part 2
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Wise-FTP Scheduler"="c:\program files\AceBIT\WISE-FTP\WF_Scheduler.exe" [2003-08-29 1246720]
"E6TaskPanel"="c:\program files\earthlink totalaccess\TaskPanl.exe" [2006-08-30 952088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-23 185896]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2007-01-25 74672]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2007-02-13 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
c:\users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, msansspc.dll, digeste.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{393AC102-C8B4-464D-82A7-D52ECDBFB020}"= c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{34E9B1EE-BA15-4415-8429-2013856E6C86}"= c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{A2BA7BB0-0A5D-4AD1-A567-9CDB56C66DA4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7CFD448-8992-4C98-A715-056437C829ED}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{883B765C-92CD-4879-8402-E0FC1F059436}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4FA0E868-3BCF-4380-A754-A522F3EC9FE5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B1A873B2-04D8-4433-9227-4B0E81AA9A49}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3B844328-D30C-4F0D-B0E2-4A50DC50570D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8C61405D-C85F-4BBE-A6A5-5A1BD6819583}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4378B205-0E33-461A-B353-842AAF0C3B03}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7C5897EC-486D-4495-ACFC-36ED124028A2}"= UDP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{4EC2DDF9-2F89-4D8E-8743-05EC1D7E8E51}"= TCP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{5F9FF86E-AB92-4E0A-A236-DF4567E16BB1}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window
"{9E4DAFD2-CAE2-45E2-983F-B5F63B4C5192}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window
"{CBB4C67A-003A-456B-91B6-C5FAD6BC56BE}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{937A54E9-5172-47F9-8DB2-94E3417C91B5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{086D8BF5-C370-44CF-944D-FF5005DD0E76}"= UDP:8097:EarthLink UHP Modem Support
"{F382520D-A6A2-459D-82E8-96DB16BDBA0D}"= UDP:8097:EarthLink UHP Modem Support
"{3ECA3EF0-C387-43D1-8E96-E101504764D9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{A10C5D12-65FE-46C3-B03F-C1B03B761554}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{0A90CAD5-5511-43B3-9480-55EE36A55208}"= UDP:c:\windows\explorer.exe:Windows Explorer
"{472C90F9-B81F-43A8-B06F-87FD639D32FA}"= TCP:c:\windows\explorer.exe:Windows Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-01 28544]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071220.001\IDSvix86.sys [2007-12-31 180272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-11-03 112688]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-10-03 37936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-12-02 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - john.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-13 20:09]
2008-12-02 c:\windows\Tasks\User_Feed_Synchronization-{B6B33A22-9B8E-4651-87A4-EF9FFF42C9D0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-HPseti - c:\users\john\AppData\Roaming\Google\dvvm.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\17trz7bn.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://www.linkreferral.com/accountwel.pl?email=reply@cyberbookdepot.com&password=lr0000.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-02 21:49:39
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2316)
c:\windows\system32\we.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Lexmark X1100 Series\LXBKbmon.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\lxbkcoms.exe
c:\program files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
c:\program files\Maxtor\OneTouch\Utils\SyncServices.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-12-02 21:55:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 02:54:55
Pre-Run: 61,183,066,112 bytes free
Post-Run: 62,535,438,336 bytes free
259 --- E O F --- 2008-11-29 12:13:09