ComboFix 08-08-21.02 - The Ginger Ninjar 2008-08-23 14:56:51.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1478 [GMT 12:00] Running from: C:\Documents and Settings\The Ginger Ninjar\Desktop\Geeks to go\ComboFix.exe Command switches used :: C:\Documents and Settings\The Ginger Ninjar\Desktop\Geeks to go\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP C:\WINDOWS\system32\gkdjrscf.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\epr1 . ((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))) . 2008-08-22 17:29 . 2008-08-22 17:29 1,198 --a------ C:\WINDOWS\_ISENV31.INI 2008-08-22 17:24 . 2008-08-22 17:24 d-------- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP 2008-08-18 21:00 . 2008-08-18 21:00 d-------- C:\Program Files\Trend Micro 2008-08-02 16:13 . 2008-08-02 16:13 d-------- C:\WINDOWS\system32\LogFiles 2008-07-31 17:27 . 2008-08-02 16:13 d-------- C:\Program Files\Spyware Doctor 2008-07-28 09:50 . 2008-08-23 14:56 d----c--- C:\Temp 2008-07-28 09:50 . 2008-07-28 09:50 d--hs---- C:\Documents and Settings\The Ginger Ninjar\! . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-22 21:17 --------- d-----w C:\Documents and Settings\The Ginger Ninjar\Application Data\OpenOffice.org2 2008-08-22 04:52 --------- dc----w C:\Documents and Settings\All Users\Application Data\WinZip 2008-08-22 04:46 --------- dc----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-15 01:16 --------- d-----r C:\Program Files\Common Files\Symantec Shared 2008-08-07 23:44 --------- d-----w C:\Program Files\Java 2008-08-07 23:40 --------- d-----w C:\Program Files\AviSynth 2.5 2008-08-07 23:29 --------- d-----w C:\Program Files\Google 2008-07-15 22:06 --------- d-----w C:\Program Files\iTunes 2008-07-15 22:06 --------- d-----w C:\Program Files\iPod 2008-07-15 22:05 --------- d-----w C:\Program Files\Bonjour 2008-07-12 04:09 --------- d-----w C:\Program Files\EA GAMES 2008-07-11 21:59 --------- d--h--r C:\Documents and Settings\The Ginger Ninjar\Application Data\SecuROM 2008-07-11 21:58 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-07-09 21:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-05 01:27 --------- d-----w C:\Program Files\Griffin Technology 2008-07-05 01:04 --------- d-----w C:\Program Files\Apple Software Update 2008-07-05 01:01 --------- d-----w C:\Program Files\QuickTime 2008-06-27 10:40 --------- d-----w C:\Program Files\World of Warcraft Trial 2008-01-20 05:37 1 ----a-w C:\Documents and Settings\The Ginger Ninjar\SI.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-20 09:32 36864] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 04:24 1694208] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 11:54 5674352] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 09:50 68856] "mRouterConfig"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 10:54 290816] "Steam"="c:\program files\valve\steam\steam.exe" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-13 13:20 59040] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-08-26 19:34 100056] "CreativeMouse "="C:\Program Files\Mouse Driver\MouseDrv.exe" [2004-06-27 13:54 503808] "PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-05-28 09:14 528384] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [BU] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [BU] "RTHDCPL"="RTHDCPL.EXE" [2005-09-13 15:15 14820864 C:\WINDOWS\RTHDCPL.EXE] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe] C:\Documents and Settings\The Ginger Ninjar\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 20:57:56 393216] PowerReg Scheduler.exe [2006-11-06 18:30:18 256000] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-12 16:35:06 124400] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-07-20 09:32:17 196608] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-06-29 19:55:18 450560] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-28 11:20:00 415072] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:world of warcraft "6112:TCP"= 6112:TCP:world of warcraft 2 "6881:TCP"= 6881:TCP:world of warcraft 3 "9721:TCP"= 9721:TCP:BitComet 9721 TCP "9721:UDP"= 9721:UDP:BitComet 9721 UDP "27421:TCP"= 27421:TCP:72.20.34.145 R0 si3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\drivers\si3112r.sys [2006-08-09 02:19] R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2006-08-09 02:19] R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2007-04-13 07:50] S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 22:54] S3 ruw;ruw;C:\Documents and Settings\The Ginger Ninjar\Desktop\Copy of Glider\ruw.sys [] S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-04-13 07:50] S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2007-04-13 07:50] S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2007-04-13 07:50] S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2007-04-13 07:50] S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2007-04-13 07:50] . Contents of the 'Scheduled Tasks' folder 2008-07-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-06-27 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - The Ginger Ninjar.job - C:\PROGRA~1\NORTON~1\Navw32.exe [2005-10-19 12:54] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 14:57:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-23 14:58:33 ComboFix-quarantined-files.txt 2008-08-23 02:58:19 ComboFix2.txt 2008-08-22 21:25:21 Pre-Run: 147,112,423,424 bytes free Post-Run: 147,106,512,896 bytes free 138 --- E O F --- 2007-12-02 09:02:55