings\Matt\Application Data\uTorrent
2008-01-14 21:31 --------- d-----w C:\Program Files\Google
2008-01-14 20:51 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-01-12 13:09 --------- d-----w C:\Program Files\DC++
2008-01-10 03:08 --------- d-----w C:\Program Files\Trillian
2008-01-03 16:49 --------- d-----w C:\Program Files\FlashFXP
2007-12-29 22:02 --------- d-----w C:\Program Files\Quik-E Note
2007-12-06 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-06 14:35 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-30 19:32 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-30 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-11-22 02:00 --------- d-----w C:\Program Files\SurfOffline
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"Bandwidth Monitor Pro"="C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2007-04-11 03:52 224768]
"german.exe"="C:\WINDOWS\system32\wintems.exe" [ ]
"mule_st_key"="C:\Documents and Settings\Matt\Application Data\m\flec006.exe" [2004-08-21 07:06 480513]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdService"="C:\Program Files\Common Files\Microsoft Shared\MSWNInfo\UpdService.exe" [2004-08-21 07:06 480513]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-15 23:42:24]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-14 16:31:27]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-07-06 09:45]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 13:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-02-14 13:19]
S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2006-01-13 01:46]
S3 gcreader;MaxDrive GameCube Driver (gcreader.sys);C:\WINDOWS\system32\Drivers\gcreader.sys [2001-01-02 22:53]
S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-01-14 17:15]
*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 21:32:01 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 21:30:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-14 21:35:20 - machine was rebooted [Matt]
ComboFix-quarantined-files.txt 2008-01-15 02:35:16
If this helps, here's my combfix report:
ComboFix 08-01-15.3 - Matt 2008-01-14 21:18:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.265 [GMT -5:00]
Running from: C:\Documents and Settings\Matt\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NPF
-------\LEGACY_SROSA
-------\NPF
-------\srosa
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.
2008-01-14 21:06 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 21:04 . 2008-01-14 21:04 250 --a------ C:\WINDOWS\gmer.ini
2008-01-14 21:01 . 2008-01-14 21:01 <DIR> d-------- C:\WINDOWS\D8C0E918991E44508AC6D29FBBDF8D6A.TMP
2008-01-14 21:01 . 2008-01-14 21:02 <DIR> d-------- C:\Program Files\Prevx Home
2008-01-14 17:32 . 2008-01-14 17:35 <DIR> d-------- C:\Documents and Settings\Matt\.housecall6.6
2008-01-14 17:14 . 2008-01-14 17:16 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\PrevxCSI
2008-01-14 17:14 . 2008-01-14 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-14 17:14 . 2008-01-14 17:15 10,624 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-01-14 16:54 . 2008-01-14 16:54 93,188 --a------ C:\WINDOWS\system32\mdelk.exe
2008-01-14 16:33 . 2008-01-14 17:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-14 16:31 . 2008-01-14 16:55 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-01-14 16:31 . 2008-01-14 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-14 16:04 . 2008-01-14 16:35 88,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-14 16:04 . 2008-01-14 16:35 2,848 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-14 16:04 . 2008-01-14 16:04 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-14 16:04 . 2008-01-14 16:04 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-14 16:01 . 2008-01-14 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-13 20:36 . 2008-01-13 20:37 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2008-01-13 20:36 . 2008-01-13 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-13 11:04 . 2008-01-13 11:04 <DIR> d--h----- C:\Documents and Settings\Matt\Application Data\m
2008-01-12 10:17 . 2008-01-12 10:17 66 --a------ C:\WINDOWS\SCap.INI
2008-01-12 10:14 . 2008-01-12 10:14 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\ACASystems
2008-01-12 10:14 . 2008-01-12 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACASystems
2008-01-12 10:13 . 2008-01-12 10:13 <DIR> d-------- C:\Program Files\ACASystems
2008-01-12 10:12 . 2008-01-14 16:57 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2007-12-26 10:16 . 2007-12-26 10:17 <DIR> d-------- C:\Program Files\FileBoss
2007-12-25 21:41 . 2004-08-03 23:08 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2007-12-25 21:41 . 2004-08-03 23:08 26,624 --a--c--- C:\WINDOWS\system32\dllcache\usbehci.sys
2007-12-25 21:41 . 2004-08-04 00:56 7,168 --a------ C:\WINDOWS\system32\hccoin.dll
2007-12-25 21:41 . 2004-08-04 00:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\hccoin.dll
2007-12-25 21:40 . 2004-08-03 23:08 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2007-12-25 21:40 . 2004-08-03 23:08 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys
2007-12-25 18:36 . 2008-01-14 17:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-25 18:36 . 2007-12-25 18:36 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\PC Tools
2007-12-25 18:36 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-25 18:36 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-25 18:36 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-25 18:36 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-25 18:36 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-12-25 18:36 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-20 15:50 . 2007-12-29 17:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-20 15:50 . 2007-12-20 15:50 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 02:29 --------- d-----w C:\Documents and Settings\Matt\Application Data\WTablet
2008-01-15 02:05 --------- d-----w C:\Program Files\PeerGuardian2
2008-01-15 01:18 --------- d-----w C:\Program Files\eMule
2008-01-14 21:39 --------- d-----w C:\Documents and Settings\Matt\Application Data\uTorrent
2008-01-14 21:31 --------- d-----w C:\Program Files\Google
2008-01-14 20:51 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-01-12 13:09 --------- d-----w C:\Program Files\DC++
2008-01-10 03:08 --------- d-----w C:\Program Files\Trillian
2008-01-03 16:49 --------- d-----w C:\Program Files\FlashFXP
2007-12-29 22:02 --------- d-----w C:\Program Files\Quik-E Note
2007-12-06 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-06 14:35 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-30 19:32 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-30 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-11-22 02:00 --------- d-----w C:\Program Files\SurfOffline
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"Bandwidth Monitor Pro"="C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2007-04-11 03:52 224768]
"german.exe"="C:\WINDOWS\system32\wintems.exe" [ ]
"mule_st_key"="C:\Documents and Settings\Matt\Application Data\m\flec006.exe" [2004-08-21 07:06 480513]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdService"="C:\Program Files\Common Files\Microsoft Shared\MSWNInfo\UpdService.exe" [2004-08-21 07:06 480513]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-15 23:42:24]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-14 16:31:27]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-07-06 09:45]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 13:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-02-14 13:19]
S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2006-01-13 01:46]
S3 gcreader;MaxDrive GameCube Driver (gcreader.sys);C:\WINDOWS\system32\Drivers\gcreader.sys [2001-01-02 22:53]
S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-01-14 17:15]
*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 21:32:01 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 21:30:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-14 21:35:20 - machine was rebooted [Matt]
ComboFix-quarantined-files.txt 2008-01-15 02:35:16