russm1406
2009-02-15, 18:40
When booting I received the above error. I have already ran Combofix and have my results. This website wasn't working for a bit so I went to another site and ran true sword 5 and that cleaned it I think. I still wanted to post here to see if there was anything else I needed to do. Thank you. Here is my log file.
ComboFix 09-02-12.03 - Russ 2009-02-14 23:32:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.390 [GMT -6:00]
Running from: c:\documents and settings\Russ\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\setup.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IWINGAMESINSTALLER
-------\Service_iWinGamesInstaller
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.
2009-02-12 11:13 . 2009-02-12 22:51 <DIR> d-------- c:\documents and settings\Russ\Application Data\MysteryStudio
2009-01-26 19:52 . 2009-01-26 19:56 <DIR> d-------- c:\program files\PDG Studyware
2009-01-26 19:52 . 2009-01-26 19:56 <DIR> d-------- c:\documents and settings\Russ\Application Data\PDG Studyware
2009-01-25 10:12 . 2009-01-25 10:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 05:36 --------- d-----w c:\program files\Symantec AntiVirus
2009-02-15 05:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-15 05:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-13 15:41 --------- d-----w c:\program files\iWin.com
2009-02-13 15:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-13 14:35 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2009-02-13 05:48 --------- d-----w c:\documents and settings\Russ\Application Data\uTorrent
2009-02-12 15:01 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2009-02-10 10:47 --------- d-----w c:\documents and settings\Russ\Application Data\LimeWire
2009-02-03 19:39 --------- d-----w c:\program files\BenefitBarIE
2009-01-31 12:51 --------- d-----w c:\program files\Yahoo!
2009-01-25 01:31 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-14 00:16 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap
2009-01-07 15:03 --------- d-----w c:\documents and settings\Russ\Application Data\Yahoo!
2009-01-07 14:55 --------- d-----w c:\program files\The Weather Channel FW
2009-01-05 16:36 --------- d-----w c:\documents and settings\Russ\Application Data\Move Networks
2008-12-28 04:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 04:05 --------- d-----w c:\program files\Mio Technology
2008-12-28 04:04 --------- d-----w c:\documents and settings\Russ\Application Data\InstallShield
2008-12-21 01:14 --------- d-----w c:\program files\Common Files\Nero
2008-12-21 01:12 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-21 00:38 --------- d-----w c:\program files\iWin Games
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-06-24 132392]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-10-06 793712]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"acEventServ"="c:\program files\ActivCard\ActivCard Gold\acevtsrv.exe" [2003-07-01 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]
c:\documents and settings\Russ\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-05-17 108544]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivCard Gold Smart Card Agent.lnk - c:\program files\ActivCard\ActivCard Gold\agquickp.exe [2003-03-19 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acAuth]
2002-12-17 04:11 65536 c:\windows\system32\acauth.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 17:11 73728 c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck msln\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24317:TCP"= 24317:TCP:BitComet 24317 TCP
"24317:UDP"= 24317:UDP:BitComet 24317 UDP
R2 ACachSrv;ActivCard Authentication Service;c:\program files\Common Files\ActivCard\acachsrv.exe [2002-12-17 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [2002-11-29 53248]
R2 acautoupdate;ActivCard Auto-Update Service;c:\program files\Common Files\ActivCard\acautoup.exe [2003-03-24 36864]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [2002-08-12 159744]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2008-12-20 78104]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-05-12 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2009-01-23 99376]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-08-10 226304]
S3 EraserUtilDrv10822;EraserUtilDrv10822;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10822.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10822.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [2002-11-06 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2004-04-05 64088]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 23:36:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\VESWinlogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\scardsvr.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\AOL\AOL Toolbar 5.0\AolTbServer.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
.
**************************************************************************
.
Completion time: 2009-02-14 23:41:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 05:41:49
Pre-Run: 93,442,433,024 bytes free
Post-Run: 93,362,065,408 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
212 --- E O F --- 2009-02-12 04:25:43
ComboFix 09-02-12.03 - Russ 2009-02-14 23:32:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.390 [GMT -6:00]
Running from: c:\documents and settings\Russ\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\setup.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IWINGAMESINSTALLER
-------\Service_iWinGamesInstaller
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.
2009-02-12 11:13 . 2009-02-12 22:51 <DIR> d-------- c:\documents and settings\Russ\Application Data\MysteryStudio
2009-01-26 19:52 . 2009-01-26 19:56 <DIR> d-------- c:\program files\PDG Studyware
2009-01-26 19:52 . 2009-01-26 19:56 <DIR> d-------- c:\documents and settings\Russ\Application Data\PDG Studyware
2009-01-25 10:12 . 2009-01-25 10:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 05:36 --------- d-----w c:\program files\Symantec AntiVirus
2009-02-15 05:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-15 05:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-13 15:41 --------- d-----w c:\program files\iWin.com
2009-02-13 15:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-13 14:35 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2009-02-13 05:48 --------- d-----w c:\documents and settings\Russ\Application Data\uTorrent
2009-02-12 15:01 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2009-02-10 10:47 --------- d-----w c:\documents and settings\Russ\Application Data\LimeWire
2009-02-03 19:39 --------- d-----w c:\program files\BenefitBarIE
2009-01-31 12:51 --------- d-----w c:\program files\Yahoo!
2009-01-25 01:31 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-14 00:16 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap
2009-01-07 15:03 --------- d-----w c:\documents and settings\Russ\Application Data\Yahoo!
2009-01-07 14:55 --------- d-----w c:\program files\The Weather Channel FW
2009-01-05 16:36 --------- d-----w c:\documents and settings\Russ\Application Data\Move Networks
2008-12-28 04:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 04:05 --------- d-----w c:\program files\Mio Technology
2008-12-28 04:04 --------- d-----w c:\documents and settings\Russ\Application Data\InstallShield
2008-12-21 01:14 --------- d-----w c:\program files\Common Files\Nero
2008-12-21 01:12 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-21 00:38 --------- d-----w c:\program files\iWin Games
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-06-24 132392]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-10-06 793712]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"acEventServ"="c:\program files\ActivCard\ActivCard Gold\acevtsrv.exe" [2003-07-01 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]
c:\documents and settings\Russ\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-05-17 108544]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivCard Gold Smart Card Agent.lnk - c:\program files\ActivCard\ActivCard Gold\agquickp.exe [2003-03-19 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acAuth]
2002-12-17 04:11 65536 c:\windows\system32\acauth.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 17:11 73728 c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck msln\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24317:TCP"= 24317:TCP:BitComet 24317 TCP
"24317:UDP"= 24317:UDP:BitComet 24317 UDP
R2 ACachSrv;ActivCard Authentication Service;c:\program files\Common Files\ActivCard\acachsrv.exe [2002-12-17 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [2002-11-29 53248]
R2 acautoupdate;ActivCard Auto-Update Service;c:\program files\Common Files\ActivCard\acautoup.exe [2003-03-24 36864]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [2002-08-12 159744]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2008-12-20 78104]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-05-12 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2009-01-23 99376]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-08-10 226304]
S3 EraserUtilDrv10822;EraserUtilDrv10822;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10822.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10822.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [2002-11-06 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2004-04-05 64088]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 23:36:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\VESWinlogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\scardsvr.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\AOL\AOL Toolbar 5.0\AolTbServer.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
.
**************************************************************************
.
Completion time: 2009-02-14 23:41:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 05:41:49
Pre-Run: 93,442,433,024 bytes free
Post-Run: 93,362,065,408 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
212 --- E O F --- 2009-02-12 04:25:43