[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Steam\\steamapps\\daignum\\counter-strike\\hl.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 mbmiodrvr;mbmiodrvr;\??\c:\windows\System32\mbmiodrvr.sys [2006-04-07 2944]
R1 NPPTNT;NPPTNT;\??\c:\windows\System32\npptNT.sys [2004-03-28 4608]
R2 Apple Mobile Device;Apple Mobile Device;"c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [2008-10-01 116040]
R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFECP13.SYS [1998-07-30 52800]
R2 LBTServ;Logitech Bluetooth Service;c:\program files\Common Files\Logitech\Bluetooth\LBTSERV.EXE [2007-05-08 121360]
R2 Logitech Easy Synchronization;Logitech Easy Synchronization;c:\program files\Logitech\Easy Synchronization\servicestub.exe [2007-05-08 65536]
R2 npkcmsvc;npkcmsvc;c:\nexon\Mabinogi\npkcmsvc.exe [2008-05-01 80528]
R2 NVSvc;NVIDIA Display Driver Service;c:\windows\System32\nvsvc32.exe [2005-02-24 127043]
R2 PfModNT;PfModNT;\??\c:\windows\System32\drivers\PfModNT.sys [2004-01-21 15840]
R2 SVKP;SVKP;\??\c:\windows\System32\SVKP.sys [2004-05-24 2368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-10-25 1373480]
R2 WMDM PMSP Service;WMDM PMSP Service;c:\windows\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 Afc;PPdus ASPI Shell;c:\windows\system32\drivers\Afc.sys [2006-12-26 11776]
R3 ctac32k;Creative AC3 Software Decoder;c:\windows\system32\drivers\ctac32k.sys [2004-01-21 186068]
R3 ctaud2k;Creative Audio Driver (WDM);c:\windows\system32\drivers\ctaud2k.sys [2004-01-21 494384]
R3 ctprxy2k;Creative Proxy Driver;c:\windows\system32\drivers\ctprxy2k.sys [2004-01-21 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver;c:\windows\system32\drivers\ctsfm2k.sys [2004-01-21 136448]
R3 emupia;E-mu Plug-in Architecture Driver;c:\windows\system32\drivers\emupia2k.sys [2004-01-21 116416]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LHidFilt.Sys [2007-03-08 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver;c:\windows\system32\DRIVERS\LMouFilt.Sys [2007-03-08 36880]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver;c:\windows\system32\DRIVERS\NVENET.sys [2004-01-21 80896]
R3 ossrv;Creative OS Services Driver;c:\windows\system32\drivers\ctoss2k.sys [2004-01-21 113840]
R3 vsbus;Virtual Serial Bus Enumerator;c:\windows\system32\DRIVERS\vsb.sys [2007-05-08 18167]
R3 wacommousefilter;Wacom Mouse Filter Driver;c:\windows\system32\DRIVERS\wacommousefilter.sys [2008-10-25 11312]
R3 wacomvhid;Wacom Virtual Hid Driver;c:\windows\system32\DRIVERS\wacomvhid.sys [2008-10-25 12848]
R3 WacomVKHid;Virtual Keyboard Driver;c:\windows\system32\DRIVERS\WacomVKHid.sys [2008-10-25 11440]
R3 Wdf01000;Wdf01000;c:\windows\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 RapFile;RapFile;\??\c:\windows\System32\drivers\RapFile.sys []
S1 RapNet;RapNet;\??\c:\windows\System32\drivers\RapNet.sys []
S2 npkcrypt;npkcrypt;\??\c:\nexon\Mabinogi\npkcrypt.sys []
S3 btwhid;btwhid;c:\windows\system32\DRIVERS\btwhid.sys [2005-11-03 47907]
S3 ctdvda2k;Creative DVD-Audio Device Driver;c:\windows\system32\drivers\ctdvda2k.sys []
S3 ctljystk;Creative SBLive! Gameport;c:\windows\system32\DRIVERS\ctljystk.sys [2004-01-21 3712]
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State;c:\windows\system32\Drivers\frmupgr.sys [2007-06-09 27536]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [2008-04-03 654848]
S3 GMSIPCI;GMSIPCI;\??\d:\install\GMSIPCI.SYS []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver;c:\windows\system32\DRIVERS\L8042Kbd.sys [2007-04-29 20496]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver;c:\windows\system32\Drivers\L8042mou.sys [2007-05-08 62992]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;c:\windows\system32\DRIVERS\LHidKE.Sys [2006-04-26 27136]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver;c:\windows\system32\Drivers\LHidUsbK.Sys [2006-04-26 36736]
S3 LMouKE;SetPoint Mouse Filter Driver;c:\windows\system32\DRIVERS\LMouKE.Sys [2007-05-08 78864]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter;c:\windows\system32\Drivers\LUsbFilt.Sys [2007-03-08 28176]
S3 NdisIP;Microsoft TV/Video Connection;c:\windows\system32\DRIVERS\NdisIP.sys [2005-01-21 10880]
S3 npkcusb;npkcusb;\??\c:\nexon\Mabinogi\npkcusb.sys []
S3 odserv;Microsoft Office Diagnostics Service;"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [2007-08-24 443776]
S3 RivaTuner32;RivaTuner32;\??\c:\program files\RivaTuner v2.0 RC 15.7\RivaTuner32.sys [2005-09-09 6016]
S3 sermouse;Serial Mouse Driver;c:\windows\system32\DRIVERS\sermouse.sys [2004-02-23 17664]
S3 SLIP;BDA Slip De-Framer;c:\windows\system32\DRIVERS\SLIP.sys [2005-01-21 11136]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\DRIVERS\V0230Vfx.sys [2007-04-14 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\DRIVERS\V0230VID.sys [2007-04-14 500608]
S3 vserial;ELTIMA Virtual Serial Ports Driver;c:\windows\system32\DRIVERS\vserial.sys [2007-05-08 47104]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2008-11-30 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-21 08:15]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-STYLEXP - c:\program files\TGTSoft\StyleXP\StyleXP.exe
HKCU-Run-HistoryKill - c:\program files\HistoryKill\\histkill.exe
HKCU-Run-BestPopUpKiller - c:\program files\BestPopUpKiller\BestPopupKiller.exe
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Steam - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-HD Control - c:\windows\System32\RsCom32.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\94xye216.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://www.facebook.comFF -: plugin - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Opera\program\plugins\npdivx32.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-30 20:18:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
tgcmd = "c:\program files\support.com\bin\tgcmd.exe" /server?cmd.exe" /server
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(616)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-11-30 20:27:50 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-12-01 02:27:31
Pre-Run: 21,701,058,560 bytes free
Post-Run: 27,744,825,344 bytes free
283 --- E O F --- 2008-11-14 15:37:01