ComboFix 09-02-27.02 - Ian Grant 2009-02-28 16:22:12.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1022.524 [GMT 0:00]
Running from: c:\users\Ian Grant\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
.
((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.
2009-02-28 13:55 . 2009-02-28 13:55
d-------- c:\users\All Users\McAfee
2009-02-28 13:55 . 2009-02-28 13:55 d-------- c:\programdata\McAfee
2009-02-25 21:48 . 2009-02-25 21:58 d-------- c:\users\All Users\avg8
2009-02-25 21:48 . 2009-02-25 21:58 d-------- c:\programdata\avg8
2009-02-25 21:48 . 2009-02-25 21:48 d-------- c:\program files\AVG
2009-02-14 13:44 . 2009-02-14 13:44 d-------- c:\program files\Mob Wars Toolbar
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 14:05 --------- d-----w c:\program files\Norton 360
2009-02-22 19:46 --------- d-----w c:\users\Ian Grant\AppData\Roaming\Skype
2009-01-20 12:07 --------- d-----w c:\program files\Google
2009-01-18 21:53 --------- d-----w c:\program files\MouseHunt Toolbar
2009-01-06 21:04 12,000 ----a-w c:\users\Ian Grant\AppData\Roaming\wklnhst.dat
2008-02-19 12:59 1,196 ----a-w c:\users\Mike\AppData\Roaming\wklnhst.dat
2007-11-03 09:06 174 --sha-w c:\program files\desktop.ini
2007-04-23 14:21 269,824 ----a-w c:\windows\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 14:19 227,328 ----a-w c:\windows\inf\WG111v3\WG111v3.sys
2007-04-23 14:19 227,328 ----a-w c:\windows\inf\WG111v3\Vista\wg111v3.sys
2006-12-15 11:30 98,304 ----a-w c:\windows\inf\WG111v3\UScanM.exe
2006-12-15 11:30 315,392 ----a-w c:\windows\inf\WG111v3\InstallDriver.exe
2006-12-15 11:30 28,672 ----a-w c:\windows\inf\WG111v3\SetDrv.exe
2006-12-15 11:30 212,992 ----a-w c:\windows\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 11:30 20,480 ----a-w c:\windows\inf\WG111v3\RTWUPath.exe
2006-12-15 11:30 19,968 ----a-w c:\windows\inf\WG111v3\RTWREFU.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-10-13 20058152]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 65536]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-06-19 262144]
"snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 151552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-03-12 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-12 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-12 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]
c:\users\Ian Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-08-18 21504]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2007-11-02 1261568]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2006-05-29 1708032]
Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2007-11-10 1175552]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{43EB5C32-1AE1-4DF5-AE6C-90BE780C0A95}"= UDP:c:\program files\EliteSwitch\EliteSwitch.exe:EliteSwitch
"{36EE4D00-6E2D-4149-A65C-13741B16A858}"= TCP:c:\program files\EliteSwitch\EliteSwitch.exe:EliteSwitch
"TCP Query User{4EEE9B58-8AE6-443E-BF92-4B16E5FBB8E7}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{B235ADE1-DC38-40BD-AF26-D9CEBC9432A9}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"{27D0D1DD-6C5A-4B9E-8A28-69B8BECC7147}"= UDP:c:\programdata\SwiftSwitch\SwiftSwitch.exe:SwiftSwitch
"{47F8FB45-DDAA-449F-BD1B-16B86EF1B5D8}"= TCP:c:\programdata\SwiftSwitch\SwiftSwitch.exe:SwiftSwitch
"{B8C4BEBF-F19D-454D-9314-EA9F06353DD1}"= UDP:c:\users\Mike\Favorites\LimeWire\LimeWire.exe:LimeWire
"{3E68C87A-9772-4F81-B903-64C763877CBE}"= TCP:c:\users\Mike\Favorites\LimeWire\LimeWire.exe:LimeWire
"{6B44AD3C-4293-4A02-AAD7-47DAF53CEB05}"= UDP:c:\users\Mike\AppData\Local\Microsoft\Messenger\keirly69@hotmail.com\Sharing Folders\LimeWire\LimeWire.exe:LimeWire
"{1A2BC451-4AF5-490D-B6CB-4E437AAA50CD}"= TCP:c:\users\Mike\AppData\Local\Microsoft\Messenger\keirly69@hotmail.com\Sharing Folders\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\System32\drivers\SCMNdisP.sys [2007-11-02 21728]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071107.001\IDSvix86.sys [2007-11-09 180272]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 SCM_Service;SCM_Service;c:\windows\System32\WinService.exe [2007-11-02 180224]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v3.sys [2007-11-02 227328]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2007-01-09 38200]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [2006-05-10 29696]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25367ac5-4551-11dd-8405-001a920f7c89}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-02-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2009-02-28 c:\windows\Tasks\User_Feed_Synchronization-{2073179D-009F-4720-9B4D-D66D3475E175}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
2009-02-28 c:\windows\Tasks\User_Feed_Synchronization-{36E15CB4-9428-4BFA-87E7-C487CCE1DD12}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.runescape.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=Presario&pf=desktop
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
Trusted Zone: avg.com\free
Trusted Zone: swiftkit.net\www
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 16:25:09
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-02-28 16:27:08
ComboFix-quarantined-files.txt 2009-02-28 16:27:05
Pre-Run: 103,302,483,968 bytes free
Post-Run: 104,704,307,200 bytes free
152 --- E O F --- 2007-12-19 17:53:54