ComboFix 09-05-17.05 - TEST 05/18/2009 8:00.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2045.1245 [GMT -5:00]
Running from: c:\users\TEST\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.
2009-05-18 03:16 . 2008-12-11 13:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-18 03:16 . 2009-04-03 16:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-18 03:16 . 2008-12-18 17:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-18 03:16 . 2008-12-10 16:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-18 02:44 . 2009-05-18 03:19 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-18 02:44 . 2008-06-02 20:19 29576 ----a-w c:\windows\system32\drivers\kcom.sys
2009-05-18 02:44 . 2008-06-02 20:19 42376 ----a-w c:\windows\system32\drivers\ikfilesec.sys
2009-05-18 02:44 . 2008-06-11 02:22 81288 ----a-w c:\windows\system32\drivers\iksyssec.sys
2009-05-18 02:44 . 2008-06-02 20:19 66952 ----a-w c:\windows\system32\drivers\iksysflt.sys
2009-05-18 02:43 . 2009-05-18 03:18 -------- d-----w c:\program files\Spyware Doctor
2009-05-18 02:43 . 2009-05-18 02:43 -------- d-----w c:\users\TEST\AppData\Roaming\PC Tools
2009-05-18 02:43 . 2009-05-18 02:43 -------- d-----w c:\programdata\PC Tools
2009-05-18 02:43 . 2009-05-18 02:43 -------- d-----w c:\users\All Users\PC Tools
2009-05-18 01:16 . 2009-05-18 01:16 -------- d-----w c:\program files\Trend Micro
2009-05-18 00:30 . 2009-05-18 00:30 -------- d-----w c:\users\TEST\AppData\Local\Mozilla
2009-05-17 23:43 . 2009-05-17 23:43 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-05-17 23:43 . 2009-05-17 23:43 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-05-17 23:42 . 2009-05-17 23:42 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-17 23:42 . 2009-05-17 23:42 -------- d-----w c:\users\TEST\AppData\Roaming\SUPERAntiSpyware.com
2009-05-17 23:42 . 2009-05-17 23:42 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-17 23:38 . 2009-05-17 23:38 -------- d-----w c:\program files\CCleaner
2009-05-17 23:26 . 2009-05-17 23:27 -------- d-----w c:\users\TEST\SmitfraudFix
2009-05-17 23:07 . 2009-05-18 02:43 -------- d-----w c:\users\TEST\AppData\Roaming\GetRightToGo
2009-05-17 21:14 . 2009-05-17 21:14 -------- d-----w c:\users\TEST\AppData\Roaming\Malwarebytes
2009-05-17 21:14 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-17 21:14 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 21:14 . 2009-05-17 21:14 -------- d-----w c:\programdata\Malwarebytes
2009-05-17 21:14 . 2009-05-17 21:14 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-17 21:14 . 2009-05-17 21:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-17 20:48 . 2009-05-18 12:46 -------- d---a-w c:\programdata\TEMP
2009-05-17 20:48 . 2009-05-18 12:46 -------- d---a-w c:\users\All Users\TEMP
2009-05-17 15:47 . 2009-05-17 15:47 -------- d-----w c:\programdata\WEBREG
2009-05-17 15:47 . 2009-05-17 15:47 -------- d-----w c:\users\All Users\WEBREG
2009-05-17 15:40 . 2009-05-17 15:40 -------- d-----w c:\programdata\HP Product Assistant
2009-05-17 15:40 . 2009-05-17 15:40 -------- d-----w c:\users\All Users\HP Product Assistant
2009-05-17 15:39 . 2009-05-17 15:39 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-05-17 15:39 . 2009-05-17 15:39 -------- d-----w c:\program files\Common Files\HP
2009-05-17 15:34 . 2008-04-16 04:05 271704 ----a-w c:\windows\system32\hpzids01.dll
2009-05-17 15:34 . 2008-06-07 01:49 118272 ----a-w c:\windows\system32\hpz3l692.dll
2009-05-17 15:34 . 2008-04-16 04:05 729088 ----a-w c:\windows\system32\hposwia_p01a.dll
2009-05-17 15:34 . 2008-04-16 04:05 974848 ----a-w c:\windows\system32\hpost_p01a.dll
2009-05-17 15:34 . 2008-02-28 10:08 303104 ----a-w c:\windows\system32\hposc_p01a.dll
2009-05-17 15:34 . 2008-04-16 04:05 372736 ----a-w c:\windows\system32\hppldcoi.dll
2009-05-17 15:34 . 2008-04-16 04:05 309760 ----a-w c:\windows\system32\difxapi.dll
2009-05-17 15:29 . 2009-05-17 15:46 166251 ----a-w c:\windows\hpoins30.dat
2009-05-17 15:29 . 2008-06-18 06:22 844 ------w c:\windows\hpomdl30.dat
2009-05-17 11:46 . 2009-05-17 11:46 -------- d-----w c:\programdata\Symantec Temporary Files
2009-05-17 11:46 . 2009-05-17 11:46 -------- d-----w c:\users\All Users\Symantec Temporary Files
2009-05-13 11:29 . 2008-07-30 22:42 23888 ----a-w c:\windows\system32\drivers\COH_Mon.sys
2009-05-13 10:57 . 2009-05-13 10:58 -------- d-----w c:\users\TEST\AppData\Local\Adobe
2009-05-13 03:28 . 2009-05-13 03:28 -------- d-----w c:\users\TEST\AppData\Local\Yahoo
2009-05-13 02:35 . 2009-05-13 03:28 -------- d-----w c:\programdata\Yahoo!
2009-05-13 02:35 . 2009-05-13 03:28 -------- d-----w c:\users\All Users\Yahoo!
2009-05-12 17:59 . 2009-05-18 12:29 12978 ----a-w c:\users\TEST\AppData\Roaming\nvModes.dat
2009-05-11 23:51 . 2009-05-11 23:51 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-05-11 23:50 . 2009-05-11 23:50 -------- d-----w c:\users\TEST\AppData\Local\Microsoft Help
2009-05-11 20:00 . 2009-05-11 20:00 -------- d-----w c:\programdata\Yahoo! Companion
2009-05-11 20:00 . 2009-05-11 20:00 -------- d-----w c:\users\All Users\Yahoo! Companion
2009-05-11 17:42 . 2009-05-11 17:42 680 ----a-w c:\users\TEST\AppData\Local\d3d9caps.dat
2009-05-06 22:30 . 2009-05-06 22:30 -------- d-----w c:\users\TEST\AppData\Roaming\CyberLink
2009-05-05 22:53 . 2009-05-17 15:47 -------- d-----w c:\users\TEST\AppData\Roaming\HP
2009-05-05 22:53 . 2009-05-17 15:41 -------- d-----w c:\programdata\HP
2009-05-05 22:53 . 2009-05-17 15:41 -------- d-----w c:\users\All Users\HP
2009-05-05 22:13 . 2009-05-11 17:42 -------- d-----w c:\users\TEST\AppData\Local\Hewlett-Packard
2009-05-05 22:12 . 2009-05-06 22:34 -------- d-----w c:\users\TEST\AppData\Local\QuickPlay
2009-05-05 22:12 . 2009-05-13 11:50 123696 ----a-w c:\users\TEST\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-05 22:12 . 2009-05-05 22:12 -------- d-----w c:\users\TEST\Bluetooth Software
2009-05-05 22:12 . 2009-05-05 22:12 -------- d-----r c:\users\TEST\Searches
2009-05-05 22:11 . 2009-05-05 22:11 -------- d-----r c:\users\TEST\Contacts
2009-05-05 22:10 . 2009-05-17 15:46 -------- d-----w c:\users\TEST\AppData\Local\VirtualStore
2009-05-05 22:09 . 2006-11-21 12:54 229376 ----a-w c:\windows\system32\BtwRSupport.dll
2009-05-05 22:09 . 2009-05-05 22:09 -------- d-----w c:\windows\system32\es-MX
2009-05-05 22:09 . 2009-05-05 22:09 -------- d-----w c:\windows\system32\es-AR
2009-05-05 22:09 . 2009-05-05 22:09 -------- d-----w c:\program files\WIDCOMM
2009-05-05 22:07 . 2009-05-05 22:13 -------- d-----w c:\users\TEST\AppData\Roaming\Hewlett-Packard
2009-05-05 22:01 . 2009-05-05 22:01 -------- d-----r c:\windows\system32\config\systemprofile\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 03:18 . 2006-12-18 04:36 12 ----a-w c:\windows\bthservsdp.dat
2009-05-18 03:16 . 2009-05-18 03:16 691712 ----a-w c:\windows\isRS-000.tmp
2009-05-17 15:43 . 2006-12-18 05:20 -------- d-----w c:\program files\HP
2009-05-17 15:40 . 2006-12-18 04:51 -------- d-----w c:\program files\Hewlett-Packard
2009-05-13 11:47 . 2006-12-18 05:05 -------- d-----w c:\program files\Norton Internet Security
2009-05-13 02:35 . 2006-12-18 05:33 -------- d-----w c:\program files\Yahoo!
2009-05-11 23:54 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-05-11 17:38 . 2006-12-18 05:04 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-11 17:34 . 2006-12-18 05:04 -------- d-----w c:\program files\Symantec
2009-05-11 17:33 . 2006-12-18 05:05 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-05-11 17:33 . 2006-12-18 05:05 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-11 17:33 . 2006-12-18 05:05 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-05 22:09 . 2006-12-18 04:54 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-05 22:08 . 2009-05-05 22:08 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv9000 (EZ379AV#ABA)_Y5335KV_0U_QCNF64519CX_E436463-003_4A_I30BD_SQuanta_V66.42_F.2D_T081126_WV3-0_L409_M2046_J100_7Intel_86F6_91.83_#090505_N8086109A;80864222_(EZ379AV#ABA)_XMOBILE_CN10_Z.MRK
2006-11-02 12:50 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-22 1474560]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 1830128]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 77824]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 107112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E5F1255C-3225-4EAA-AB0A-E304D03DAD7B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{528A9003-AB62-4835-9FF8-732AE7901AE6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B08AB0B3-59B0-4EB5-9EB2-DA789112F29A}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{A3DBE404-55F8-4D56-89E2-A83E9B55EE31}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{26FD3B8D-91F2-4C8D-96EB-1A0492422182}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{03AB6E20-C3AD-4B1B-8BC3-0757C5BCD165}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{8D722FBD-1196-4D6A-82DE-C8CCC9437E95}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{651B95D0-D427-4ACB-AAC0-00A542A9F5E8}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{98418C4E-F177-4D95-B0D1-802F4009DD80}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{E3C47F6C-05BB-41F8-92F8-6283D178E757}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{1605DC24-FCB2-48C9-B885-7D6F58A048D8}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6F43B12E-604A-4C65-9C49-CFB23B8C3B20}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BEB47D7D-3771-4929-B24E-E9031B933514}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B8B5AB4E-7B43-4F16-B5F0-0FCF5172612D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{31DCBC88-ABFD-403D-ABCA-01E554163929}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{00ED3C18-F157-4746-8F03-A0F0800DE0E1}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B9401B0B-557C-4833-A3EC-3AE71F1473C9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FD73AF4A-2A1B-4B59-BF4B-417B0AA96403}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FD4F82AD-A44D-4A0E-99C8-5EFBB27F0376}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9239A4F6-2052-41C3-B26F-E5D8360755CC}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A7AA8EF6-3C2F-4069-9F3B-97C98EF383A5}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C6C65F5A-0886-4213-ADB2-B65BF76A5C2B}"= e:\setup\hpznui01.exe:hpznui01.exe
"{29DC1F67-4409-47EC-BF69-E1F5278B06F9}"= TCP:427|RPort=427|c:\windows\system32\svchost.exe|Svc=HPSLPSVC:SLP_Service
"{BA0FFC66-0867-47E8-9BC5-69E0518E9BE0}"= c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{F8FE7129-318C-4A49-AD99-D52C32EE572F}"= c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{B755E224-B327-45F6-AAD4-AF22CFEB7C76}"= c:\program files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{6D25949D-E82A-4BD5-8E53-B63C12D77EAE}"= c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{0DB739CA-C5D0-4BF5-AB32-9A6A1320CDF4}"= c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{5329C3B8-B6CF-4D1F-B4AF-53F79E6BCE26}"= c:\program files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{BFD11FDB-8C1F-4E88-BC9C-B5D41661822C}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{FA86791C-928C-4E14-B7F6-7C9E3DC1BD15}"= c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{A95E5565-E028-402A-BC54-AE626C0A67AE}"= c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{4B66BCA8-FC68-4CE1-8945-54C09BAF674B}"= c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{C7966BE2-A9DE-4E7C-99C4-4AB4F3F4B701}"= c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
"{5731E1D2-E466-48F9-BD43-B95DEF44F646}"= c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [5/17/2009 22:16 130936]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090506.001\IDSvix86.sys [5/11/2009 16:14 272432]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 14:22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 14:22 72944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/11/2009 12:36 101936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 14:22 7408]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [10/3/2008 16:14 37936]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/17/2009 21:43 348752]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-05-17 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - TEST.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-08 07:48]
2009-05-17 c:\windows\Tasks\User_Feed_Synchronization-{A6EBA169-31DE-48EF-B277-1F226086AECB}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\291pc68k.default\
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 08:04
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\TEST\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5376)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\windows\system32\btncopy.dll
.
Completion time: 2009-05-18 8:05
ComboFix-quarantined-files.txt 2009-05-18 13:05
Pre-Run: 71,191,568,384 bytes free
Post-Run: 71,209,328,640 bytes free
266