ComboFix 08-01-04.1 - Owner 2008-01-06 21:31:35.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.86 [GMT -5:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix(2).exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Starware337 C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.bmp C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.png C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.bmp C:\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.png C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindIt.bmp C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindItHot.bmp C:\Documents and Settings\All Users\Application Data\Starware337\buttons\findithotxp.png C:\Documents and Settings\All Users\Application Data\Starware337\buttons\finditxp.png C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Highlight.bmp C:\Documents and Settings\All Users\Application Data\Starware337\buttons\HighlightHot.bmp C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlighthotxp.png C:\Documents and Settings\All Users\Application Data\Starware337\buttons\highlightxp.png C:\Documents and Settings\All Users\Application Data\Starware337\buttons\logo.bmp C:\Documents and Settings\All Users\Application Data\Starware337\buttons\logoxp.bmp C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Reference.bmp C:\Documents and Settings\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencehotxp.png C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencexp.png C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Weather.bmp C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherhotxp.png C:\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherxp.png C:\Documents and Settings\All Users\Application Data\Starware337\contexts\error.xml C:\Documents and Settings\All Users\Application Data\Starware337\contexts\Related.xml C:\Documents and Settings\All Users\Application Data\Starware337\contexts\Travel.xml C:\Documents and Settings\All Users\Application Data\Starware337\images\walert.bmp C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml.backup C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml.backup C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml.backup C:\Documents and Settings\All Users\Application Data\Starware337\Tem16.tmp C:\Documents and Settings\All Users\Application Data\Starware337\U1A392A7E.exe C:\Documents and Settings\Owner\Application Data\Starware337 C:\Documents and Settings\Owner\Application Data\Starware337\BrowserSearch\BrowserSearch.xml C:\Documents and Settings\Owner\Application Data\Starware337\BrowserSearch\BrowserSearch.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\Games\GamesOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\Games\GamesOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\Games\images\active\Games0.bmp C:\Documents and Settings\Owner\Application Data\Starware337\Layouts\ToolbarLayout.xml C:\Documents and Settings\Owner\Application Data\Starware337\Layouts\ToolbarLayout.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\Manager\ManagerOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\Manager\ManagerOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\Movies\images\active\Movies0.bmp C:\Documents and Settings\Owner\Application Data\Starware337\Movies\MoviesOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\Movies\MoviesOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\Recipes\RecipesOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\Recipes\RecipesOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\Reference\ReferenceOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\Reference\ReferenceOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp C:\Documents and Settings\Owner\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\Toolbar\TBProductsOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\Toolbar\TBProductsOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup C:\Documents and Settings\Owner\Application Data\Starware337\Weather\AlertArchive.xml C:\Documents and Settings\Owner\Application Data\Starware337\Weather\WeatherOptions.xml C:\Documents and Settings\Owner\Application Data\Starware337\Weather\WeatherOptions.xml.backup C:\Program Files\drantispy C:\Program Files\drantispy\DrAntispy.lic C:\Program Files\drantispy\DrAntispy0.dr C:\Program Files\drantispy\DrAntispy1.dr C:\Program Files\drantispy\Uninstall.exe C:\Program Files\FunWebProducts C:\Program Files\MW C:\Program Files\MW\MalwareWiped 6.4\ignorelist.dat C:\Program Files\MW\MalwareWiped 6.4\Lang\English.ini C:\Program Files\MW\MalwareWiped 6.4\malwarewipe.ini C:\Program Files\MW\MalwareWiped 6.4\MalwareWiped 6.4.url C:\Program Files\MW\MalwareWiped 6.4\msvcp71.dll C:\Program Files\MW\MalwareWiped 6.4\msvcr71.dll C:\Program Files\MW\MalwareWiped 6.4\mwdb.dat C:\Program Files\MW\MalwareWiped 6.4\mwdb.dat.old C:\Program Files\MW\MalwareWiped 6.4\uninst.exe C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\History\search C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings\settings.dat C:\Program Files\MyWebSearch\bar\Settings\settings.htm C:\Program Files\Starware337 C:\Program Files\Starware337\brand.bmp C:\Program Files\Starware337\icons\star_16.ico C:\Program Files\Starware337\Starware337Config.xml C:\Program Files\Starware337\Starware337Uninstall.exe C:\WINDOWS\Fonts\acrsecB.fon C:\WINDOWS\Fonts\acrsecI.fon C:\WINDOWS\system32\pwhukisr.dat C:\WINDOWS\system32\pwhukisr_nav.dat C:\WINDOWS\system32\pwhukisr_navps.dat D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\nm ((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))) . 2008-01-06 21:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-12-22 23:07 . 2007-07-12 02:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-21 12:47 . 2007-12-21 12:47 d-------- C:\Deckard 2007-12-21 05:17 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\wpwgdpfiofib.sys 2007-12-21 05:11 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\vqnggospcgcn.sys 2007-12-21 05:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys 2007-12-21 04:51 . 2007-12-21 06:01 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-21 04:51 . 2007-12-21 06:00 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-21 04:51 . 2007-12-21 06:00 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-21 04:51 . 2007-12-21 06:00 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-21 01:28 . 2007-12-21 01:28 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft 2007-12-21 01:27 . 2007-12-21 01:27 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-21 01:27 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-21 00:41 . 2007-12-21 12:50 d-------- C:\HJT 2007-12-20 18:06 . 2007-12-20 18:16 d-------- C:\Program Files\CaptureSaver 2007-12-13 13:41 . 2007-12-13 13:41 d-------- C:\Program Files\PopCap Games 2007-12-13 13:41 . 2007-12-16 16:45 18 --a------ C:\WINDOWS\popcinfot.dat 2007-12-13 13:41 . 2007-12-13 13:41 0 --a------ C:\WINDOWS\popcreg.dat 2007-12-13 12:15 . 2007-12-13 12:15 d-------- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search 2007-12-13 12:13 . 2007-12-13 12:14 d-------- C:\Program Files\Windows Desktop Search 2007-12-13 12:12 . 2007-12-13 12:12 d-------- C:\Program Files\Windows Live Favorites 2007-12-13 12:07 . 2007-12-13 12:07 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-12-13 11:40 . 2007-12-15 04:11 d-------- C:\Program Files\Windows Live Toolbar . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-04 18:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM 2008-01-04 11:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead 2008-01-04 10:59 --------- d-----w C:\Program Files\LimeWire 2008-01-04 00:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-03 19:05 --------- d-----w C:\Program Files\Mystery Case Files - Prime Suspects 2007-12-23 04:07 --------- d-----w C:\Program Files\Java 2007-12-22 04:29 --------- d-----w C:\Program Files\Symantec 2007-12-21 09:48 --------- d-----w C:\Program Files\Viewpoint 2007-12-21 09:44 3,890 ----a-w C:\WINDOWS\viassary-hp.reg 2007-12-21 08:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-17 22:02 --------- d-----w C:\Program Files\Juno 2007-12-13 17:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN Search Toolbar 2007-12-04 03:34 --------- d-----w C:\Program Files\Paltalk Messenger 2007-12-04 03:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\Paltalk 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 15:47 --------- d-----w C:\Program Files\Mystery Case Files - Huntsville 2003-10-10 19:23 3,220 --sha-w C:\WINDOWS\rreg32.dll 2003-10-10 19:23 1,998 --sha-w C:\WINDOWS\utapi32.dll 2007-07-14 18:34 10,240 --sha-w C:\WINDOWS\rnapxs\rnapxs.dat 2004-03-28 19:31 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys 2007-07-11 22:12 16,963,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-07-11 22:12 153,120 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} {327C2873-E90D-4C37-AA9D-10AC9BABA46C} {F5735C15-1FB2-41FE-BA12-242757E69DDE} {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} {EF99BD32-C1FB-11D2-892F-0090271D4F88} {2318C2B1-4965-11D4-9B18-009027A5CD4F} {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} {5148AB7D-8868-4490-B6DA-F98368488582} [HKEY_CLASSES_ROOT\clsid\{5148ab7d-8868-4490-b6da-f98368488582}] [HKEY_CLASSES_ROOT\StowShellInter.StowBandbar.1] [HKEY_CLASSES_ROOT\TypeLib\{620370F0-A41C-47B2-B4C5-8E9F08E4AF60}] [HKEY_CLASSES_ROOT\StowShellInter.StowBandbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-21 11:22 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure TNB"="C:\Program Files\ZoomTown Internet Security\TNB\TNBUtil.exe" [2005-07-18 09:51 700416] "F-Secure Startup Wizard"="C:\Program Files\ZoomTown Internet Security\FSGUI\FSSW.exe" [2005-10-18 03:29 372736] "F-Secure Manager"="C:\Program Files\ZoomTown Internet Security\Common\FSM32.exe" [2005-10-25 20:51 122929] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ ZoomTown Internet Security.lnk - C:\Program Files\ZoomTown Internet Security\backweb\7128158\Program\fspex.exe [2007-07-14 13:16:57] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe backup=C:\WINDOWS\pss\palstart.exeCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor] ALCXMNTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit] 2003-06-18 21:19 53248 --a------ C:\hp\bin\AUTOTKIT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify] 2003-06-22 23:25 24576 --a------ c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] 2002-10-07 09:23 90112 --a------ c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy] c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 02:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrAntispy] C:\Program Files\DrAntispy\DrAntispy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EarthLink Installer] /C [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2003-04-07 09:07 114688 --a------ C:\WINDOWS\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2003-06-25 20:24 49152 --a------ c:\Program Files\HP\HP Software Update\HPWuSchd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] 2003-05-23 04:55 483328 --a------ C:\WINDOWS\System32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] 1998-05-07 18:04 52736 --a------ c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access] rundll32.exe EGDACCESS_ASPIV4_1063a.dll,InstantAccess [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] 2003-02-11 22:02 61440 --a------ C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG] LTMSG.exe 7 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalwareWiped] C:\Program Files\MW\MalwareWiped 6.4\MalwareWiped 6.4.exe /h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalwareWiped 6.4] C:\Program Files\MW\MalwareWiped 6.4\MalwareWiped 6.4.exe /h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] 2006-11-07 15:41 8192 --a------ C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server] 2006-11-07 15:41 102400 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 15:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] rundll32.exe nview.dll,nViewLoadHook [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] 2002-10-16 18:57 81920 --a------ C:\WINDOWS\system32\ps2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pwhukisr] c:\windows\system32\pwhukisr.exe -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] 2002-09-13 23:42 212992 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 04:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k] 2003-08-14 20:11 139264 --a------ C:\Program Files\Multimedia Card Reader\shwicon2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost] C:\WINDOWS\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-09-21 11:22 171448 --a------ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalCleaner] 2006-03-28 10:59 1449984 --a------ C:\Program Files\Total Cleaner\TotalCleaner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] RUNDLL32.exe C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll,cdaEngineMain [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel] 2003-10-09 16:31 184784 --a------ C:\Program Files\WildTangent\Apps\GameChannel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 10:04] R2 BackWeb Plug-in - 7128158;ZoomTown Internet Security;C:\PROGRA~1\ZOOMTO~2\backweb\7128158\Program\SERVIC~1.EXE [2007-07-14 13:16] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\ZoomTown Internet Security\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 10:14] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\ZoomTown Internet Security\Anti-Virus\Win2K\FSgk.sys [2007-07-14 13:43] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\ZoomTown Internet Security\Anti-Virus\Win2K\FSrec.sys [2004-06-01 04:03] R3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 01:04] S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-07-30 04:15] S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-07-30 04:15] S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2004-03-16 17:53] . Contents of the 'Scheduled Tasks' folder "2008-01-07 02:05:32 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-01-06 07:17:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-01-07 00:00:57 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\ZOOMTO~2\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ZOOMTO~2\ANTI-V~1\report.txt . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-06 21:45:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-06 21:53:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-07 02:53:00 . 2007-12-15 09:11:18 --- E O F ---