ComboFix 08-08-21.02 - The Ginger Ninjar 2008-08-23 9:11:01.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1660 [GMT 12:00] Running from: C:\Documents and Settings\The Ginger Ninjar\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\The Ginger Ninjar\Application Data\macromedia\Flash Player\#SharedObjects\9CPPNWMP\iforex.com C:\Documents and Settings\The Ginger Ninjar\Application Data\macromedia\Flash Player\#SharedObjects\9CPPNWMP\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\The Ginger Ninjar\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\The Ginger Ninjar\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\Documents and Settings\The Ginger Ninjar\Desktop\Movies\Pulp Fiction\Desktop_.ini C:\Documents and Settings\The Ginger Ninjar\Desktop\Movies\Shaun of the Dead\Desktop_.ini C:\Program Files\outlook C:\Program Files\outlook\p.zip C:\WINDOWS\BM8b0f0e53.txt C:\WINDOWS\keyboard1.dat C:\WINDOWS\pskt.ini C:\WINDOWS\system32\__c0011224.dat C:\WINDOWS\system32\cmd.com C:\WINDOWS\system32\dao350.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\netstat.com C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\ping.com C:\WINDOWS\system32\taskkill.com C:\WINDOWS\system32\tasklist.com C:\WINDOWS\system32\tracert.com . ((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))) . 2008-08-22 17:29 . 2008-08-22 17:29 1,198 --a------ C:\WINDOWS\_ISENV31.INI 2008-08-22 17:24 . 2008-08-22 17:24 d-------- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP 2008-08-18 21:00 . 2008-08-18 21:00 d-------- C:\Program Files\Trend Micro 2008-08-02 16:13 . 2008-08-02 16:13 d-------- C:\WINDOWS\system32\LogFiles 2008-07-31 17:27 . 2008-08-02 16:13 d-------- C:\Program Files\Spyware Doctor 2008-07-28 09:50 . 2008-07-28 09:50 d----c--- C:\Temp\epr1 2008-07-28 09:50 . 2008-07-28 09:50 d----c--- C:\Temp 2008-07-28 09:50 . 2008-07-28 09:50 d--hs---- C:\Documents and Settings\The Ginger Ninjar\! . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-22 04:52 --------- dc----w C:\Documents and Settings\All Users\Application Data\WinZip 2008-08-22 04:46 --------- dc----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-15 01:16 --------- d-----r C:\Program Files\Common Files\Symantec Shared 2008-08-07 23:44 --------- d-----w C:\Program Files\Java 2008-08-07 23:40 --------- d-----w C:\Program Files\AviSynth 2.5 2008-08-07 23:34 --------- d-----w C:\Documents and Settings\The Ginger Ninjar\Application Data\OpenOffice.org2 2008-08-07 23:29 --------- d-----w C:\Program Files\Google 2008-07-15 22:06 --------- d-----w C:\Program Files\iTunes 2008-07-15 22:06 --------- d-----w C:\Program Files\iPod 2008-07-15 22:05 --------- d-----w C:\Program Files\Bonjour 2008-07-12 04:09 --------- d-----w C:\Program Files\EA GAMES 2008-07-11 21:59 --------- d--h--r C:\Documents and Settings\The Ginger Ninjar\Application Data\SecuROM 2008-07-09 21:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-05 01:27 --------- d-----w C:\Program Files\Griffin Technology 2008-07-05 01:04 --------- d-----w C:\Program Files\Apple Software Update 2008-07-05 01:01 --------- d-----w C:\Program Files\QuickTime 2008-06-27 10:40 --------- d-----w C:\Program Files\World of Warcraft Trial 2008-06-22 05:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-20 05:37 1 ----a-w C:\Documents and Settings\The Ginger Ninjar\SI.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-20 09:32 36864] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 04:24 1694208] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 11:54 5674352] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 09:50 68856] "mRouterConfig"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 10:54 290816] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 10:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-13 13:20 59040] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-08-26 19:34 100056] "CreativeMouse "="C:\Program Files\Mouse Driver\MouseDrv.exe" [2004-06-27 13:54 503808] "PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-05-28 09:14 528384] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "RTHDCPL"="RTHDCPL.EXE" [2005-09-13 15:15 14820864 C:\WINDOWS\RTHDCPL.EXE] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe] "Alcmtr"="ALCMTR.EXE" [2005-09-13 15:15 69632 C:\WINDOWS\ALCMTR.EXE] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-12 16:35:06 124400] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-07-20 09:32:17 196608] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-06-29 19:55:18 450560] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-28 11:20:00 415072] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:world of warcraft "6112:TCP"= 6112:TCP:world of warcraft 2 "6881:TCP"= 6881:TCP:world of warcraft 3 "9721:TCP"= 9721:TCP:BitComet 9721 TCP "9721:UDP"= 9721:UDP:BitComet 9721 UDP "27421:TCP"= 27421:TCP:72.20.34.145 R0 si3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\drivers\si3112r.sys [2006-08-09 02:19] R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2006-08-09 02:19] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2007-04-13 07:50] S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 22:54] S3 ruw;ruw;C:\Documents and Settings\The Ginger Ninjar\Desktop\Copy of Glider\ruw.sys [] S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-04-13 07:50] S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2007-04-13 07:50] S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2007-04-13 07:50] S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2007-04-13 07:50] S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2007-04-13 07:50] . Contents of the 'Scheduled Tasks' folder 2008-07-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-06-27 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - The Ginger Ninjar.job - C:\PROGRA~1\NORTON~1\Navw32.exe [2005-10-19 12:54] . - - - - ORPHANS REMOVED - - - - BHO-{1F470E08-F063-42B2-B7C1-C2BD7D5CAC07} - C:\WINDOWS\system32\iifdcDur.dll BHO-{52C6D67C-68A7-443B-89A1-FA9B5EBEB4F0} - (no file) HKCU-Run-Steam - c:\program files\valve\steam\steam.exe HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe HKLM-Run-DAEMON Tools-1033 - C:\Program Files\D-Tools\daemon.exe HKLM-Run-BM8b0f0e53 - C:\WINDOWS\system32\gkdjrscf.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.co.nz/ R0 -: HKCU-Main,Search Page = hxxp://www.google.com R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie R1 -: HKCU-Internet Settings,ProxyOverride = *.local R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie O8 -: &Search - ?p=ZN O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.70\AMVConverter\grab.html O8 -: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.70\MediaManager\grab.html O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 -: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?ac80051d8d694e2a9415a0e31dd56a1d O8 -: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?ac80051d8d694e2a9415a0e31dd56a1d O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\The Ginger Ninjar\Start Menu\Programs\IMVU\Run IMVU.lnk O16 -: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} O16 -: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} O16 -: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} O16 -: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 09:15:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.bin C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Completion time: 2008-08-23 9:25:20 - machine was rebooted [The Ginger Ninjar] ComboFix-quarantined-files.txt 2008-08-22 21:25:17 Pre-Run: 147,239,657,472 bytes free Post-Run: 147,211,526,144 bytes free 209 --- E O F --- 2007-12-02 09:02:55