ComboFix 08-04-24.1 - nickjill 2008-04-26 14:53:22.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1085 [GMT -4:00] Running from: C:\Users\nickjill\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))) . 2008-04-26 14:53 . 2008-04-26 14:53 6,736 --a------ C:\Windows\System32\drivers\PROCEXP90.SYS 2008-04-26 14:42 . 2008-04-26 14:42 d-------- C:\_OTMoveIt 2008-04-26 10:14 . 2008-04-26 10:14 d-------- C:\Deckard 2008-04-26 10:08 . 2008-04-26 10:08 d-------- C:\Program Files\Trend Micro 2008-04-24 22:15 . 2008-04-24 22:15 3,066 --a------ C:\Windows\System32\tmp.reg 2008-04-22 08:42 . 2008-04-22 08:42 d-------- C:\Program Files\Burn4Free 2008-04-22 08:42 . 2008-04-22 08:42 232,074 --a------ C:\Windows\Burn4Free_Toolbar_Uninstaller_2315.exe 2008-04-21 16:52 . 2008-04-21 16:52 d-------- C:\Program Files\MSXML 4.0 2008-04-21 16:52 . 2008-04-21 16:52 d-------- C:\Program Files\GameSpy Arcade 2008-04-21 14:02 . 2008-04-21 14:02 d-------- C:\Windows\System32\vso_loc 2008-04-21 12:54 . 2008-04-21 12:54 d-------- C:\Program Files\Free Create-Burn ISO Image 2008-04-21 12:54 . 2002-07-17 10:03 45,056 --a------ C:\Windows\System32\WNASPI32.DLL 2008-04-21 12:54 . 2002-07-17 08:53 16,877 --a------ C:\Windows\System32\drivers\ASPI32.SYS 2008-04-21 11:24 . 2008-04-21 16:08 d-------- C:\Users\nickjill\AppData\Roaming\LimeWire 2008-04-21 11:23 . 2008-04-21 11:23 d-------- C:\Program Files\LimeWire 2008-04-21 10:17 . 2008-02-29 03:11 988,216 --a------ C:\Windows\System32\winload.exe 2008-04-21 10:17 . 2008-02-29 03:11 927,288 --a------ C:\Windows\System32\winresume.exe 2008-04-21 10:17 . 2008-02-22 01:05 615,992 --a------ C:\Windows\System32\ci.dll 2008-04-21 10:17 . 2008-02-29 02:53 378,368 --a------ C:\Windows\System32\srcore.dll 2008-04-21 10:17 . 2008-02-29 00:12 318,464 --a------ C:\Windows\System32\rstrui.exe 2008-04-21 10:17 . 2008-02-29 02:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll 2008-04-21 10:17 . 2008-02-29 02:53 40,960 --a------ C:\Windows\System32\srclient.dll 2008-04-21 10:17 . 2008-02-29 03:14 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-04-21 10:17 . 2008-02-29 00:12 14,848 --a------ C:\Windows\System32\srdelayed.exe 2008-04-21 10:17 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-04-20 21:43 . 2008-04-22 09:22 d-------- C:\Users\All Users\DVD Shrink 2008-04-20 21:43 . 2008-04-22 09:22 d-------- C:\ProgramData\DVD Shrink 2008-04-20 21:43 . 2008-04-20 21:43 d-------- C:\Program Files\DVD Shrink 2008-04-20 21:42 . 2008-04-20 21:42 d-------- C:\Program Files\dvdshrink32setup 2008-04-20 21:30 . 2008-04-20 21:30 d-------- C:\Program Files\vso 2008-04-20 20:31 . 2008-04-20 20:32 d-------- C:\Program Files\DVD Decrypter 2008-04-20 19:26 . 2008-04-20 19:29 d-------- C:\DVD Temp 2008-04-20 18:18 . 2008-04-20 18:23 d-------- C:\Program Files\Roms 2008-04-16 18:20 . 2008-04-16 18:20 47,104 --a------ C:\Windows\System32\rpcnet.exe 2008-04-16 18:20 . 2008-04-26 10:55 47,104 --a------ C:\Windows\System32\rpcnet.dll 2008-04-14 16:28 . 2008-04-14 16:28 d-------- C:\Users\nickjill\AppData\Roaming\Move Networks 2008-04-14 10:03 . 2008-02-29 00:21 2,032,128 --a------ C:\Windows\System32\win32k.sys 2008-04-14 10:02 . 2008-02-21 22:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-04-14 10:02 . 2008-02-22 01:01 826,880 --a------ C:\Windows\System32\wininet.dll 2008-04-14 10:02 . 2008-02-22 00:57 295,936 --a------ C:\Windows\System32\gdi32.dll 2008-04-13 19:35 . 2008-04-13 19:35 d-------- C:\Users\nickjill\AppData\Roaming\SampleView 2008-04-13 16:29 . 2008-04-13 16:29 d-------- C:\Users\nickjill\AppData\Roaming\WildTangent 2008-04-13 16:19 . 2008-04-13 16:19 dr------- C:\Users\nickjill\Videos 2008-04-13 16:19 . 2008-04-13 16:19 dr------- C:\Users\nickjill\Searches 2008-04-13 16:19 . 2008-04-20 16:32 dr------- C:\Users\nickjill\Saved Games 2008-04-13 16:19 . 2008-04-22 08:48 dr------- C:\Users\nickjill\Pictures 2008-04-13 16:19 . 2008-04-23 20:26 dr------- C:\Users\nickjill\Music 2008-04-13 16:19 . 2008-04-13 16:19 dr------- C:\Users\nickjill\Links 2008-04-13 16:19 . 2008-04-22 08:41 dr------- C:\Users\nickjill\Downloads 2008-04-13 16:19 . 2008-04-21 16:54 dr------- C:\Users\nickjill\Documents 2008-04-13 16:19 . 2008-04-13 16:19 dr------- C:\Users\nickjill\Contacts 2008-04-13 16:19 . 2008-04-13 16:19 d-------- C:\Users\nickjill\AppData\Roaming\Symantec 2008-04-13 16:19 . 2006-11-02 08:37 d-------- C:\Users\nickjill\AppData\Roaming\Media Center Programs 2008-04-13 16:19 . 2008-04-13 16:19 d-------- C:\Users\nickjill\AppData\Roaming\ATI 2008-04-13 16:19 . 2008-04-13 16:19 d--h----- C:\Users\nickjill\AppData 2008-04-13 16:19 . 2008-04-13 16:19 d-------- C:\Users\nickjill 2008-04-13 16:19 . 2008-04-13 16:48 524,288 --ahs---- C:\Users\nickjill\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms 2008-04-13 16:19 . 2008-04-26 10:55 524,288 --ahs---- C:\Users\nickjill\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms 2008-04-13 16:19 . 2008-04-26 14:56 262,144 --ah----- C:\Users\nickjill\ntuser.dat.LOG1 2008-04-13 16:19 . 2008-04-26 10:55 65,536 --ahs---- C:\Users\nickjill\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf 2008-04-13 16:19 . 2008-04-13 16:19 0 --ah----- C:\Users\nickjill\ntuser.dat.LOG2 2008-04-13 16:15 . 2008-04-13 16:15 dr------- C:\Windows\System32\config\systemprofile\Contacts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-26 17:09 --------- d-----w C:\Program Files\Google 2008-04-26 17:07 --------- d-----w C:\ProgramData\Symantec 2008-04-26 14:55 17,408 ----a-w C:\Windows\System32\rpcnetp.exe 2008-04-24 00:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-24 00:25 --------- d-----w C:\ProgramData\Napster 2008-04-21 20:46 --------- d-----w C:\Program Files\Microsoft Games 2008-04-16 22:18 17,408 ----a-w C:\Windows\System32\rpcnetp.dll 2008-04-16 22:17 --------- d-----w C:\Program Files\Norton Internet Security 2008-04-16 22:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-16 22:16 --------- d-----w C:\Program Files\Windows Mail 2008-04-16 22:13 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-04-16 22:13 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-04-16 22:13 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-04-16 22:13 --------- d-----w C:\Program Files\Symantec 2008-04-16 22:09 --------- d-----w C:\Program Files\Java 2008-04-14 12:14 --------- d-----w C:\ProgramData\WildTangent 2008-04-13 20:15 --------- d-sh--w C:\ProgramData\Templates 2008-04-13 20:15 --------- d-sh--w C:\ProgramData\Start Menu 2008-04-13 20:15 --------- d-sh--w C:\ProgramData\Favorites 2008-04-13 20:15 --------- d-sh--w C:\ProgramData\Documents 2008-04-13 20:15 --------- d-sh--w C:\ProgramData\Desktop 2008-04-13 20:15 --------- d-sh--w C:\ProgramData\Application Data 2008-03-10 16:23 223,744 ----a-w C:\Windows\System32\b4fm.dll 2008-03-07 01:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-03-07 01:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-03-07 01:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat 2008-02-28 10:18 --------- d-----w C:\ProgramData\ATI 2008-02-28 10:16 --------- d-----w C:\Program Files\Gateway Games 2008-02-28 10:12 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-28 10:11 --------- d-----w C:\Program Files\Microsoft Money 2007 2008-02-28 10:08 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} 2008-02-28 10:08 --------- d-----w C:\Program Files\NetZero 2008-02-28 10:08 --------- d-----w C:\Program Files\MSN Messenger 2008-02-28 10:08 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites 2008-02-28 10:08 --------- d-----w C:\Program Files\Acceller 2008-02-28 10:07 --------- d-----w C:\Program Files\Common Files\Java 2008-02-28 10:06 0 ----a-w C:\Windows\system32\drivers\Gateway_M-1625_Rev.1_T000000000000.MRK 2008-02-28 10:06 --------- d-----w C:\ProgramData\Microsoft Help 2008-02-28 10:05 --------- d-----w C:\Program Files\Microsoft.NET 2008-02-28 10:03 --------- d-----w C:\Program Files\BigFix 2008-02-28 10:02 --------- d-----w C:\Program Files\CyberLink 2008-02-28 10:01 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-28 09:59 --------- d-----w C:\Program Files\Microsoft Works 2008-02-28 09:58 --------- d-----w C:\Program Files\eBay 2008-02-28 09:58 --------- d-----w C:\Program Files\AOL 9.0 2008-02-28 09:57 --------- d-----w C:\Program Files\ATI Technologies 2008-02-28 09:54 --------- d-----w C:\Program Files\ATI 2008-02-28 09:53 --------- d-----w C:\Program Files\Camera Assistant Software for Gateway 2008-02-28 09:52 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf 2008-02-28 09:52 --------- d-----w C:\Program Files\Synaptics 2008-02-28 09:51 --------- d-----w C:\Program Files\REALTEK USB Wireless LAN Driver 2008-02-28 09:49 --------- d-----w C:\Program Files\Realtek 2008-02-28 09:48 --------- d-----w C:\Program Files\Sigmatel 2008-02-28 09:48 --------- d-----w C:\Program Files\IDT 2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-24 07:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-04-14 10:26 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 07:51 316784] [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 07:51 316784] [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 22:23 2153472 C:\Windows\System32\oobefldr.dll] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-20 22:25 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-20 22:23 1008184] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048] "SigmatelSysTrayApp"="sttray.exe" [2007-09-06 22:23 405504 C:\Windows\sttray.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 05:38 865840] "Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 18:09 638976] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 16:35 90112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 02:16 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NapsterShell"="C:\Program Files\Napster\napster.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1E432C92-2363-423D-8264-575CA0644799}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{969E836B-F3A1-45ED-9D67-99D54B2AC06B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{2B8B97B7-6A5A-4EC9-AFE2-3C0CD62C3A8E}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{20A3E064-D4C9-42CD-9D78-FA54F1B69140}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{6BBBFF83-1C66-40FB-BFFB-50730C1FF749}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-29 22:23] R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080425.001\IDSvix86.sys [2008-03-20 16:37] R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-11-09 10:09] R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-07-18 04:40] R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-09-27 21:33] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 00:50] R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S.SYS [2007-05-23 21:37] S3 GameConsoleService;GameConsoleService;"C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe" [2007-08-29 17:58] S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 03:30] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 03:30] S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 22:23] S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 22:23] *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-04-14 14:45:01 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - nickjill.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK: . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-26 14:56:41 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-26 14:57:33 ComboFix-quarantined-files.txt 2008-04-26 18:57:29 Pre-Run: 196,749,959,168 bytes free Post-Run: 196,785,471,488 bytes free 228 --- E O F --- 2008-04-24 00:15:37