combofix log
ComboFix 08-05-21.3 - rex 2008-05-22 13:50:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.576 [GMT -4:00]
Running from: C:\Documents and Settings\rex\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\rex\Application Data\.#
C:\WINDOWS\system32\Egjlknpo.ini
C:\WINDOWS\system32\Egjlknpo.ini2
C:\WINDOWS\system32\opnkljgE.dll
C:\WINDOWS\system32\opnnllIX.dll
C:\WINDOWS\system32\winmxw32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.
2008-05-22 06:26 . 2008-05-22 06:26 114,688 --a------ C:\WINDOWS\system32\gfbljjbl.dll
2008-05-22 06:26 . 2008-05-22 06:26 106,496 --a------ C:\WINDOWS\system32\eetsxbib.exe
2008-05-22 06:26 . 2008-05-22 06:26 19,456 --a------ C:\WINDOWS\system32\drvced.dll
2008-05-21 14:43 . 2008-05-21 14:43 <DIR> d-------- C:\Documents and Settings\rex\Application Data\Malwarebytes
2008-05-21 14:42 . 2008-05-21 14:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-21 14:42 . 2008-05-21 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-21 14:42 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-21 14:42 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-21 07:42 . 2008-05-21 07:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-20 16:14 . 2008-05-20 16:14 19,456 --a------ C:\WINDOWS\system32\drvzup.dll
2008-05-20 16:07 . 2008-05-20 16:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-20 16:07 . 2008-05-20 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-19 18:52 . 2008-05-19 18:52 126,976 --a------ C:\WINDOWS\system32\pcyextrp.dll
2008-05-19 18:52 . 2008-05-19 18:52 17,920 --a------ C:\WINDOWS\system32\drvjip.dll
2008-05-19 17:05 . 2008-05-19 17:05 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-19 17:05 . 2008-05-19 17:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 17:05 . 2008-05-19 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-18 06:32 . 2008-05-18 06:48 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-17 21:24 . 2008-05-17 21:24 131,072 --a------ C:\WINDOWS\system32\lxsbubdd.dll
2008-05-17 21:24 . 2008-05-17 21:24 17,920 --a------ C:\WINDOWS\system32\drvcul.dll
2008-05-17 21:24 . 2008-05-22 06:26 145 --a------ C:\WINDOWS\system32\winver.bat
2008-05-17 20:54 . 2008-05-17 20:54 <DIR> d-------- C:\Program Files\Media5 Software
2008-05-17 20:30 . 2008-05-17 21:02 <DIR> d-------- C:\Documents and Settings\rex\Application Data\Apple Computer
2008-05-17 20:30 . 2008-05-18 18:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-17 20:30 . 2008-05-17 20:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-17 20:28 . 2008-05-17 20:29 <DIR> d-------- C:\Program Files\QuickTime
2008-05-17 20:28 . 2008-05-17 20:28 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-17 20:28 . 2008-05-17 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-17 20:27 . 2008-05-17 20:27 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-17 20:27 . 2008-05-17 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-17 17:26 . 2008-05-17 17:26 17,920 --a------ C:\WINDOWS\system32\drvpon.dll
2008-05-17 13:26 . 2008-05-17 13:57 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-17 13:07 . 2008-05-17 13:07 17,920 --a------ C:\WINDOWS\system32\drvxic.dll
2008-05-17 12:42 . 2008-05-21 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-17 10:47 . 2008-05-17 10:47 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-05-17 07:15 . 2008-05-17 07:15 17,920 --a------ C:\WINDOWS\system32\drvtiz.dll
2008-05-16 20:43 . 2008-05-16 20:43 26,624 --a------ C:\WINDOWS\system32\winmqx32.dll
2008-05-16 20:33 . 2005-09-01 11:03 127,488 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2008-05-16 20:33 . 2005-09-01 11:03 5,888 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-05-16 20:11 . 2008-05-16 20:12 <DIR> d-------- C:\Program Files\InterActual
2008-05-16 19:41 . 2008-05-16 19:41 0 --a------ C:\WINDOWS\iplayer.INI
2008-05-14 15:32 . 2008-05-14 15:32 672,259 -ra------ C:\My Money3 Backup_2008-05-14_153231.mbf
2008-05-14 08:23 . 2008-05-14 08:23 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-05-14 07:30 . 2008-05-19 17:40 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-13 14:06 . 2007-06-08 01:10 876,544 --a------ C:\WINDOWS\system32\TEACico2.dll
2008-05-13 12:37 . 2008-05-13 12:37 <DIR> d-------- C:\Intel
2008-05-13 11:03 . 2008-05-13 11:03 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-13 11:03 . 2008-05-13 11:03 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-13 11:03 . 2008-05-13 11:03 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-13 11:03 . 2008-05-13 11:03 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-13 10:04 . 2008-04-13 20:11 650,752 --a------ C:\WINDOWS\system32\dot3ui.dll
2008-05-13 07:09 . 2008-05-13 07:09 29,758 --------- C:\IMG_0948.avi
2008-05-12 09:22 . 2008-05-12 09:22 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-12 09:22 . 2004-08-04 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-12 09:20 . 2008-05-12 09:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-12 09:20 . 2008-05-12 09:21 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-12 08:40 . 2006-02-09 20:05 71,368 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-05-12 08:40 . 2006-02-09 20:05 360 --a------ C:\WINDOWS\system32\drivers\StMp3Recnt.cat
2008-05-12 06:10 . 2008-05-12 06:10 <DIR> d-------- C:\Program Files\MP3 Player Utilities 5.10
2008-04-28 07:31 . 2008-04-28 07:31 665,072 -r------- C:\My Money3 Backup_2008-04-28_073138.mbf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-05-19 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-05-17 01:02 --------- d-----w C:\Program Files\CyberLink
2008-05-17 00:32 --------- d-----w C:\Program Files\Ahead
2008-05-14 12:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-05-14 12:23 --------- d-----w C:\Program Files\Dell Support Center
2008-05-13 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-05-13 18:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 22:49 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-04-19 12:10 --------- d-----w C:\Program Files\Opera
2008-04-19 12:10 --------- d-----w C:\Program Files\MyKidsBrowser
2008-04-19 11:56 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-04-16 00:58 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 00:12 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 3,901 ----a-w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 11,325 ----a-w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:46 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 37,888 ----a-w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ----a-w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ----a-w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ----a-w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ----a-w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43 14,208 ----a-w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43 12,672 ----a-w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 22:05 344064]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 04:58 65536]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13 988584]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 06:43 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-04-17 14:51 1870592]
"Advanced WindowsCare V2 Personal"="C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" [2008-04-17 09:33 2669336]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 339968 C:\WINDOWS\stsystra.exe]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 12:44 202544]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [ ]
"MSDisp32"="C:\WINDOWS\system32\drvced.dll" [2008-05-22 06:26 19456]
"eetsxbib"="C:\WINDOWS\system32\eetsxbib.exe" [2008-05-22 06:26 106496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01 437160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"SqeuGSf9RS"= C:\WINDOWS\system32\winver.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)
"rightsTest"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--------- 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--------- 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-03-11 12:44 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2008-03-11 12:44 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
--------- 2008-04-08 17:52 652528 C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-03-11 12:44]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-20 01:48:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-22 17:49:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-11 12:00:00 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.ex
- C:\Program Files\IObit\IObit SmartDefrag\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-22 13:54:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\C:\PROGRA~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\C:\PROGRA~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Ahead\ODD Toolkit\DVDCheck.exe
.
**************************************************************************
.
Completion time: 2008-05-22 13:56:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-22 17:56:03
Pre-Run: 139,790,745,600 bytes free
Post-Run: 139,699,179,520 bytes free
299 --- E O F --- 2008-05-20 21:34:44
