[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"= pvmjpg30.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eligmini]
--a------ 2008-09-03 17:01 487424 c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 14:54 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-06 21:53 49152 c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-06-06 16:17 98304 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-11-15 15:04 135168 c:\program files\Digital Media Reader\shwiconEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-07-02 08:48 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\digital imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\digital imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Activision\\SHReK the THiRD Demo\\SHReK the THiRD.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-10 96520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-10 282904]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\DRIVERS\MarvinAVS.sys [2008-11-18 434176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21668d13-dc12-11d9-9785-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9574abfc-c16c-11dd-9c47-0013205c09e3}]
\Shell\AutoRun\command - L:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0644713-d7c5-11d9-8f68-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
2008-12-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\
02.05.0001.1119\en-us\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\MSN Toolbar Suite\TAB\
02.05.0001.1119\en-us\msntabres.dll/229?3ed320c98d9143b8939de1271d8794d2
IE: Open in new foreground tab - c:\program files\MSN Toolbar Suite\TAB\
02.05.0001.1119\en-us\msntabres.dll/230?3ed320c98d9143b8939de1271d8794d2
Trusted Zone: free.aol.com
Trusted Zone: *.turbotax.com
c:\windows\Downloaded Program Files\OneCC.dll - O16 -: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7}
hxxps://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=50e682768fe1826a66b139e4e263482f&url=http%3A%2F%2Fd.64.69.12.39.downloads.estara.com.%2Fas%2FOneCCDM.php&template=233043&sessionid=1891997260_64.69.12.30_44630&=&req=1207501816203OneCC.cabc:\windows\Downloaded Program Files\OneCC.inf
c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cabc:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z8ei65t8.default\
FF - component: c:\program files\Mozilla Firefox\components\srff.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z8ei65t8.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z8ei65t8.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-29 10:49:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\MSN Toolbar Suite\DS\
02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
c:\program files\HP\digital imaging\bin\hpqimzone.exe
c:\program files\HP\digital imaging\bin\hpqste08.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-29 10:55:07 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-12-29 17:55:03
Pre-Run: 152,775,254,016 bytes free
Post-Run: 152,823,099,392 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
264 --- E O F --- 2008-12-24 16:13:45