ComboFix 07-07-30.2 - "Owner" 2007-07-31 15:28:31.1 [GMT -6:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))
2007-07-31 15:27 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-31 10:22 <DIR> d-------- C:\WINDOWS\LastGood
2007-07-31 06:48 <DIR> d-------- C:\Program Files\AOL 9.0
2007-07-30 06:56 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2007-07-30 06:56 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Sammsoft
2007-07-27 05:23 <DIR> d-------- C:\temp
2007-07-26 22:13 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-07-26 15:16 <DIR> d-------- C:\Program Files\SPYWAREfighter
2007-07-26 15:16 <DIR> d-------- C:\Program Files\Common Files\Application
2007-07-26 13:09 8,576 --a------ C:\WINDOWS\system32\drivers\smeefpwqbeoj.sys
2007-07-26 13:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-26 12:07 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-07-26 11:36 <DIR> d-------- C:\WINDOWS\system32\DRM
2007-07-26 11:02 72,296 --a------ C:\WINDOWS\system32\drivers\MfeAVFK.sys
2007-07-26 11:02 52,200 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-07-26 11:02 34,184 --a------ C:\WINDOWS\system32\drivers\MfeBOPK.sys
2007-07-26 11:02 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-07-26 09:47 <DIR> d-------- C:\Program Files\Common Files\Java(3)
2007-07-26 09:19 <DIR> d-------- C:\Program Files\Common Files\Java(2)
2007-07-26 05:54 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-07-26 05:53 <DIR> d-------- C:\Program Files\Webroot
2007-07-26 05:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Webroot
2007-07-26 05:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-26 05:50 164 --a------ C:\install.dat
2007-07-26 05:26 <DIR> d-------- C:\Program Files\Windows Defender
2007-07-23 07:03 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-07-23 07:03 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-07-23 06:49 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Sunbelt Software
2007-06-29 17:33 <DIR> d-------- C:\Program Files\Lexia Learning Systems
2007-06-24 21:42 <DIR> d-------- C:\pra
2007-06-12 23:41 <DIR> d-------- C:\WINDOWS\system32\ActionDump
2007-06-10 11:41 1,048,576 --ah----- C:\DOCUME~1\MCAFEE~1\ntuser.dat
2007-06-10 11:41 <DIR> d-------- C:\DOCUME~1\MCAFEE~1\WINDOWS
2007-06-10 11:41 <DIR> d-------- C:\DOCUME~1\MCAFEE~1\APPLIC~1\Symantec
2007-06-10 11:41 <DIR> d-------- C:\DOCUME~1\MCAFEE~1\APPLIC~1\Sonic
2007-06-10 11:41 <DIR> d-------- C:\DOCUME~1\MCAFEE~1\APPLIC~1\SampleView
2007-06-10 11:41 <DIR> d-------- C:\DOCUME~1\MCAFEE~1\APPLIC~1\Real
2007-06-10 11:41 <DIR> d-------- C:\DOCUME~1\MCAFEE~1\APPLIC~1\interMute
2007-06-08 11:52 947,096 --a------ C:\WINDOWS\system32\_ISource30.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-31 06:50 --------- d-------- C:\Program Files\Common Files\aolshare
2007-07-31 06:49 --------- d-------- C:\Program Files\Common Files\AOL
2007-07-26 15:14 --------- d-------- C:\Program Files\AOL Deskbar
2007-07-26 15:12 --------- d-------- C:\Program Files\QuickTime
2007-07-26 15:12 --------- d-------- C:\Program Files\Messenger
2007-07-26 15:12 --------- d-------- C:\Program Files\America Online 9.0
2007-07-26 15:11 --------- d-------- C:\Program Files\Cookie Washer
2007-07-26 15:11 --------- d-------- C:\Program Files\Common Files\Scanner
2007-07-18 10:15 --------- d-------- C:\Program Files\Avery Wizard 3.0
2007-06-01 08:18 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-01 08:13 --------- d-------- C:\Program Files\Winamp
2007-06-01 08:12 --------- d-------- C:\Program Files\Mindscape
2007-05-16 09:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-14 00:33 1648 --a------ C:\WINDOWS\system32\d3d8caps.dat
2006-09-15 09:05 442408 --a--c--- C:\Program Files\msgr8us.exe
2006-09-14 23:46 533912 --a--c--- C:\Program Files\psa30se_a708_DLM_en_us.exe
2006-09-14 23:46 1066512 --a--c--- C:\Program Files\AgentPhoneSetupV2d.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 08:23]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 06:07]
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 C:\WINDOWS\system32\VTTimer.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1158330529\ee\AOLSoftware.exe" [2006-09-25 18:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 06:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-15 08:30]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-07-20 21:38]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-02-03 18:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 14:03]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 17:54]
"MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" [2007-03-06 17:25]
"McAfee Managed Services Tray"="C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" [2007-05-18 04:03]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 16:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"NVIEW"="nview.dll,nViewLoadHook" []
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2004-05-07 17:53]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 10:24]
"ccWasher"="C:\Program Files\Cookie Washer\aolwasher.exe" [2001-08-16 11:34]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\ARO.exe" [2007-07-23 09:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce]
"washindex"=C:\Program Files\Cookie Washer\washidx.exe "Owner"
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [1998-06-06 09:33:30]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 07:35:01]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-10-11 06:42:56]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 09:20:40]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 05:49:48]
Reminders.lnk - C:\Program Files\Broderbund\AG Spirit\AGremind.exe [2006-10-01 17:26:24]
R0 fasttx2k;fasttx2k;C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe /ServiceStart
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
R3 USB_RNDIS;USB Remote NDIS Network Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
S3 Dot4 HPH11;Dot4 HPH11;C:\WINDOWS\system32\DRIVERS\hphid411.sys
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11;C:\WINDOWS\system32\DRIVERS\hphipr11.sys
S3 Dot4Usb HPH11;Dot4Usb HPH11;C:\WINDOWS\system32\drivers\hphius11.sys
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 VVBETHERNET;Actiontec Gateway Service;C:\WINDOWS\system32\DRIVERS\vvbEth.sys
S3 vvbususb;Actiontec Gateway USB Service;C:\WINDOWS\system32\drivers\vvbususb.sys
S4 spcstb;spcstb;C:\WINDOWS\system32\DRIVERS\spcstb.sys
Contents of the 'Scheduled Tasks' folder
2007-07-27 07:58:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-31 15:31:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-07-31 15:33:52
Thank you
Sign In
Create Account
