Milkster
Whitby, Ontario
join:2003-02-12
Whitby, ON
| reply to Milkster
Re: MSN sending out messages without my consent
Here is the log for ComboFix....
ComboFix 09-06-09.06 - caskenkp 06/10/2009 11:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3063.2318 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\mdm.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.
2009-06-10 12:22 . 2009-06-10 12:22 -------- d-----w- c:\windows\LastGood
2009-06-10 10:32 . 2009-06-10 10:32 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 18:18 . 2009-06-09 18:18 -------- d-----w- c:\program files\ESET
2009-06-09 18:02 . 2009-06-09 18:02 -------- d-----w- c:\documents and settings\Administrator.HYPATIA\Application Data\Malwarebytes
2009-06-09 18:01 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 18:01 . 2009-06-09 18:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 18:01 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 18:01 . 2009-06-09 18:01 -------- d-sh--w- c:\documents and settings\Administrator.HYPATIA\IETldCache
2009-06-09 13:53 . 2009-06-09 13:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-09 13:52 . 2009-06-09 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-09 13:35 . 2009-06-09 13:35 -------- d-----w- c:\program files\Trend Micro
2009-06-09 00:07 . 2008-04-14 09:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-06-09 00:07 . 2008-04-14 09:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-08 13:57 . 2009-06-08 13:57 -------- d-----w- c:\windows\ie8updates
2009-06-08 13:54 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-08 13:44 . 2009-06-08 13:44 -------- d--h--r- C:\MSOCache
2009-06-08 04:34 . 2009-06-08 04:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-08 04:32 . 2009-06-08 04:32 -------- d-----w- c:\program files\MSSOAP
2009-06-08 04:31 . 2009-06-08 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-06-08 04:31 . 2009-06-08 04:31 -------- d-----w- c:\program files\Webroot
2009-06-08 04:31 . 2009-06-08 04:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webroot
2009-06-08 04:31 . 2009-05-13 19:39 1563008 ----a-w- c:\windows\WRSetup.dll
2009-06-08 04:31 . 2009-06-08 04:31 164 ----a-w- c:\windows\install.dat
2009-06-08 04:28 . 2009-06-08 04:28 164 ----a-w- C:\install.dat
2009-06-08 04:13 . 2009-06-08 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-06-08 04:10 . 2009-06-08 04:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-06-08 04:10 . 2009-03-19 20:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-08 04:10 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-08 04:09 . 2009-06-08 04:09 -------- d-----w- c:\program files\iPod
2009-06-08 04:09 . 2009-06-08 04:10 -------- d-----w- c:\program files\iTunes
2009-06-08 04:09 . 2009-06-08 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-08 04:09 . 2009-06-08 04:09 -------- d-----w- c:\program files\Bonjour
2009-06-08 04:09 . 2003-02-25 15:20 58368 ----a-w- c:\windows\system32\HPDOMON.DLL
2009-06-08 04:08 . 2003-07-18 17:14 40960 ----a-w- c:\windows\system32\HPBMMON.DLL
2009-06-08 04:08 . 2003-02-25 15:19 94274 ----a-w- c:\windows\system32\HPBHEALR.DLL
2009-06-08 04:08 . 2009-06-08 04:09 -------- d-----w- c:\program files\QuickTime
2009-06-08 04:08 . 2009-06-08 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-08 04:08 . 2009-06-08 04:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2009-06-08 04:08 . 2009-06-08 04:08 -------- d-----w- c:\program files\Apple Software Update
2009-06-08 04:08 . 2009-06-08 04:09 -------- d-----w- c:\program files\Common Files\Apple
2009-06-08 04:08 . 2009-06-08 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-08 04:07 . 2009-06-08 04:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-06-08 03:53 . 2009-06-08 03:53 -------- d-----w- c:\program files\Citrix
2009-06-08 03:52 . 2009-06-08 03:52 70984 ----a-w- c:\documents and settings\Administrator\g2mdlhlpx.exe
2009-06-08 03:52 . 2009-06-08 03:52 -------- d-----w- c:\windows\Sun
2009-06-08 03:49 . 2009-06-08 03:50 -------- d-----w- C:\TMWIN
2009-06-08 03:48 . 2009-06-08 03:49 -------- d-----w- C:\TMNODE
2009-06-08 03:47 . 2009-06-08 03:47 -------- d--h--w- c:\windows\PIF
2009-06-08 03:11 . 2009-06-10 10:21 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-06-08 03:11 . 2009-06-08 03:11 -------- d-----w- c:\program files\Microsoft
2009-06-08 03:10 . 2009-06-08 03:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-08 03:10 . 2009-06-08 03:10 -------- d-----w- c:\program files\Windows Live
2009-06-08 03:04 . 2009-06-08 03:04 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-08 03:02 . 2009-06-08 03:02 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-06-08 03:02 . 2009-06-08 03:02 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-06-08 02:35 . 2009-06-08 02:35 9062 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{C0258B3B-48BE-4678-B9DA-AEF70D474A2C}\ARPPRODUCTICON.exe
2009-06-08 02:34 . 2006-05-26 17:47 81920 ----a-w- c:\windows\system32\GM7tp32.dll
2009-06-08 02:34 . 2006-05-26 17:47 1576960 ----a-w- c:\windows\system32\Gm7s32.dll
2009-06-08 02:34 . 2006-05-26 17:45 901120 ----a-w- c:\windows\system32\gmssl32.dll
2009-06-08 02:34 . 2006-05-26 17:43 3596288 ----a-w- c:\windows\system32\GmXml.dll
2009-06-08 02:32 . 2009-06-08 02:32 9062 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{489F5116-4D08-4234-A21F-1FFA620A76E3}\ARPPRODUCTICON.exe
2009-06-08 02:28 . 2009-06-08 02:28 86016 ----a-w- c:\windows\system32\OdbcJdbcSetup.dll
2009-06-08 02:28 . 2009-06-08 02:28 225280 ----a-w- c:\windows\system32\IscDbc.dll
2009-06-08 02:28 . 2009-06-08 02:28 200704 ----a-w- c:\windows\system32\OdbcJdbc.dll
2009-06-08 02:28 . 2006-04-20 00:44 356437 ----a-w- c:\windows\system32\gds32.dll
2009-06-08 02:28 . 2009-06-08 02:28 -------- d-----w- c:\program files\Firebird
2009-06-08 02:27 . 2009-06-08 02:52 -------- d-----w- c:\program files\GoldMine
2009-06-08 02:26 . 2009-06-08 02:26 -------- d-----w- c:\windows\Downloaded Installations
2009-06-08 02:22 . 2009-06-08 02:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-08 02:12 . 2009-06-08 02:12 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-08 02:12 . 2009-06-08 02:12 -------- d-----w- c:\program files\MSBuild
2009-06-08 02:12 . 2009-06-08 02:12 -------- d-----w- c:\program files\Reference Assemblies
2009-06-08 02:12 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-08 02:12 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-08 02:12 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-08 02:12 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-08 02:12 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-08 02:12 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-08 02:12 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-08 02:08 . 2009-06-08 02:08 -------- dc-h--w- c:\windows\ie8
2009-06-08 02:07 . 2009-06-08 02:07 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-08 01:32 . 2009-06-08 02:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-06-08 01:30 . 2009-06-08 01:30 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-08 01:29 . 2009-06-08 01:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org
2009-06-08 01:23 . 2009-06-08 01:23 -------- d-----w- c:\program files\JRE
2009-06-08 01:23 . 2009-06-08 01:23 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-08 01:23 . 2009-05-21 15:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-05 16:41 . 2009-06-03 15:40 6611357 ----a-w- c:\windows\FramePkg.exe
2009-06-05 15:36 . 2008-04-14 02:14 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2009-06-05 12:32 . 2009-06-05 12:32 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-06-05 12:32 . 2009-06-05 12:32 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-06-05 12:31 . 2009-06-05 12:31 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-06-05 12:31 . 2009-06-05 12:32 -------- d-----w- c:\program files\Common Files\Acronis
2009-06-05 12:31 . 2009-06-05 12:31 -------- d-----w- c:\program files\Acronis
2009-06-05 12:12 . 2009-06-05 12:12 -------- d-----w- c:\windows\ServicePackFiles
2009-06-04 19:28 . 2008-11-20 19:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-04 19:28 . 2008-11-20 19:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-04 19:23 . 2009-06-08 19:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-06-04 19:23 . 2009-06-04 19:23 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-06-04 19:23 . 2009-06-08 19:09 -------- d-----w- c:\program files\Google
2009-06-04 19:17 . 2009-06-04 19:17 -------- d-----w- c:\windows\ShellNew
2009-06-04 19:15 . 2009-06-04 19:15 -------- d-----w- c:\windows\Twain32
2009-06-04 19:15 . 2009-06-04 19:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Microsoft Web Folders
2009-06-04 18:56 . 2009-06-04 18:56 -------- d-----w- c:\program files\ltmoh
2009-06-04 18:56 . 2006-10-18 08:39 487424 ----a-w- c:\windows\system32\cselect.exe
2009-06-04 18:56 . 2003-10-31 19:59 45056 ----a-w- c:\windows\system32\csellang.dll
2009-06-04 18:22 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-06-04 18:22 . 2008-04-14 04:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-06-04 18:22 . 2009-06-04 15:30 -------- d-----w- c:\windows\iehome
2009-06-04 18:22 . 2009-06-04 18:22 -------- d-----w- c:\program files\Datalode
2009-06-04 17:43 . 2009-06-04 17:43 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-04 17:23 . 2009-06-04 17:23 -------- d-----w- c:\program files\MSXML 6.0
2009-06-04 17:12 . 2007-04-09 17:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-06-04 17:11 . 2009-06-04 17:11 -------- d-----w- c:\program files\Common Files\L&H
2009-06-04 17:11 . 2009-06-04 17:11 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-04 17:09 . 2009-03-08 08:34 1206784 -c--a-w- c:\windows\system32\dllcache\urlmon.dll
2009-06-04 17:09 . 2009-03-08 08:34 914944 -c--a-w- c:\windows\system32\dllcache\wininet.dll
2009-06-04 17:09 . 2009-03-02 23:04 1499136 -c----w- c:\windows\system32\dllcache\shdocvw.dll
2009-06-04 17:09 . 2009-03-08 08:41 5937152 -c--a-w- c:\windows\system32\dllcache\mshtml.dll
2009-06-04 17:09 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-04 17:09 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-04 17:08 . 2009-06-04 17:08 -------- d-sh--w- c:\documents and settings\Administrator\UserData
2009-06-04 16:37 . 2007-04-23 18:29 68456 ----a-w- c:\documents and settings\__sbs_netsetup__\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 15:42 . 2009-06-04 15:42 -------- d-----w- c:\windows\SchCache
2009-06-04 15:42 . 2009-06-04 15:42 -------- d-----w- c:\program files\Microsoft Windows Small Business Server
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 10:32 . 2007-04-22 21:00 -------- d-----w- c:\program files\Java
2009-06-09 19:03 . 2009-06-04 16:40 -------- d-----w- c:\program files\Lexmark
2009-06-08 14:32 . 2009-06-04 15:30 74328 ----a-w- c:\documents and settings\ken\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-08 02:23 . 2007-04-23 18:29 74328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-08 01:42 . 2007-04-22 21:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 16:48 . 2009-06-05 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-05 16:48 . 2009-06-05 16:48 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-05 16:48 . 2009-06-05 16:41 -------- d-----w- c:\program files\McAfee
2009-06-05 16:47 . 2009-06-05 16:47 2585872 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\VIRUSCAN8600\Install\[u]0[/u]000\WindowsInstaller-KB893803-v2-x86.exe
2009-06-05 16:47 . 2009-06-05 16:47 95568 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\VIRUSCAN8600\Install\[u]0[/u]000\setupvse.exe
2009-06-05 16:47 . 2009-06-05 16:47 94208 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\VIRUSCAN8600\Install\[u]0[/u]000\UnInst.exe
2009-06-05 16:47 . 2009-06-05 16:47 102400 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\VIRUSCAN8600\Install\[u]0[/u]000\UnInstX64.exe
2009-06-05 16:42 . 2009-06-05 16:42 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-06-05 12:15 . 2007-04-22 20:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-04 19:18 . 2009-06-04 19:18 5058 ----a-w- c:\windows\Help\hhcolreg.dat
2009-06-04 18:39 . 2007-04-22 20:46 -------- d-----w- c:\program files\TOSHIBA
2009-06-04 17:10 . 2009-06-04 17:10 -------- d-----w- c:\program files\Microsoft.NET
2009-06-04 16:46 . 2007-04-23 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-04 16:40 . 2009-06-04 16:40 -------- d-----w- c:\program files\Lexmark_HostCD
2009-06-04 16:40 . 2009-06-04 16:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Protector Suite
2009-06-04 15:33 . 2007-04-22 20:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-04 15:30 . 2009-06-04 15:30 0 --sha-r- c:\windows\system32\drivers\TOSHIBA_TECRA A9_S3A6253D001_PTS52C-MH709C.MRK
2009-06-04 15:28 . 2009-06-09 18:00 -------- d-----w- c:\documents and settings\Administrator.HYPATIA\Application Data\Intel
2009-06-04 15:28 . 2009-06-04 16:37 -------- d-----w- c:\documents and settings\__sbs_netsetup__\Application Data\Intel
2009-06-04 15:28 . 2009-06-04 15:30 -------- d-----w- c:\documents and settings\ken\Application Data\Intel
2009-06-04 15:28 . 2007-04-22 20:45 -------- d-----w- c:\program files\Intel
2009-06-04 15:27 . 2009-06-04 15:27 315392 ----a-w- c:\windows\HideWin.exe
2009-06-04 15:27 . 2009-06-04 15:27 -------- d-----w- c:\program files\Realtek
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-21 22:27 . 2009-04-21 22:27 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-04-21 22:27 . 2009-04-21 22:27 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-04-21 22:27 . 2009-04-21 22:27 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 19:34 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\366\g2mstart.exe" [2009-06-08 31552]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-08 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"00THotkey"="c:\windows\system32\[u]0[/u]0THotkey.exe" [2006-07-05 19:14 258048]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-04-26 90112]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-09 344144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-09 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 138008]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-06-29 126976]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe" [2009-01-19 1285504]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe" [2009-01-18 884928]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-18 140568]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-03-10 136512]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-08 68592]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"000StTHK"="000StTHK.exe" - c:\windows\system32\[u]0[/u]00StTHK.exe [2001-06-23 11:28 24576]
"TOSDCR"="TOSDCR.EXE" - c:\windows\system32\TOSDCR.exe [2005-12-13 57344]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2006-04-10 622592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-12 16125440]
"TFncKy"="TFncKy.exe" [BU]
"TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2007-02-02 110592]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2006-07-26 315392]
c:\documents and settings\Administrator.HYPATIA\Start Menu\Programs\Startup\
IEHOME.LNK - c:\documents and settings\Default User\Local Settings\Temp\iehome.bat [2009-6-4 298]
c:\documents and settings\__sbs_netsetup__\Start Menu\Programs\Startup\
IEHOME.LNK - c:\documents and settings\Default User\Local Settings\Temp\iehome.bat [2009-6-4 298]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [2009-6-5 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 21:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Acronis\\TrueImageEchoWorkstation\\TrueImage.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [6/5/2009 8:31 AM 134272]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [3/22/2007 4:07 PM 20992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [3/9/2007 6:23 PM 6528]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [6/4/2009 11:31 AM 5888]
R2 AcronisAgent;Acronis Remote Agent;c:\program files\Common Files\Acronis\Agent\agent.exe [1/18/2009 8:07 PM 517848]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 6:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 5:59 PM 33024]
R2 FirebirdGuardianDefaultInstance;FirebirdGuardian - DefaultInstance;c:\program files\Firebird\firebird_1_5\bin\fbguard.exe [4/19/2006 8:09 PM 65536]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\firebird_1_5\bin\fbserver.exe -s [?]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 5:33 PM 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 3:22 PM 105856]
R2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\TMESRV31.exe [6/4/2009 11:31 AM 126976]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 3:15 PM 134016]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [6/8/2009 12:32 AM 1205760]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/22/2007 4:20 PM 35968]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [6/4/2009 11:33 AM 435072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-06-04 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-04-22 09:42]
2009-06-10 c:\windows\Tasks\User_Feed_Synchronization-{DBCF6069-EB84-4D65-8C65-4682FB09D6FA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
2009-06-10 c:\windows\Tasks\wrSpySweeper_1F2B4464FF314BF3B423F14FA81CFB39.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-06-08 19:40]
2009-06-10 c:\windows\Tasks\wrSpySweeper_1F2B4464FF314BF3B423F14FA81CFB39.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-06-08 19:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2009-06-10 11:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_1704.dat 16384 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\windows\system32\igfxdev.dll
- - - - - - - > 'lsass.exe'(1080)
c:\windows\system32\relog_ap.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-06-10 11:47
ComboFix-quarantined-files.txt 2009-06-10 15:47
Pre-Run: 87,639,932,928 bytes free
Post-Run: 87,868,571,648 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /forceresetreg
345 --- E O F --- 2009-06-04 19:08 |
