ComboFix 08-07-23.3 - ole bill 2008-07-23 22:50:53.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.116 [GMT -5:00] Running from: C:\Documents and Settings\ole bill\desktop\ComboFix.exe Command switches used :: /KillAll * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\ODCTOOLS C:\WINDOWS\Downloaded Program Files\setup.inf . ((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 ))))))))))))))))))))))))))))))) . 2008-07-23 17:32 . 2008-07-23 17:41 250 --a------ C:\WINDOWS\gmer.ini 2008-07-22 20:23 . 2008-07-22 20:23 d-------- C:\Deckard 2008-07-22 20:11 . 2008-07-22 20:11 d-------- C:\Documents and Settings\Administrator 2008-07-22 19:42 . 2008-07-22 19:42 d-------- C:\sd-fix 2008-07-22 17:38 . 2008-07-22 18:05 d-------- C:\SDFix 2008-07-20 12:01 . 2004-08-04 05:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-07-20 12:00 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-07-20 11:59 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll 2008-07-20 11:57 . 2008-07-20 11:57 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-07-20 11:57 . 2008-07-20 11:57 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-07-20 11:57 . 2008-07-20 11:57 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-07-20 11:57 . 2008-07-20 11:57 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-07-20 11:57 . 2008-07-20 11:57 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-07-20 11:48 . 2004-08-04 05:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2008-07-20 11:48 . 2004-08-04 05:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2008-07-20 11:48 . 2004-08-04 05:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2008-07-20 11:48 . 2004-08-04 05:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2008-07-20 11:16 . 2008-07-20 11:17 d-------- C:\WINDOWS\system32\NtmsData 2008-07-19 20:15 . 2008-07-19 20:15 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-07-15 12:22 . 2008-07-15 12:22 d-------- C:\Documents and Settings\ole bill\Application Data\Smith Micro 2008-07-15 11:58 . 2008-07-15 11:58 d-------- C:\Program Files\Novatel Wireless 2008-07-02 06:31 . 2008-07-02 06:31 d-------- C:\Documents and Settings\ole bill\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1 2008-07-02 04:26 . 2008-07-02 04:26 d-------- C:\Program Files\Common Files\Adobe AIR . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-22 23:50 --------- d-----w C:\Program Files\Windows Defender 2008-07-22 22:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-07-22 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-22 22:11 --------- d-----w C:\Program Files\Lavasoft 2008-07-22 01:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-07-20 12:27 --------- d-----w C:\Program Files\Enigma Software Group 2008-07-02 09:32 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-31 16:32 --------- d-----w C:\Program Files\eGames 2008-05-29 18:27 --------- d-----w C:\Program Files\Common Files\DirectX 2007-12-30 17:04 381,024 ----a-w C:\Documents and Settings\ole bill\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-10-06 15:16 49152] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16 5058560] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 16:48 479232] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "HPHUPD06"="c:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe" [2004-12-16 17:29 49152] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-12-16 17:10 622592] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe" [2004-11-24 19:17 172032] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44 679936] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672] "nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264] "NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-10-06 15:16 49152] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-07 13:33:59 126136] HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\digital imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472] HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\digital imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 11:09] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R1 -: HKCU-Internet Settings,ProxyOverride = R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O17 -: HKLM\CCS\Interface\{1E466BE2-BF58-46C2-861D-00AFB77427CB}: NameServer = 216.163.120.19,216.163.120.21 O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-23 22:54:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hp\digital imaging\bin\hpqimzone.exe . ************************************************************************** . Completion time: 2008-07-23 22:58:05 - machine was rebooted [ole bill] ComboFix-quarantined-files.txt 2008-07-24 03:58:01 Pre-Run: 103,274,778,624 bytes free Post-Run: 103,288,303,616 bytes free 120 --- E O F --- 2008-07-23 17:37:36