ComboFix 09-02-19.01 - Andreas Dimitriou 2009-02-21 2:42:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.30.1033.18.1023.479 [GMT 0:00]
Running from: c:\documents and settings\Andreas Dimitriou\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.
2009-02-21 02:39 . 2009-02-21 02:40 <DIR> d-------- C:\32788R22FWJFW
2009-02-20 14:15 . 2009-02-20 14:15 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-20 14:14 . 2009-02-20 14:14 <DIR> dr------- c:\program files\Skype
2009-02-20 14:14 . 2009-02-20 14:14 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-20 03:26 . 2009-02-20 03:26 <DIR> d-------- c:\documents and settings\Andreas Dimitriou\Application Data\IDM
2009-02-20 01:17 . 2009-02-20 01:17 <DIR> d-------- c:\documents and settings\Andreas Dimitriou\Application Data\True Sword
2009-02-20 01:16 . 2009-02-20 01:19 <DIR> d-------- c:\program files\True Sword 4
2009-02-19 23:38 . 2009-02-19 23:38 <DIR> d-------- C:\Binaries
2009-02-19 23:37 . 2009-02-19 23:37 <DIR> d-------- c:\program files\Webroot
2009-02-19 23:37 . 2009-02-19 23:37 <DIR> d-------- c:\documents and settings\Andreas Dimitriou\Application Data\Webroot
2009-02-19 23:37 . 2009-02-19 23:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2009-02-19 23:37 . 2008-10-12 13:18 1,553,272 --a------ c:\windows\WRSetup.dll
2009-02-18 15:03 . 2009-02-20 03:27 <DIR> d-------- c:\documents and settings\Andreas Dimitriou\Application Data\DMCache
2009-02-18 01:05 . 2009-02-18 01:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-18 01:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-18 01:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-17 17:58 . 2009-02-17 18:23 <DIR> d-------- c:\program files\XoftSpySE
2009-02-17 16:55 . 2009-02-17 16:55 <DIR> d-------- c:\documents and settings\Andreas Dimitriou\Application Data\Malwarebytes
2009-02-17 16:54 . 2009-02-17 16:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-17 16:45 . 2009-02-17 16:45 <DIR> d-------- c:\documents and settings\Andreas Dimitriou\DoctorWeb
2009-02-17 16:30 . 2009-02-17 16:30 <DIR> d-------- c:\documents and settings\Andreas Dimitriou\Application Data\Lavasoft
2009-02-17 16:23 . 2009-02-17 16:23 <DIR> d-------- c:\program files\ESET
2009-02-17 16:23 . 2009-02-17 16:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-02-17 16:19 . 2009-02-17 16:19 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-17 16:07 . 2009-02-17 16:16 <DIR> d-------- c:\program files\Your Uninstaller 2008
2009-02-17 16:07 . 2009-02-17 16:07 <DIR> d-------- c:\documents and settings\Andreas Dimitriou\Application Data\URSoft
2009-02-17 03:00 . 2009-02-17 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-15 23:10 . 2009-02-15 23:10 <DIR> d-------- c:\documents and settings\Andreas Dimitriou\Application Data\HP
2009-02-15 23:10 . 2009-02-15 23:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-02-15 23:08 . 2009-02-15 23:09 <DIR> d-------- c:\program files\Common Files\HP
2009-02-15 23:06 . 2009-02-15 23:07 <DIR> d-------- c:\program files\Hewlett-Packard
2009-02-15 23:06 . 2009-02-15 23:06 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-02-15 23:03 . 2006-04-10 14:03 48,128 --a------ c:\windows\system32\hpzll054.dll
2009-02-15 23:02 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-02-15 23:02 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll
2009-02-15 23:02 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll
2009-02-15 23:02 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll
2009-02-15 23:02 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe
2009-02-15 23:02 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe
2009-02-15 23:02 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll
2009-02-15 23:01 . 2009-02-15 23:09 <DIR> d-------- c:\program files\HP
2009-02-15 23:00 . 2009-02-15 23:11 117,673 --a------ c:\windows\hpoins11.dat
2009-02-15 20:39 . 2006-04-12 12:02 659,456 --a------ c:\windows\system32\hpowiax2.dll
2009-02-15 20:39 . 2006-04-12 12:02 598,016 --a------ c:\windows\system32\hpotscl2.dll
2009-02-15 20:39 . 2006-04-12 12:02 254,026 --a------ c:\windows\system32\hpovst09.dll
2009-02-15 20:39 . 2006-04-12 12:04 49,664 --a------ c:\windows\system32\drivers\HPZid412.sys
2009-02-15 20:39 . 2006-04-12 12:04 21,568 --a------ c:\windows\system32\drivers\HPZius12.sys
2009-02-15 20:39 . 2006-04-12 12:04 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys
2009-02-15 20:34 . 2005-07-18 13:39 98,304 --a------ c:\windows\system32\hpzjsn01.dll
2009-02-15 20:31 . 2006-04-12 12:04 282,624 --a------ c:\windows\system32\HPZc3212.dll
2009-02-15 20:31 . 2006-05-05 12:25 11,634 --a------ c:\windows\hpomdl11.dat
2009-02-15 20:30 . 2006-01-03 18:12 77,824 --a------ c:\windows\system32\HPZIDS01.dll
2009-02-15 02:57 . 2009-02-19 23:54 <DIR> d-------- c:\documents and settings\Andreas Dimitriou\Tracing
2009-02-15 02:55 . 2009-02-15 02:55 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-15 02:55 . 2009-02-15 02:55 <DIR> d-------- c:\program files\Microsoft
2009-02-15 02:49 . 2009-02-15 02:49 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-10 17:39 . 2009-02-10 17:39 <DIR> d-------- c:\program files\ooVoo
2009-02-10 17:39 . 2009-02-10 17:40 <DIR> d-------- c:\documents and settings\Andreas Dimitriou\Application Data\ooVoo Details
2009-02-10 17:36 . 2009-02-10 17:36 <DIR> d-------- c:\windows\PixArt
2009-02-10 17:36 . 2009-02-10 17:36 <DIR> d-------- c:\program files\KYE
2009-02-10 17:36 . 2009-02-10 17:36 <DIR> d-------- c:\program files\Common Files\PAC7302
2009-02-10 17:36 . 2006-11-03 10:59 48,128 --a------ c:\windows\system32\Remove.exe
2009-02-10 17:36 . 2007-05-24 12:17 291 --a------ c:\windows\system32\Remover.ini
2009-02-10 17:35 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-02-10 17:35 . 2004-08-03 23:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-02-09 22:11 . 2009-02-18 00:07 <DIR> d-------- C:\Temp
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-05 21:52 . 2009-02-05 21:55 <DIR> d-------- C:\TPW
2009-02-05 21:52 . 2009-02-05 21:52 <DIR> d-------- c:\documents and settings\Andreas Dimitriou\WINDOWS
2009-02-05 21:52 . 1992-06-08 01:50 130,224 --a------ c:\windows\system\BWCC.DLL
2009-02-05 21:52 . 1992-06-08 01:50 26,960 --a------ c:\windows\WINHELP.HLP
2009-02-05 21:52 . 1992-06-08 01:50 9,279 --a------ c:\windows\system\TDDEBUG.386
2009-02-05 21:52 . 2009-02-05 21:55 137 --a------ c:\windows\WORKSHOP.INI
2009-02-05 21:52 . 2009-02-05 21:52 137 --a------ c:\windows\TDW.INI
2009-02-05 21:52 . 2009-02-12 13:25 91 --a------ c:\windows\TPW.INI
2009-02-05 11:06 . 2009-02-05 11:05 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-04 20:04 . 2009-02-04 20:04 <DIR> d-------- c:\program files\Common Files\xing shared
2009-02-04 16:50 . 2009-02-20 01:39 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-04 16:50 . 2009-02-04 16:50 <DIR> d-------- c:\documents and settings\Andreas Dimitriou\Application Data\PC Tools
2009-02-04 16:50 . 2009-02-04 17:24 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-02-04 16:50 . 2009-02-04 17:24 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-02-04 16:50 . 2009-02-04 17:24 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-02-04 16:50 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-02-04 16:33 . 2009-02-05 01:15 <DIR> d-------- c:\documents and settings\Andreas Dimitriou\Application Data\Download Manager
2009-02-04 16:30 . 2009-02-12 19:05 <DIR> d-------- c:\program files\Google
2009-02-02 19:09 . 2009-02-02 19:09 <DIR> d-------- c:\program files\Common Files\snp2std
2009-02-02 19:09 . 2007-01-26 16:48 12,028,032 --a------ c:\windows\system32\drivers\snp2sxp.sys
2009-02-02 19:09 . 2006-09-15 13:21 675,840 --a------ c:\windows\vsnp2std.exe
2009-02-02 19:09 . 2005-01-26 15:45 349,472 --a------ c:\windows\WindowsXP-KB822603-x86.exe
2009-02-02 19:09 . 2006-11-29 16:11 258,048 --a------ c:\windows\tsnp2std.exe
2009-02-02 19:09 . 2006-10-03 14:35 249,856 --a------ c:\windows\system32\vsnp2std.dll
2009-02-02 19:09 . 2007-02-05 15:25 151,552 --a------ c:\windows\system32\rsnp2std.dll
2009-02-02 19:09 . 2006-11-16 15:57 77,824 --a------ c:\windows\system32\csnp2std.dll
2009-02-02 19:09 . 2007-01-25 18:48 25,472 --a------ c:\windows\system32\drivers\sncamd.sys
2009-02-02 19:09 . 2007-02-12 14:50 20,480 --a------ c:\windows\FixCamera.exe
2009-02-02 19:09 . 2004-12-09 17:23 15,497 --a------ c:\windows\snp2std.ini
2009-02-02 19:09 . 2004-12-09 17:23 13,022 --a------ c:\windows\snp2std.src
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 00:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-21 00:33 --------- d-----w c:\documents and settings\Andreas Dimitriou\Application Data\Skype
2009-02-21 00:05 --------- d-----w c:\documents and settings\Andreas Dimitriou\Application Data\skypePM
2009-02-20 14:14 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-17 18:23 --------- d-----w c:\program files\DAEMON Tools Pro
2009-02-17 17:29 --------- d-----w c:\program files\MegauploadToolbar
2009-02-15 02:54 --------- d-----w c:\program files\Windows Live
2009-02-12 17:48 --------- d-----w c:\documents and settings\Andreas Dimitriou\Application Data\Metacafe
2009-02-12 17:48 --------- d-----w c:\documents and settings\All Users\Application Data\Metacafe
2009-02-12 03:05 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-10 17:39 --------- d-----w c:\program files\InstallShield Installation Information
2009-02-05 11:05 --------- d-----w c:\program files\Java
2009-02-04 20:04 --------- d-----w c:\program files\Common Files\Real
2009-02-04 16:31 --------- d-----w c:\documents and settings\Andreas Dimitriou\Application Data\MegauploadToolbar
2009-02-01 05:00 --------- d-----w c:\documents and settings\Andreas Dimitriou\Application Data\U3
2008-02-25 23:16 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
------- Sigcheck -------
2008-04-14 00:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
2008-05-01 00:22 502272 6e8ca4fcb30282f216f5db9dd58a5f81 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-10-12 13:11 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_9.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"rideooff"="c:\windows\system32\rideooff.exe" [2002-10-25 640512]
"PRISMSTA.EXE"="c:\windows\system32\PRISMSTA.EXE" [2002-09-02 214528]
"MPB"="c:\windows\system32\MPB.exe" [2003-04-28 278528]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2003-03-27 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-05-21 4726784]
"nwiz"="c:\windows\system32\nwiz.exe" [2003-05-21 323584]
"PCTVOICE"="c:\windows\system32\pctspk.exe" [2002-10-29 167936]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-02-03 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-02-03 630784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-04 185896]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-10-12 6272888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12654:TCP"= 12654:TCP:BitComet 12654 TCP
"12654:UDP"= 12654:UDP:BitComet 12654 UDP
"7154:TCP"= 7154:TCP:BitComet 7154 TCP
"7154:UDP"= 7154:UDP:BitComet 7154 UDP
"12497:TCP"= 12497:TCP:BitComet 12497 TCP
"12497:UDP"= 12497:UDP:BitComet 12497 UDP
"9911:TCP"= 9911:TCP:BitComet 9911 TCP
"9911:UDP"= 9911:UDP:BitComet 9911 UDP
"443:TCP"= 443:TCP:*
isabled
oVoo TCP port 443
"443:UDP"= 443:UDP:*
isabled
oVoo UDP port 443
"37674:TCP"= 37674:TCP:*
isabled
oVoo TCP port 37674
"37674:UDP"= 37674:UDP:*
isabled
oVoo UDP port 37674
"37675:UDP"= 37675:UDP:*
isabled
oVoo UDP port 37675
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-10-02 29808]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-10-24 34824]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-02-19 1066360]
R3 GetPort;GetPort;c:\windows\system32\getport.sys [2002-10-23 3200]
R3 MTC0001_MPB;MPB device driver;c:\windows\system32\NTMPB.SYS [2008-02-25 5072]
R3 PRISM;Intersil PRISM Wireless LAN Driver;c:\windows\system32\drivers\PRISMNDS.sys [2002-09-02 50688]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-08-04 18560]
S3 PAC7302;Messenger 310;c:\windows\system32\drivers\PAC7302.SYS [2007-06-14 457856]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-04 356920]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2008-05-16 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2008-05-16 61696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{090a177f-67d6-11dd-b82e-0040d04bc1d7}]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{090a1780-67d6-11dd-b82e-0040d04bc1d7}]
\Shell\Auto\command - G:\Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{221ba86b-6633-11dd-b82d-0040d04bc1d7}]
\Shell\auto\command - G:\Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - G:\Knight.exe open
\Shell\find\command - G:\Knight.exe open
\Shell\install\command - G:\Knight.exe open
\Shell\open\command - G:\Knight.exe open
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34fa83f3-02a9-11dd-b7f5-0040d04bc1d7}]
\Shell\Auto\command - F:\Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34fa8520-02a9-11dd-b7f5-0040d04bc1d7}]
\Shell\Auto\command - F:\Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{431b0884-f256-11dc-b7e1-0040d04bc1d7}]
\Shell\AutoRun\command - F:\f.bat
\Shell\explore\Command - F:\f.bat
\Shell\open\Command - F:\f.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{560c32ed-235a-11dd-b7ff-0040d04bc1d7}]
\Shell\AutoRun\command - G:\CruzerProfile.exe /autorun
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b876454-e4d2-11dc-b7ca-0040d04bc1d7}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5e547f2-f015-11dd-b856-0040d04bc1d7}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5e547f3-f015-11dd-b856-0040d04bc1d7}]
\Shell\AutoRun\command - G:\opgde.exe
\Shell\open\Command - G:\opgde.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{becd82cc-e91a-11dc-b7d2-0040d04bc1d7}]
\Shell\Auto\command - H:\Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17df10c-1c65-11dd-b7fc-0040d04bc1d7}]
\Shell\Auto\command - F:\Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da756cc7-8674-11dd-b83b-0040d04bc1d7}]
\Shell\Shell00\Command - G:\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da756da0-8674-11dd-b83b-0040d04bc1d7}]
\Shell\AutoRun\command - E:\fe.bat
\Shell\explore\Command - E:\fe.bat
\Shell\open\Command - E:\fe.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfce2a73-f72d-11dc-b7e3-0040d04bc1d7}]
\Shell\Auto\command - G:\Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edcc8ddf-f1bd-11dd-b856-000000000000}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6f3884e-6abe-11dd-b831-0040d04bc1d7}]
\Shell\AutoRun\command - E:\nfdmg.com
\Shell\explore\Command - E:\nfdmg.com
\Shell\open\Command - E:\nfdmg.com
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
FF - ProfilePath - c:\documents and settings\Andreas Dimitriou\Application Data\Mozilla\Firefox\Profiles\bxrem5l3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.shu.ac.uk/webapps/portal/frameset.jsp
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-02-21 02:49:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\ANDREA~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-21 2:55:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-21 02:55:38
Pre-Run: 6,854,545,408 bytes free
Post-Run: 7,230,562,304 bytes free
332 --- E O F --- 2009-02-17 19:33:46