I am still getting the usual "New Hardware" window upon startup.
but, combofix caused no problems.
Log:
ComboFix 11-09-09.04 - UserXP 09/09/2011 20:57:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1228 [GMT -4:00]
Running from: c:\documents and settings\UserXP\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\UserXP\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-09-01 02:00 . 2011-09-01 02:00 -------- d-----w- C:\_OTL
2011-09-01 01:56 . 2011-09-01 01:56 -------- d-----w- c:\program files\ERUNT
2011-08-31 13:05 . 2011-08-31 13:06 -------- d-----w- c:\program files\trend micro
2011-08-31 13:05 . 2011-08-31 13:06 -------- d-----w- C:\rsit
2011-08-27 23:17 . 2011-09-04 21:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-27 15:51 . 2011-08-27 15:51 -------- d-----w- c:\program files\WinDjView
2011-08-27 01:38 . 2011-09-09 21:53 -------- d-----w- c:\documents and settings\UserXP\Application Data\go
2011-08-27 01:38 . 2011-09-02 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Easybits GO
2011-08-24 23:54 . 2009-08-19 21:49 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2011-08-24 23:52 . 2011-08-26 22:16 -------- d-----w- C:\Netgear
2011-08-12 01:33 . 2008-11-07 13:25 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-08-11 22:06 . 2011-09-01 01:13 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Application Data\Research In Motion
2011-08-11 22:05 . 2009-01-09 10:48 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2009-09-07 05:27 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-25 11:03 . 2011-06-24 18:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2009-09-07 05:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2009-09-07 05:30 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2009-10-12 13:06 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2009-10-12 13:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2009-09-28 08:58 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2009-09-07 05:33 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2009-09-07 05:28 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2009-09-07 05:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2009-09-07 05:27 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2009-09-07 05:28 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2009-09-07 05:33 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-05-02 2815488]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-24 39408]
"GameXN (update)"="c:\documents and settings\All Users\Application Data\GameXN\GameXNGO.exe" [2011-09-02 347008]
"GameXN (news)"="c:\documents and settings\All Users\Application Data\GameXN\GameXNGO.exe" [2011-09-02 347008]
"GameXN"="c:\documents and settings\All Users\Application Data\GameXN\GameXNGO.exe" [2011-09-02 347008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 72240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-08 65216]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-04-20 2474624]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"!CleanupNetMeetingDispDriver"="msconf.dll" [2007-11-30 69632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-17 275072]
TeluguLipi Quick Start.lnk - c:\windows\Installer\{990CA0A1-4EA0-4C39-9EFE-3494F21917E7}\_7809DDD814F44DC2B39EE0CFADC8C435.exe [2010-9-30 40960]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\UserXP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4446:TCP"= 4446:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/4/2011 11:23 PM 28552]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/20/2011 12:17 AM 118104]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [9/7/2009 1:33 AM 14336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [4/20/2011 12:17 AM 958464]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]
R2 RTWTKRNL;Real-Time Windows Target;c:\windows\system32\drivers\RTWTKRNL.sys [1/18/2010 2:27 PM 27200]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/24/2010 8:43 AM 135664]
S3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Smart Security\EShaSrv.exe [4/20/2011 12:18 AM 183904]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2/23/2010 10:35 AM 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/24/2010 8:43 AM 135664]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [9/28/2009 5:26 AM 33024]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [7/28/2011 6:05 AM 100736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/12/2009 9:06 AM 41272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-24 12:05]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 12:42]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 12:42]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-838170752-1801674531-1003Core.job
- c:\documents and settings\UserXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-02 11:19]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-838170752-1801674531-1003UA.job
- c:\documents and settings\UserXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-02 11:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = <local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/delicioustasteoffame/sis/gamehouseplayer.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.arcadetown.com/swf/deliciousdeluxe2/zylomplayer.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-09 21:04
Windows 5.1.2600 Service Pack 3, v.6055 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2032)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Completion time: 2011-09-09 21:07:07
ComboFix-quarantined-files.txt 2011-09-10 01:07
.
Pre-Run: 5,839,196,160 bytes free
Post-Run: 5,793,931,264 bytes free
.
- - End Of File - - 7D0FBCE5F611B0CAEFC7E1E029F9BDAE
Thanks
Jolene