ComboFix 08-03-17.1 - Compaq_Owner 2008-03-19 16:29:38.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.
2008-03-19 16:22 . 2008-03-19 16:22
d-------- C:\Program Files\ERUNT
2008-03-19 00:25 . 2008-03-19 00:25 d-------- C:\_OTMoveIt
2008-03-16 14:49 . 2008-03-16 14:49 d-------- C:\Program Files\zango
2008-03-16 12:39 . 2008-03-16 13:14 d-------- C:\Program Files\180search assistant
2008-03-16 11:54 . 2008-03-16 14:49 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-16 11:52 . 2008-03-19 00:23 d-------- C:\Program Files\Bat
2008-03-16 11:51 . 2008-03-16 11:51 90,544 --a------ C:\WINDOWS\system32\mgmrwmrv.exe
2008-03-16 11:51 . 2008-03-16 11:51 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-08 19:16 . 2008-03-08 19:17 d-------- C:\Program Files\Macrogaming
2008-02-24 09:32 . 2008-02-24 09:32 401 --a------ C:\WINDOWS\system32\L5342.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-18 17:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-15 21:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-06 01:48 --------- d-----w C:\Program Files\MSN Games
2008-03-02 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-02-25 21:25 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\iWin
2008-02-24 03:11 --------- d-----w C:\Program Files\AIM6
2008-02-24 03:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-24 03:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-24 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-23 02:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2008-02-23 00:13 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Wildfire
2008-02-09 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-02-09 00:43 --------- d-----w C:\Program Files\Hidden Expedition Titanic
2008-02-07 13:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 12:52 --------- d-----w C:\Program Files\EA GAMES
2008-02-07 12:48 --------- d-----w C:\Program Files\Nick Arcade
2008-02-07 12:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-01 15:12 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\PlayFirst
2008-02-01 15:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-28 23:18 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Oberon Games
2008-01-20 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-01-20 00:11 --------- d-----w C:\Program Files\KODAK
2008-01-20 00:10 --------- d-----w C:\Program Files\Common Files\KODAK
2007-03-04 19:39 75,191,600 ----a-w C:\Program Files\MCF_Ravenhearst-setup.exe
2005-03-23 03:37 10,311 ----a-w C:\Program Files\uninstal.log
2002-09-11 14:26 63,730 ----a-w C:\Program Files\viewsonicinstruct_xp.pdf
2001-09-20 05:01 3,619,770 ----a-w C:\Program Files\BFR-IT.exe
2001-09-20 04:35 6,598 ----a-w C:\Program Files\readme.txt
.
((((((((((((((((((((((((((((( snapshot@2008-03-16_15.10.28.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 16:02:28 163,328 ----a-w C:\WINDOWS\erdnt\3-19-2008\ERDNT.EXE
+ 2008-03-19 20:24:33 6,909,952 ----a-w C:\WINDOWS\erdnt\3-19-2008\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-03-19 20:24:33 151,552 ----a-w C:\WINDOWS\erdnt\3-19-2008\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-03-16 16:06:48 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-16 19:12:18 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-16 16:06:49 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-16 19:12:18 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"Yahoo! Pager"="~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"BellesBeautyBoutiqueSetup.exe"="C:\DOWNLO~1\BELLES~1.exe" [ ]
"Aim6"="~C:\Program Files\AIM6\aim6.exe" [ ]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59 224248]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 09:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 23:13 98304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"CmUsbSound"="cmcnfgu.cpl" []
"C-Media Mixer"="Mixer.exe" [2002-01-28 04:16 1228800 C:\WINDOWS\mixer.exe]
"PLNRNote"="C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe" [2004-11-23 08:24 30720]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 22:22 26248]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59 224248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-01 00:04:27 113664]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe [2004-08-09 04:59:58 16423]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-04-06 01:37:38 147456]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Red Storm Entertainment\\RavenShield\\system\\RavenShield.exe"=
"C:\\Program Files\\ubi.com\\Core\\GS4.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys [2004-08-18 03:26]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 00:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Compaq_Owner.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 16:34:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-19 16:35:28
ComboFix-quarantined-files.txt 2008-03-19 20:35:08
ComboFix2.txt 2008-03-18 01:21:22
ComboFix3.txt 2008-03-16 19:11:03
.
2008-03-12 07:02:07 --- E O F ---