ComboFix 09-04-13.03 - kuljaking 2009-04-12 21:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1714 [GMT 2:00]
Running from: c:\documents and settings\kuljaking\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\ovfsthewmcfuxngfvqniriyldkiwaixjsfmlew.sys
c:\windows\system32\mfc45.dll
c:\windows\system32\ovfsthcpnyuhmxbepxuwydexuutdfbdvtsmjoq.dll
c:\windows\system32\ovfsthlydedcsknvmrgsvigvvabrquxdbshowm.dll
c:\windows\system32\ovfsthwijxtgliqbpxbahxosbgeovxwdvrwsql.dat
c:\windows\system32\ovfsthxdxyekoqquavhukeparscmaoqxotprjo.dll
c:\windows\system32\ovfsthxeqdlfvrqyrkhkgjbyqtxtgcfjpoqeac.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ovfsthovmyxwmkdmtbqlrrmltqlthnbrfulksd
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.
2009-04-11 22:14 . 2009-04-11 22:20 -------- d-----w c:\documents and settings\kuljaking\Application Data\Web Page Maker
2009-04-09 23:15 . 2009-04-09 23:15 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-09 17:22 . 2006-03-28 07:55 155648 ----a-w c:\windows\system32\ssleay32.dll
2009-04-09 17:22 . 2006-03-28 07:54 696320 ----a-w c:\windows\system32\libeay32.dll
2009-04-09 17:22 . 2009-04-09 17:22 -------- d-----w c:\documents and settings\kuljaking\Application Data\iolo
2009-04-09 17:22 . 2009-04-09 17:22 -------- d-----w c:\documents and settings\All Users\Application Data\iolo
2009-04-02 15:59 . 2009-04-02 15:59 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-02 15:42 . 2009-04-02 15:45 516 ----a-w C:\BOOT.BXP
2009-04-02 15:42 . 2004-08-04 01:07 2148352 ----a-w c:\windows\system32\LOGOOS.EXE
2009-04-02 15:31 . 2009-04-02 15:31 91 ----a-w c:\windows\OB1.INI
2009-03-26 21:28 . 2008-03-05 14:56 1420824 ----a-w c:\windows\system32\D3DCompiler_37.dll
2009-03-26 21:28 . 2008-02-05 22:07 462864 ----a-w c:\windows\system32\d3dx10_37.dll
2009-03-26 21:28 . 2008-03-05 14:56 3786760 ----a-w c:\windows\system32\D3DX9_37.dll
2009-03-26 21:28 . 2009-03-26 21:28 -------- d-----w c:\windows\Logs
2009-03-26 21:27 . 2009-03-26 21:27 -------- d-----w c:\windows\system32\XPSViewer
2009-03-26 21:26 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-26 21:26 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-26 21:26 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-03-26 21:26 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-03-26 21:26 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-03-26 21:26 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-03-26 21:26 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-26 00:10 . 2009-03-26 00:10 -------- d-----w c:\documents and settings\kuljaking\Application Data\JLC's Software
2009-03-23 10:30 . 2009-03-23 10:30 268 ---ha-w C:\sqmdata01.sqm
2009-03-23 10:30 . 2009-03-23 10:30 244 ---ha-w C:\sqmnoopt01.sqm
2009-03-20 22:25 . 2009-03-20 22:25 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-03-17 20:37 . 2009-03-17 20:41 -------- d-----w C:\MoTemp
2009-03-17 20:33 . 2009-03-17 20:33 -------- d-----w c:\documents and settings\kuljaking\Library
2009-03-17 20:33 . 2009-03-17 20:33 -------- d-----w c:\documents and settings\kuljaking\Application Data\com.adobe.ExMan
2009-03-17 18:16 . 2009-03-17 18:16 166 ----a-w c:\windows\MyDrivers.ini
2009-03-17 17:39 . 2009-04-02 16:40 -------- d-----w c:\documents and settings\kuljaking\Application Data\Kingston
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 23:41 . 2009-04-11 22:14 -------- d-----w c:\program files\Web Page Maker
2009-04-11 22:46 . 2009-02-17 17:07 -------- d-----w c:\documents and settings\kuljaking\Application Data\uTorrent
2009-04-11 22:12 . 2009-04-11 22:09 -------- d-----w c:\program files\ProgDVB
2009-04-10 22:21 . 2009-02-06 01:52 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-10 19:57 . 2009-02-06 01:53 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-02 15:42 . 2009-04-02 15:42 -------- d-----w c:\program files\BootXP2
2009-03-28 23:25 . 2009-02-24 20:39 -------- d-----w c:\program files\AutoCAD Architecture 2008
2009-03-26 21:39 . 2009-02-24 18:38 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-26 21:33 . 2009-03-26 21:29 -------- d-----w c:\program files\AutoCAD 2010
2009-03-26 21:33 . 2009-02-24 20:38 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-03-26 21:29 . 2009-02-24 20:39 -------- d-----w c:\documents and settings\kuljaking\Application Data\Autodesk
2009-03-26 21:29 . 2009-02-24 20:39 -------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-03-26 21:27 . 2009-03-26 21:27 -------- d-----w c:\program files\MSBuild
2009-03-26 21:27 . 2009-03-26 21:27 -------- d-----w c:\program files\Reference Assemblies
2009-03-26 21:24 . 2009-03-26 21:24 -------- d-----w c:\program files\MSXML 6.0
2009-03-25 13:15 . 2009-02-09 15:00 -------- d-----w c:\documents and settings\kuljaking\Application Data\Xfire
2009-03-22 14:55 . 2009-03-06 21:47 -------- d-----w c:\documents and settings\kuljaking\Application Data\TeamViewer
2009-03-17 18:04 . 2009-03-17 18:04 -------- d-----w c:\program files\My Drivers
2009-03-15 10:35 . 2009-03-15 10:21 -------- d-----w c:\program files\AutoCAD 2005
2009-03-08 09:31 . 2009-03-08 08:57 -------- d-----w c:\documents and settings\kuljaking\Application Data\Poser 7
2009-03-08 08:42 . 2009-03-08 08:42 -------- d-----w c:\program files\e frontier
2009-03-08 08:38 . 2009-03-08 08:37 -------- d-----w c:\program files\TC UP
2009-03-08 08:37 . 2009-03-08 08:37 -------- d-----w c:\documents and settings\kuljaking\Application Data\HEXelon
2009-03-06 21:47 . 2009-03-06 21:47 -------- d-----w c:\program files\TeamViewer3
2009-03-06 20:34 . 2009-03-06 20:25 -------- d-----w c:\program files\Poser 2
2009-03-06 20:03 . 2009-03-06 20:03 -------- d-----w c:\program files\Curious Labs
2009-03-04 17:52 . 2009-03-04 17:52 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-03-02 19:11 . 2009-03-02 19:11 -------- d-----w c:\documents and settings\kuljaking\Application Data\Media Player Classic
2009-03-02 19:10 . 2009-03-02 19:10 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-02 19:10 . 2009-03-02 19:10 -------- d-----w c:\program files\K-Lite Codec Pack
2009-02-28 02:42 . 2009-02-06 01:52 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-27 04:25 . 2009-02-12 04:10 8192 --s-a-r C:\BOOTSECT.BAK
2009-02-26 20:07 . 2009-02-11 07:17 171136 --sha-r C:\grldr
2009-02-24 20:38 . 2009-02-24 20:38 -------- d-----w c:\program files\Autodesk
2009-02-24 20:25 . 2009-02-24 20:25 -------- d-----w c:\program files\MagicISO
2009-02-24 19:25 . 2009-02-05 21:15 -------- d-----w c:\program files\Common Files\Adobe
2009-02-24 17:54 . 2009-02-24 17:54 -------- d-----w c:\documents and settings\All Users\Application Data\ALM
2009-02-24 17:33 . 2009-02-24 17:33 -------- d-----w c:\program files\Adobe Media Player
2009-02-24 17:32 . 2009-02-24 17:32 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-24 17:26 . 2009-02-24 17:26 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-23 01:00 . 2009-02-23 00:58 -------- d-----w c:\documents and settings\kuljaking\Application Data\BSplayer Pro
2009-02-23 00:58 . 2009-02-23 00:58 -------- d-----w c:\program files\Webteh
2009-02-18 00:55 . 2009-02-18 00:55 -------- d-----w c:\program files\GameSpy
2009-02-18 00:53 . 2009-02-06 01:53 22328 ----a-w c:\documents and settings\kuljaking\Application Data\PnkBstrK.sys
2009-02-18 00:53 . 2009-02-18 00:53 669184 ----a-w c:\windows\system32\pbsvc.exe
2009-02-18 00:45 . 2009-02-18 00:45 -------- d-----w c:\program files\Electronic Arts
2009-02-17 20:18 . 2009-02-17 20:18 -------- d-----w c:\program files\Crystal Player
2009-02-17 17:07 . 2009-02-17 17:07 -------- d-----w c:\program files\uTorrent
2009-02-15 14:31 . 2009-02-15 14:30 -------- d-----w c:\program files\AMD
2009-02-15 14:30 . 2009-02-15 14:30 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-15 14:29 . 2009-02-15 14:27 -------- d-----w c:\program files\ATI
2009-02-15 14:27 . 2009-02-15 14:27 -------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-02-15 14:26 . 2009-02-10 19:36 -------- d-----w c:\program files\ATI Technologies
2009-02-13 22:17 . 2009-02-13 20:02 -------- d-----w c:\documents and settings\kuljaking\Application Data\CyberLink
2009-02-13 20:02 . 2009-02-13 20:02 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-02-13 20:00 . 2009-02-13 20:00 -------- d-----w c:\program files\Common Files\LightScribe
2009-02-13 19:59 . 2009-02-05 20:30 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-13 19:59 . 2009-02-13 19:56 -------- d-----w c:\program files\CyberLink
2009-02-13 19:53 . 2009-02-13 19:53 -------- d-----w c:\program files\Alcohol Soft
2009-02-09 00:14 . 2009-02-09 00:14 14488 ----a-w c:\windows\system32\AcSignExtRes.dll
2009-02-09 00:13 . 2009-02-09 00:13 43160 ----a-w c:\windows\system32\AcSignIcon.dll
2009-02-09 00:13 . 2009-02-09 00:13 429720 ----a-w c:\windows\system32\AcSignOpt.exe
2009-02-09 00:13 . 2009-02-09 00:13 29848 ----a-w c:\windows\system32\AcSignExt.dll
2009-02-08 07:58 . 2009-02-05 06:03 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-06 02:03 . 2009-02-06 01:54 65536 ----a-w C:\asusdisp.log
2009-02-05 20:55 . 2009-02-05 20:55 268 ---ha-w C:\sqmdata00.sqm
2009-02-05 20:55 . 2009-02-05 20:55 244 ---ha-w C:\sqmnoopt00.sqm
2009-02-05 20:50 . 2009-02-05 20:50 4608 ----a-w c:\windows\system32\w95inf32.dll
2009-02-05 20:50 . 2009-02-05 20:50 2272 ----a-w c:\windows\system32\w95inf16.dll
2009-02-05 06:01 . 2009-02-05 06:01 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-01-14 05:46 . 2009-02-10 19:35 11591680 ----a-w c:\windows\system32\atioglxx.dll
2009-01-14 04:53 . 2009-02-10 19:35 286720 ----a-w c:\windows\system32\atiok3x2.dll
2009-01-14 04:49 . 2009-02-10 19:35 425984 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-01-14 04:47 . 2007-10-16 14:04 323584 ----a-w c:\windows\system32\ati2dvag.dll
2009-01-14 04:36 . 2009-02-10 19:35 196608 ----a-w c:\windows\system32\atipdlxx.dll
2009-01-14 04:36 . 2009-02-10 19:35 151552 ----a-w c:\windows\system32\Oemdspif.dll
2009-01-14 04:36 . 2009-02-10 19:35 26112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-01-14 04:35 . 2009-02-10 19:35 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-01-14 04:35 . 2009-02-10 19:35 155648 ----a-w c:\windows\system32\ati2evxx.dll
2009-01-14 04:34 . 2009-02-10 19:35 598016 ----a-w c:\windows\system32\ati2evxx.exe
2009-01-14 04:32 . 2009-02-10 19:35 53248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-01-14 04:22 . 2007-10-16 13:44 4009152 ----a-w c:\windows\system32\ati3duag.dll
2009-01-14 04:05 . 2007-10-16 13:33 2500224 ----a-w c:\windows\system32\ativvaxx.dll
2009-01-14 03:50 . 2009-02-10 19:35 48640 ----a-w c:\windows\system32\amdpcom32.dll
2009-01-14 03:45 . 2009-02-10 19:35 401408 ----a-w c:\windows\system32\atikvmag.dll
2009-01-14 03:44 . 2009-02-10 19:35 110592 ----a-w c:\windows\system32\atiadlxx.dll
2009-01-14 03:44 . 2009-02-10 19:35 17408 ----a-w c:\windows\system32\atitvo32.dll
2009-01-14 03:37 . 2009-02-10 19:35 307200 ----a-w c:\windows\system32\atiiiexx.dll
2009-01-14 03:37 . 2007-10-16 13:11 577536 ----a-w c:\windows\system32\ati2cqag.dll
2009-01-14 02:36 . 2009-01-14 02:36 45056 ----a-w c:\windows\system32\amdcalrt.dll
2009-01-14 02:36 . 2009-01-14 02:36 45056 ----a-w c:\windows\system32\amdcalcl.dll
2009-01-14 02:34 . 2009-01-14 02:34 3227648 ----a-w c:\windows\system32\Amdcaldd.dll
2009-01-13 20:05 . 2009-02-10 19:48 593920 ------w c:\windows\system32\ati2sgag.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\mixer.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-06-11 23:43 640376 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
--a------ 2008-06-12 03:25 37232 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 08:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
--a------ 2008-08-15 06:46 378224 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
--a------ 2008-07-22 14:53 77824 c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2008-10-16 18:50 1171456 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2008-06-26 12:51 380928 c:\program files\ASUS\GamerOSD\GamerOSD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-12-16 13:57 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:07 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2008-02-22 12:19 62760 c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-03-17 18:59 2289664 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 02:06 1667584 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--------- 2008-03-18 11:15 2508072 c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2008-04-02 20:09 87336 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-29 18:11 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Cain\\Cain.exe"=
"d:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\e frontier\\Poser 7\\Poser.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
R3 cpuz;cpuz; [x]
R3 SliceDisk5;SliceDisk5; [x]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S1 VD_FileDisk;VD_FileDisk; [x]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
S3 XG1;ASUS Generic USB Driver;c:\windows\system32\Drivers\OC_Gear1.sys [2006-11-17 34304]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff2e0dcd-fa07-11dd-8069-001d60224118}]
\Shell\AutoRun\command - g:\autorun\AutoRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-04-13 21:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(3144)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\ATKKBService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-13 21:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-13 19:36
Pre-Run: 5,966,782,464 bytes free
Post-Run: 5,989,056,512 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT /USEPMTIMER /KERNEL=LOGOOS.EXE
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="(Backup Line) Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT /USEPMTIMER
286