ComboFix 08-10-16.08 - User 2008-10-17 20:23:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.195 [GMT 2:00]
Running from: C:\DOCUMENTS AND SETTINGS\USER\DESKTOP\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Internet Explorer\PLUGINS\321Nt64.Jmp
C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Jmp
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\jestertb.dll
C:\WINDOWS\system32\adsntzt.dll
C:\WINDOWS\system32\adsntzt.nls
C:\WINDOWS\system32\bootvidgj.dll
C:\WINDOWS\system32\bootvidgj.nls
C:\WINDOWS\system32\drivers\HBKernel32.sys
C:\WINDOWS\system32\HBmhly.dll
C:\WINDOWS\system32\mstimewd.nls
C:\WINDOWS\system32\regscan.exe
C:\WINDOWS\system32\sunesnk.exe
C:\WINDOWS\system32\Update.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_HBKERNEL
-------\Legacy_HBKERNEL32
-------\Service_HBKernel32
((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
.
2008-10-16 01:42 . 2008-10-16 01:42 <DIR> d-------- C:\Program Files\Common Files\Younexus
2008-10-14 22:44 . 2008-10-14 22:47 <DIR> d-------- C:\Program Files\Trojan Killer
2008-10-14 18:10 . 2008-10-17 18:00 <DIR> d-------- C:\Program Files\a2 free
2008-10-11 14:40 . 2008-10-11 14:40 <DIR> d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2008-10-11 14:39 . 2008-10-11 14:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-07 22:39 . 2008-10-07 22:39 <DIR> d-------- C:\Program Files\IObit
2008-10-07 22:02 . 2008-10-07 22:02 <DIR> d-------- C:\Documents and Settings\User\Application Data\.bittorrent
2008-10-07 16:26 . 2008-10-07 18:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-10-06 19:11 . 2008-10-06 19:11 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-06 18:43 . 2008-10-06 18:43 <DIR> d-------- C:\Documents and Settings\User\Application Data\Talkback
2008-10-06 18:43 . 2008-10-06 18:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-06 18:32 . 2008-10-06 18:32 99,965 --a------ C:\WINDOWS\UninstallFirefox.exe
2008-10-06 18:31 . 2008-10-06 18:31 3,137 --a------ C:\WINDOWS\mozver.dat
2008-10-06 18:30 . 2008-10-06 18:30 <DIR> d-------- C:\Program Files\BitTorrent
2008-10-03 16:08 . 2008-10-03 16:08 <DIR> d-------- C:\Program Files\ActiveLaunch
2008-10-03 16:08 . 2008-10-03 16:14 <DIR> d-------- C:\Documents and Settings\User\Application Data\AL Data
2008-10-01 21:23 . 2008-10-01 21:23 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistributionOLD
2008-10-01 21:23 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll.old
2008-10-01 21:23 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-10-01 21:23 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-10-01 21:23 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-10-01 21:23 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-30 22:11 . 2008-09-30 22:10 300,048 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-09-30 22:11 . 2008-09-30 22:10 245,760 --a------ C:\WINDOWS\system32\imon.dll
2008-09-30 22:11 . 2008-09-30 22:10 114,688 --a------ C:\WINDOWS\system32\nms32.dll
2008-09-30 22:11 . 2008-09-30 22:11 442 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-09-30 22:10 . 2008-10-08 21:22 <DIR> d-------- C:\Program Files\ESET
2008-09-30 17:08 . 2008-09-30 17:24 <DIR> d-------- C:\Program Files\TweakNow RegCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 18:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-17 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-06 16:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-06 16:34 --------- d-----w C:\Program Files\ATI Technologies
2008-10-03 14:03 --------- d-----w C:\Program Files\Industry Giant 2
2008-10-03 14:02 --------- d-----w C:\Program Files\EA Games
2008-09-30 20:27 --------- d-----w C:\Program Files\3GP Player
2008-09-10 18:55 --------- d-----w C:\Program Files\Electronic Arts
2008-09-10 18:45 --------- d-----w C:\Program Files\EA SPORTS
2008-08-31 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-08-31 12:40 --------- d-----w C:\Program Files\IVT Corporation
2008-08-31 08:21 8,064 ----a-w C:\WINDOWS\rwrm.exe
2008-08-31 08:17 8,064 ----a-w C:\WINDOWS\ypqc.exe
2008-08-30 18:27 --------- d-----w C:\Program Files\LEGO Media
2008-08-10 18:24 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-01 05:40 9,928,704 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-01 04:33 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-01 04:23 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-01 04:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-01 04:22 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-01 04:21 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-01 04:19 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-01 04:10 3,917,568 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-01 03:59 2,183,552 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-01 03:46 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-01 03:42 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-01 03:40 35,328 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-01 03:40 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-01 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-01 03:34 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-07-31 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:08 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09EB15FA-17D8-4D60-8598-3F549A848DF2}]
2008-10-17 16:11 107008 --ahs---- C:\PROGRA~1\INTERN~1\PLUGINS\b54321.bho
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{581C5299-BEA6-4619-8218-BE539A98812A}]
2008-10-08 00:22 31369 --ahs---- C:\Program Files\Internet Explorer\7v54321t.321
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5935D8A5-DC70-4630-8C8C-3C629B67DE68}]
2008-10-08 00:22 31369 --ahs---- C:\Program Files\Internet Explorer\7v54321t.321
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD862DC6-37FA-4D56-B7EA-59C2522A5FC4}]
2008-10-08 00:20 30843 --ahs---- C:\Program Files\Internet Explorer\Explo2eMt.456
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]
"EA Core"="C:\Program Files\Electronic Arts\EA Downloader\Core.exe" [2006-07-13 1851392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2007-04-03 4376328]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-07 29744]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-09-30 851968]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 C:\WINDOWS\StartupMonitor.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 C:\WINDOWS\soundman.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-07 113664]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-08-31 1044480]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{AD862DC6-37FA-4D56-B7EA-59C2522A5FC4}"= "C:\Program Files\Internet Explorer\Explo2eMt.456" [2008-10-08 30843]
"{5935D8A5-DC70-4630-8C8C-3C629B67DE68}"= "C:\Program Files\Internet Explorer\7v54321t.321" [2008-10-08 31369]
"{581C5299-BEA6-4619-8218-BE539A98812A}"= "C:\Program Files\Internet Explorer\7v54321t.321" [2008-10-08 31369]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.XVID"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"D:\\Igre\\Firaxis Games\\Civilization4.exe"=
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59833:TCP"= 59833:TCP:PORT_59833
"59981:TCP"= 59981:TCP:PORT_59981
"28358:TCP"= 28358:TCP:PORT_28358
"23205:TCP"= 23205:TCP:PORT_23205
"41363:TCP"= 41363:TCP:PORT_41363
"34216:TCP"= 34216:TCP:PORT_34216
"22605:TCP"= 22605:TCP:PORT_22605
"36975:TCP"= 36975:TCP:PORT_36975
"10249:TCP"= 10249:TCP:PORT_10249
"32706:TCP"= 32706:TCP:PORT_32706
"32305:TCP"= 32305:TCP:PORT_32305
"12703:TCP"= 12703:TCP:PORT_12703
"43328:TCP"= 43328:TCP:PORT_43328
"16036:TCP"= 16036:TCP:PORT_16036
"23387:TCP"= 23387:TCP:PORT_23387
"50586:TCP"= 50586:TCP:PORT_50586
"56838:TCP"= 56838:TCP:PORT_56838
"8439:TCP"= 8439:TCP:PORT_8439
"45551:TCP"= 45551:TCP:PORT_45551
"32605:TCP"= 32605:TCP:PORT_32605
"20289:TCP"= 20289:TCP:PORT_20289
"23680:TCP"= 23680:TCP:PORT_23680
"35178:TCP"= 35178:TCP:PORT_35178
"28333:TCP"= 28333:TCP:PORT_28333
"28653:TCP"= 28653:TCP:PORT_28653
"50585:TCP"= 50585:TCP:PORT_50585
"31146:TCP"= 31146:TCP:PORT_31146
"21142:TCP"= 21142:TCP:PORT_21142
"27840:TCP"= 27840:TCP:PORT_27840
"31911:TCP"= 31911:TCP:PORT_31911
"29487:TCP"= 29487:TCP:PORT_29487
"49991:TCP"= 49991:TCP:PORT_49991
"41625:TCP"= 41625:TCP:PORT_41625
"50513:TCP"= 50513:TCP:PORT_50513
"42476:TCP"= 42476:TCP:PORT_42476
"50504:TCP"= 50504:TCP:PORT_50504
"16820:TCP"= 16820:TCP:PORT_16820
"19409:TCP"= 19409:TCP:PORT_19409
"52600:TCP"= 52600:TCP:PORT_52600
"37936:TCP"= 37936:TCP:PORT_37936
"8951:TCP"= 8951:TCP:PORT_8951
"26458:TCP"= 26458:TCP:PORT_26458
"12008:TCP"= 12008:TCP:PORT_12008
"59231:TCP"= 59231:TCP:PORT_59231
"17233:TCP"= 17233:TCP:PORT_17233
"23754:TCP"= 23754:TCP:PORT_23754
"30562:TCP"= 30562:TCP:PORT_30562
"54996:TCP"= 54996:TCP:PORT_54996
"22689:TCP"= 22689:TCP:PORT_22689
"55675:TCP"= 55675:TCP:PORT_55675
"10051:TCP"= 10051:TCP:PORT_10051
"32564:TCP"= 32564:TCP:PORT_32564
"30148:TCP"= 30148:TCP:PORT_30148
"18225:TCP"= 18225:TCP:PORT_18225
"46008:TCP"= 46008:TCP:PORT_46008
"31839:TCP"= 31839:TCP:PORT_31839
"17176:TCP"= 17176:TCP:PORT_17176
"10793:TCP"= 10793:TCP:PORT_10793
"32013:TCP"= 32013:TCP:PORT_32013
"37528:TCP"= 37528:TCP:PORT_37528
"29117:TCP"= 29117:TCP:PORT_29117
"18956:TCP"= 18956:TCP:PORT_18956
"61811:TCP"= 61811:TCP:PORT_61811
"28623:TCP"= 28623:TCP:PORT_28623
"25704:TCP"= 25704:TCP:PORT_25704
"16040:TCP"= 16040:TCP:PORT_16040
"56711:TCP"= 56711:TCP:PORT_56711
"34633:TCP"= 34633:TCP:PORT_34633
"22743:TCP"= 22743:TCP:PORT_22743
"26103:TCP"= 26103:TCP:PORT_26103
"8290:TCP"= 8290:TCP:PORT_8290
"59376:TCP"= 59376:TCP:PORT_59376
"40305:TCP"= 40305:TCP:PORT_40305
"23386:TCP"= 23386:TCP:PORT_23386
"55183:TCP"= 55183:TCP:PORT_55183
"48273:TCP"= 48273:TCP:PORT_48273
"52852:TCP"= 52852:TCP:PORT_52852
"32576:TCP"= 32576:TCP:PORT_32576
"6776:TCP"= 6776:TCP:PORT_6776
"18632:TCP"= 18632:TCP:PORT_18632
"16535:TCP"= 16535:TCP:PORT_16535
"31281:TCP"= 31281:TCP:PORT_31281
"11475:TCP"= 11475:TCP:PORT_11475
"28981:TCP"= 28981:TCP:PORT_28981
"58183:TCP"= 58183:TCP:PORT_58183
"57980:TCP"= 57980:TCP:PORT_57980
"14822:TCP"= 14822:TCP:PORT_14822
"47059:TCP"= 47059:TCP:PORT_47059
"26731:TCP"= 26731:TCP:PORT_26731
"30265:TCP"= 30265:TCP:PORT_30265
"45350:TCP"= 45350:TCP:PORT_45350
"37393:TCP"= 37393:TCP:PORT_37393
"29698:TCP"= 29698:TCP:PORT_29698
"17793:TCP"= 17793:TCP:PORT_17793
"43090:TCP"= 43090:TCP:PORT_43090
"31198:TCP"= 31198:TCP:PORT_31198
"59246:TCP"= 59246:TCP:PORT_59246
"30680:TCP"= 30680:TCP:PORT_30680
"41835:TCP"= 41835:TCP:PORT_41835
"36738:TCP"= 36738:TCP:PORT_36738
"33910:TCP"= 33910:TCP:PORT_33910
"13198:TCP"= 13198:TCP:PORT_13198
"9597:TCP"= 9597:TCP:PORT_9597
"24548:TCP"= 24548:TCP:PORT_24548
"48199:TCP"= 48199:TCP:PORT_48199
"16835:TCP"= 16835:TCP:PORT_16835
"61335:TCP"= 61335:TCP:PORT_61335
"26046:TCP"= 26046:TCP:PORT_26046
"45616:TCP"= 45616:TCP:PORT_45616
"33845:TCP"= 33845:TCP:PORT_33845
"64851:TCP"= 64851:TCP:PORT_64851
"26513:TCP"= 26513:TCP:PORT_26513
"31310:TCP"= 31310:TCP:PORT_31310
"62875:TCP"= 62875:TCP:PORT_62875
"44517:TCP"= 44517:TCP:PORT_44517
"22646:TCP"= 22646:TCP:PORT_22646
"54437:TCP"= 54437:TCP:PORT_54437
"53413:TCP"= 53413:TCP:PORT_53413
"41677:TCP"= 41677:TCP:PORT_41677
"15055:TCP"= 15055:TCP:PORT_15055
"53748:TCP"= 53748:TCP:PORT_53748
"39700:TCP"= 39700:TCP:PORT_39700
"31068:TCP"= 31068:TCP:PORT_31068
"56677:TCP"= 56677:TCP:PORT_56677
"63570:TCP"= 63570:TCP:PORT_63570
"14531:TCP"= 14531:TCP:PORT_14531
"47123:TCP"= 47123:TCP:PORT_47123
"10683:TCP"= 10683:TCP:PORT_10683
"49244:TCP"= 49244:TCP:PORT_49244
"51438:TCP"= 51438:TCP:PORT_51438
"13231:TCP"= 13231:TCP:PORT_13231
"15697:TCP"= 15697:TCP:PORT_15697
"54908:TCP"= 54908:TCP:PORT_54908
"54431:TCP"= 54431:TCP:PORT_54431
"22631:TCP"= 22631:TCP:PORT_22631
"53291:TCP"= 53291:TCP:PORT_53291
"11401:TCP"= 11401:TCP:PORT_11401
"53298:TCP"= 53298:TCP:PORT_53298
"20311:TCP"= 20311:TCP:PORT_20311
"7814:TCP"= 7814:TCP:PORT_7814
"49807:TCP"= 49807:TCP:PORT_49807
"57495:TCP"= 57495:TCP:PORT_57495
"59805:TCP"= 59805:TCP:PORT_59805
R0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\system32\Drivers\BtHidBus.sys [2008-07-31 20616]
R2 GenPort;GenPort;C:\WINDOWS\system32\drivers\GenPort.sys [1997-10-08 4832]
R2 MapMem;MapMem;C:\WINDOWS\system32\drivers\MapMem.sys [1997-10-08 6816]
R2 Netmrn;Network Connerctions;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 NTRemap;NTRemap;C:\WINDOWS\system32\drivers\NTRemap.sys [1997-10-08 6336]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-07 29744]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 KProcWatch;KProcWatch;C:\WINDOWS\system32\drivers\KProcWatch.sys [ ]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Netmrn REG_MULTI_SZ Netmrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5feed3d4-17e4-11db-b102-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.exe
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\x2gbkx5l.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-10-17 20:28:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-10-17 20:30:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-17 18:30:50
Pre-Run: 6.816.952.320 bytes free
Post-Run: 6,801,690,624 bytes free
368
Win32/PSW.OnLineGames.NRG Trojan HELP!
